hackers trying to spend our money-- 4th time now

[Kev Williams]

So Wells Fargo sends us a text and email about 'suspicious account activity' today. Someone trying to spend over $5000 on our business debit card number at Macy's in Denver.

Nope, for sure wasn't us!

4th time now. Gotta give credit to Wells Fargo, they're pretty good to catch this nonsense pretty quick.

Now the fun begins since they cancelled that card, and a new one could take a week to get here. So now I have to spend half a day changing out a zillion charge and autopay accounts from Amazon to Zoro, like I got time for that...

Thieves just really pi-- me off...

[Rob Luter]

That's one of the reasons I'll never have a debit card. If I do bills with autopay it will come from a dedicated account. I know a couple folks that have had accounts drained due to a hacked debit card.

[Kev Williams]

Ironically, the reason I like the debit card is the fact the bank(s) DO flag unusual transactions. 3 of the 4 hacks we've had were debit card hacks, and never made it past the same day they happened, never cost us a cent. However, the 4th hack was 2 years ago October, where 2 entities (nice way of describing ******* crooks) simply took money out of our bank account, under the guise of ACH payments. Over $15,000, and Wells Fargo was none the wiser. I only found it when I downloaded my activity into a spreadsheet to prep for taxes and arranged everything by most to least dollars, and the top amount was a $10,000 ACH withdrawal from "American Express". The bank's fraud-checking people or software didn't notice that Amex usually pays ME, and I've never paid Amex more than a few bucks in merchant account fees. Why the $10k wasn't flagged, the bank couldn't (or wouldn't) answer that. In the end there was a second Amex draw for a couple thousand-something, and 2 more draws from some guy... Got it all back except the last draw from 'the guy' for $600 and change. Bank said they couldn't verify it was fraudulent...? Frustrating, but better than the possible alternative.

So since they've never missed catching a plastic-hack, I'll keep using plastic.

[Paul F Franklin]

We've had at least 8 or 10 fraud episodes in the last 10 years or so, all on one or another of our 4 credit cards. Every time the cc company has flagged them and we never lost a cent. As you say, the most irritating thing is having to change all the repeating transactions. I do try to keep all the repeating transactions on one card but it's still a major pain. I do have all my accounts configured to get text alerts on any spend over $300 and on any foreign transactions of any amount, but the crooks seem to start off with low dollar charges first and those are the one the bank always flags. At least one of our CC's has a way you can get a list of all repeating transactions, but I have learned to keep a list of all of them since I seem to need it every year or two.

I've started using apple pay for most in-person CC transactions; since the vendor never gets your actual cc account no. I believe its at least a little more secure. Plus it's touchless, which has been handy this past year.

I'm definitely in the no debit card camp. Our ATM card is a debit card, but it never goes into anything but the banks ATM.

[Brian Elfert]

My credit cards have been hit with fraud numerous times over the years, but none in the past two plus years. I usually get notified by the card issuer nearly instantly. For some strange reason almost every fraud attempt included buying something from Walmart.com. I am not blaming Walmart. They are so big that it is natural they would get hit more often.

[Mike Henderson]

Unless the law has changed, with a credit card, your liability for loss on a credit card is $50 - and most credit card companies don't charge you that $50. And if the crook didn't use the actual card (you lost your card somewhere) your liability if zero (they just stole you card numbers).

That's not true for Debit cards. The legal limits for loss on debit cards are complex but not as good as with credit cards. Under certain conditions, you can be liable for the entire loss.

Personally, I treat my debit card like cash and the only time I use it is to get cash out of the ATM. For every other transaction, I use a credit card.

I don't see any advantage to using a debit card over a credit card,

And, by the way, I get an alert on every credit card for any charge over $1. The alert goes to both me and my wife - except for one card that only goes to me. I use that card when I don't want her to know what I'm buying - like a gift for her (not tools, of course)

Mike

[Bruce Wrenn]

Clark Howard described Debit cards best "Fake, piece of trash Visa Card!" One of the nice things about having a cc with a low limit, is it stops thieves in their tracks. I regularly get calls about $1200 - 2500 charges to my Amazon account. Since cc only for a max of $1000, I know that it's fake

[Jeff Roltgen]

Be advised: Auto pay transactions are honored by CC companies, REGARDLESS how many times you've been issued a new CC number.

I had a tenacious thief on my business CC last summer. Claimed $125 labeled as a "MICROSOFT" auto renew transaction. Thing is, Microsoft abbreviates their transactions as MS365, MSXbox, etc, so Microsoft verified I owed nothing and it wasn't them. Cancel card, issue new one. Three weeks later, MICROSOFT $1,200 auto pay. Cancel card, etc... four weeks later, $3,500+ MICROSOFT auto pay.
WHY could they not stop this?

Auto pay transactions are honored by CC companies, REGARDLESS how many times you've been issued a new CC number.

Why of course, I was past my patience with card issuing bank. Three attempts, with conversations and assurances that they had to notify the source to stop the auto pay. (Okay, so if source IS the thief, why would they stop? Just because an employee at the issuing bank said so? And why can't the "source" trace the thief, since they're processing the funding request "directly" with them?)

Completely asinine.
Which is why I'm screaming this message from the highest hilltop I can find. Auto pay is yet another greasy path to thievery, all in the name of convenience.

What part of all the above sounds convenient to you?

[Paul F Franklin]

Be advised: Auto pay transactions are honored by CC companies, REGARDLESS how many times you've been issued a new CC number.

I had a tenacious thief on my business CC last summer. Claimed $125 labeled as a "MICROSOFT" auto renew transaction. Thing is, Microsoft abbreviates their transactions as MS365, MSXbox, etc, so Microsoft verified I owed nothing and it wasn't them. Cancel card, issue new one. Three weeks later, MICROSOFT $1,200 auto pay. Cancel card, etc... four weeks later, $3,500+ MICROSOFT auto pay.
WHY could they not stop this?

Auto pay transactions are honored by CC companies, REGARDLESS how many times you've been issued a new CC number.

Why of course, I was past my patience with card issuing bank. Three attempts, with conversations and assurances that they had to notify the source to stop the auto pay. (Okay, so if source IS the thief, why would they stop? Just because an employee at the issuing bank said so? And why can't the "source" trace the thief, since they're processing the funding request "directly" with them?)

Completely asinine.
Which is why I'm screaming this message from the highest hilltop I can find. Auto pay is yet another greasy path to thievery, all in the name of convenience.

What part of all the above sounds convenient to you?

This has not been my experience. Several times I have forgotten to update a recurring transaction or two after having the CC no. changed, and I would get emails from the vendors at the time of the next charge indicating the charge was denied. In fact, the last card I had to have replaced happened to be a discover card. They paid a couple of the recurring payments that came in shortly after the change, but immediately notified me that they did this as a short term convenience and would not honor the charge in the future and reminding me to update my info with those vendors.

[Kev Williams]

Unless the law has changed, with a credit card, your liability for loss on a credit card is $50 - and most credit card companies don't charge you that $50. And if the crook didn't use the actual card (you lost your card somewhere) your liability if zero (they just stole you card numbers).

That's not true for Debit cards. The legal limits for loss on debit cards are complex but not as good as with credit cards. Under certain conditions, you can be liable for the entire loss.

Mike

Those "certain conditions" concern taking too long to report lost cards or unauthorized transactions. Definitely do not wait 2 months to report them---!
This is a screenshot of pages 2 and 3 of the FTC's pdf handbook concerning loss liability...
ccfraud.jpg
Note the lower right I highlighted, ZERO debit card liability on unauthorized transactions against cards NOT LOST, if reported within 60 days of the next bank statement... that works for me...

(below is a link to the entire handbook)
https://www.google.com/url?sa=t&rct=...o6WXHDI9CPyrnL

[Alex Zeller]

If you do use a debit card you can use it like a credit card and get the extra protections. Never type in your pin number. Often just hitting the enter button will process it like a credit card. If not then pressing the cancel button will.

[Mike Henderson]

This has not been my experience. Several times I have forgotten to update a recurring transaction or two after having the CC no. changed, and I would get emails from the vendors at the time of the next charge indicating the charge was denied. In fact, the last card I had to have replaced happened to be a discover card. They paid a couple of the recurring payments that came in shortly after the change, but immediately notified me that they did this as a short term convenience and would not honor the charge in the future and reminding me to update my info with those vendors.

That's been my experience, also. The credit card company just rejected the charge if the expiration date was past. And if the card had been cancelled, they rejected the payment, also. No grace charge, etc. Just rejected. The company who tried the charge had to contact me about the rejections.

Mike

[Jeff Roltgen]

This has not been my experience. Several times I have forgotten to update a recurring transaction or two after having the CC no. changed, and I would get emails from the vendors at the time of the next charge indicating the charge was denied....

Apples to oranges.
You're describing a service you signed up for with a legitimate business. My experience involved deflecting a criminal hack.
FWIW - that highlighted quote is not my personal sentiment or conclusion, but a statement made by the customer service and fraud prevention personnel at the issuing bank. Hence, my incredulity.

[Paul F Franklin]

Apples to oranges.
You're describing a service you signed up for with a legitimate business. My experience involved deflecting a criminal hack.
FWIW - that highlighted quote is not my personal sentiment or conclusion, but a statement made by the customer service and fraud prevention personnel at the issuing bank. Hence, my incredulity.

I don't see the distinction...my point was that charges against a cc no. that has been canceled are (in my experience) always denied, whether they are one time or recurring. Legit or not, they don't pay it. Maybe I just don't understand what is different about your case, other than having a bank that accepts charges against a closed CC?

[Jeff Roltgen]

other than having a bank that accepts charges against a closed CC?

That is precisely the point of mentioning this experience - I am just as confused as you, to think the bank would continue to accept auto-renew hits against your account, even though a new # was re-issued based on an active fraud claim and subsequent investigation over a transaction with the same exact code: MICROSOFT.

to be clear, card # was cancelled, new one issued. Not expired. Account technically not closed.
Again, just could not believe these guys could
1> have the fortitude to continue stabbing at it and increasing amount repeatedly while issuing bank was still investigating
2> Issuing bank notified me for each incident via email AND snail mail that they were investigating and would notify me once investigation was concluded.
3> On a stack of bibles, I swear, the issuing bank told me very distinctly in phone conversations that auto-renew requests will track direct to your account, regardless of issuing a new number.

Perhaps a new bank is the best answer. However, in many other scenarios involving suspicious activity, they have flagged, contacted me, and thwarted several other attempts over the years, which is what frustrated me all the more over this one. Key difference was the auto-renew. Their response leads me to understand that auto pays receive far less scrutiny than any other transactions, and the crook who is pulling this off obviously has an unusually keen level of insider info and savvy to pull this off. Which is why I now have an allergy to auto-renew, resulting in high blood pressure, elevated mood swings, and occasional constipation. No more for me, thanks.

Please, accept my apology - sure don't mean to be combative or hijack this thread. Just felt this was a good place to relay my experience as an effort give a solid heads-up to all here - watch your accounts even more closely than you currently do. If this happened to me, it can happen to anyone, and this brilliant criminal is living quite large by now, knowing the microsoft transaction would be accepted as completely normal for a vast majority of business credit card holders.
Brilliant.
Criminal, but brilliant.