2006-01-25

The Infuriating Case of the Plastic Totem and the Vanishing Funds

During the last 14 days I have been trying to sort out my finances. Normally when someone says that, especially around this time of year they are discussing their day-to-day budget and their overdraft/credit card, which took a pounding recently. In my case, as a result of someone else pounding my credit card, I am sorting out my finances to assess the potential damage I am yet to uncover.

Recently I received a letter from my credit card provider asking me to call them. When I finally was able to get through to them it appears there has been some fraudulent use of my credit card. This is a description of what happened.

During the initial call, I was asked if I had called the company in the last week. I said no. In fact I had only called them once (the previous month) in the last 2 years. I was asked a series of questions that whittled down the point that I had not transferred £4500 from another credit card to my credit card. Next proceeded a series of questions to try to establish how the card had become fraudulently used. It appears that someone has gotten hold of my credit card number and the CVV code (that security code on the back). Using this number they have been able to transfer funds from one card to another.

I've not used the card on the internet as far as I know and in fact the card had lain dormant for almost 2 years so although I can't discount internet fraud, it's a long time for someone to wait before using information they obtained that way. The other way for someone to get this information would be to actually get it from me. As I said, the card has lain dormant for 2 years and was stored securely in my room in my flat for that time. It was only one month ago that I put it in my wallet for a trip to Holland and so there is a very small window for the information to be taken. What is strangest is that my card is always buried in my wallet and deep in my pocket. So, sometime in the last 30 days, I've had my pocket picked, the card read and then replaced. Or something like that. I may have over looked things and the information got out another way, but that's how I see it anyway.

That is also how my credit card company sees it. I was asked a lot of questions about whether I had a shared mailbox (I do, but it's irrelevent because I'd had the card for three years); about shared accomodation (I do share, but with a friend of over 20 years, that, although you can never say never, I severely doubt would defraud me) and about how secure my premises and use of the card were. I became very upset when it seemed they were pointing to my housemate having done this and also that they said that because I lived in shared accomodation I should always carry my card with me. Firstly, as I mentioned, my housemate has been a longtime friend for many years and secondly, I resent the fact that my own flat and my own room within my flat are considered a less safe place for a credit card other than my wallet out in public.

Well, keeping my calm, I continued with the phone call. I would be required to sign a disclaimer denying using the card and the matter should be resolved soon enough. So, I put down the phone and waited for the post. Then it hit me! The problem was not with the credit card number and CVC code being used, it was the whole security process, which could leave me open to complete identity theft and widespread fraud.

When I telephoned the credit card company I was required provide the answer to several security questions before I was identified and the fraud case could be discussed. The fraudulent user of my card had also rung up to transfer a balance and so it stands to reason that by passing this security test they have access to more information than one credit card number. They had the ability to access any of my financial accounts and use them fraudulently.

I rang back the credit card company and asked them to review how the fraud occured. Yes, a call had been made and yes, security questions had been asked. I enquired about which questions were asked and the person on the phone hadn't got that information available. This strikes me as ridiculous. How can determine fraud and maintain security if you don't log the security information you ask for? I was told the matter would be transferred to a superior and I'd get a call back. In the mould of all customer service complaints, I am still waiting for that call. Meanwhile, I still don't know what questions were asked, what information was provided about me and to what extent I need to call my financial providers to get security changed. Worrying at the least.

Regarding the actual fraud, things are now resolved, but I'm left with a seriously bad taste in my mouth and I still haven't heard back from the company about my possibly compromised security details. Be careful with your information and don't rely on one password or security detail to protect more than one account. I would make up a different set of answers for security questions for each account you have with a new provider, including different mother's maiden name. It sounds an awful lot of effort to do this and that kind of security is rarely needed for the general public, but think about this: how much more effort would it be to change all details with every account in one go and to persuade them that they needed to change the details. Why should they believe you, perhaps you're the fraudster on the line securing the account? The bottom line is the financial nightmare of losing all of your savings and investments and also being in debt a huge amount. A massive swing from financial security to bankruptcy.

1 comment:

fatrobot said...

i use magic beans as currency