• Page :
  • 1
  • Text Only
Voting History
rated:
Last night I noticed three charges on my checking account. One little one, two for around $200 each. I knew they weren't mine, so I called the bank's fraud line and they cancelled the debit card and told me to go to the branch in the morning to get a new one.

I assumed I'd been hit by a skimmer somewhere or one of the recent merchant database breaches.

Got in this morning, and handed them the supposedly cancelled debit card. It was still active. The card that was cancelled last night (and had been used in the fraudulent purchases*) had a number I'd never seen before.

This suggests to me that my underlying bank account information - not just the card - has been breached.

My questions:
1) is this a reasonable assumption?

2) Should I close out my existing accounts at that bank? I'm going to lose some major benefits (grandfathered-in stuff) if that happens. For now, most of my money is cowering in the non-linked savings account, with just enough in checking to cover automatic bill payments.



*including three other BIG ONES that, had they gone through, would have emptied my bank account and put me about a thosand bucks in the hole. They hit after the fraud alert and were automatically blocked, and the bank has restored the $400 or so in fraudulent charges.

Member Summary
Quick Summary is created and edited by users like you... Add FAQ's, Links and other Relevant Information by clicking the edit button in the lower right hand corner of this message.
  • Also categorized in:
Thanks for visiting FatWallet.com. Join for free to remove this ad.

Much more likely just the card was compromised... I'd keep it open if you want the benefits, but can't see why anyone would keep significant amounts in a checking/savings acct nowadays with a downtrending currency and terrible rates.

I don't understand how a different debit card number had access to your bank account. How did someone link this strange debit card to your account?

Need more information from the bank to make any sort of suggestion.

Bank should be able to identify fairly accurately what happened ... that should help to validate or refute your assumptions. As well as narrow down what your best options are.

Surprised the branch teller did not direct you immediately to one of the desk droogs who would then have called the fraud department to better assess the situation. I probably would not have left the branch without having that discussion.

edit: depending on the bank you may effectively be forced to change account numbers if the account has been found to be compromised. Generally this change in account numbers can be done without you losing any of the "grandfathered" benefits you might have.

If you do have to go the acct number change route, it can be a bit of a pain if you have credit cards or other autopay attached to the old account.

Actually changing banks shouldn't be necessary unless you are really dissatisfied with the bank in general.

One of the desk droogs should be able to walk you thru all this and be your contact person during the cut over from old acct nbr to new ... if, again, that's necessary.

JTFH said:   Much more likely just the card was compromised...

That's what I originally thought but it seems to me they'd use the actual debit card number if that were the case. They didn't. The card they used had a completely different account number and expiration date. It wasn't an old card - they couldn't tell me exactly when it was issued (very little info was available to the banker because the card had been cancelled) but didn't appear to be a "carryover" card from when the bank changed hands, meaning it was issued in the past month or so. Nor was it a stolen card - WF did not automatically re-issue new cards to Wells Fargo customers.

[quote]I'd keep it open if you want the benefits, but can't see why anyone would keep significant amounts in a checking/savings acct nowadays with a downtrending currency and terrible rates.That's kind of beside the point, but just to clarify, these are my working accounts, used for bill payments, etc. I keep enough in them to avoid fees and keep the benefits I had.

UncaMikey said:   I don't understand how a different debit card number had access to your bank account. How did someone link this strange debit card to your account?

Good question. No idea.

BEEFjerKAY said:   Need more information from the bank to make any sort of suggestion.

Bank should be able to identify fairly accurately what happened ... that should help to validate or refute your assumptions. As well as narrow down what your best options are.

Surprised the branch teller did not direct you immediately to one of the desk droogs who would then have called the fraud department to better assess the situation. I probably would not have left the branch without having that discussion.

edit: depending on the bank you may effectively be forced to change account numbers if the account has been found to be compromised. Generally this change in account numbers can be done without you losing any of the "grandfathered" benefits you might have.

If you do have to go the acct number change route, it can be a bit of a pain if you have credit cards or other autopay attached to the old account.

Actually changing banks shouldn't be necessary unless you are really dissatisfied with the bank in general.

One of the desk droogs should be able to walk you thru all this and be your contact person during the cut over from old acct nbr to new ... if, again, that's necessary.


The person I'm dealing with now is an office droog - she actually came in 30 minutes early to deal with me this morning (set up last night by the call center) so I wouldn't be late for work, so on that end I can't complain. She is working directly with the fraud department and I expect her to call me tonight with more info. I don't expect her to advise me to leave her bank but it's definitely on the table.

The only way this can happen is as follows:

Someone's debit card was linked to your account via "Checking #2, Checking #3" option. After that link was established the owner of the card used a website of the bank to designate "Checking #2" option to be the account used for POS transactions.

All of this should be very easy for bank to reverse.

You mentioned wells Fargo

I assume this is an old wachovia account?

At one point I had wells Fargo wachovia AND world savings debit cards, all active and linked to my same wf checking acct. Any of ithese could have been mailed to the wrong hands.

Just be sure all old debit cards ate deactivated and a new one issued

You have no guarantee of protection with a debit card. Thats why I hate them and only use credit cards.
With a debit card the theives empty your bank account, vs credit card you are liable for $50 at most and they empty the credit card company's account.
The bank must be able to tell when the card was issued, and to whom it was mailed, they have to have records, if not that is more scary.

Request that they close your accounts and reopen new ones and put manual waivers in there for your grandfathered benefits. If you are willing to walk, you probably will end up with accounts with more benefits than your current account.

Any indication of fraud on an account for me is enough to ditch that account entirely. Value the security of your money a little bit and force the issue on the bank. If your business is not worth it for the rep to go the extra mile for you, do you really want to be banking with them?

BlueSeaLake said:   You have no guarantee of protection with a debit card. Thats why I hate them and only use credit cards.
With a debit card the theives empty your bank account, vs credit card you are liable for $50 at most and they empty the credit card company's account.
The bank must be able to tell when the card was issued, and to whom it was mailed, they have to have records, if not that is more scary.


This is true, and I do it for the same reason...

But on the same token most banks and VISA itself extend equivalent protection to their issued debit cards. Its self-regulated though, so I stick to the federally regulated charge cards instead.

Well, we think it's been figured out.

I had forgotten all about this .... but my Wachovia debit card expired a little more than a year ago. I was really hacked when they didn't send me a new card in time to replace the one that was expiring. They had no record that they had sent me a replacement card, so they agreed to "expedite" me one. They charged me $16 for the service, I complained, they removed the charge. End of story ... or so I thought.

But they had sent me a replacement card (before the expedited one) and it was apparently intercepted. That was the card that was used this week... at least, the issue dates seem to match up. (The fraud department is still trying to match up the numbers. It's complicated because of the Wach/WF switch.)

It still seems bizarre to me that someone would steal a card from the mail, sit on it for more than a year, and then start using it to make purchases from random websites. But that seems to be what happened. It also doesn't explain why they told me they were sure it was a Wells-Fargo-issued card at first, unless they were looking at the activation date rather than the issue date.

In the meantime, the debit-card protections Wachovia offered have all come through. None of the fraudulent charges ever fully posted to my account. The biggest damage I suffered was a hold for a few days, in the amount of the original two transactions that I spotted. Most importantly, my bank account numbers were never compromised.

And Wells Fargo has approved me for their 1 percent CashBack credit card, so I'll be using that for online shopping from now on.

I'd still like to know the "rest of the story," like, who had the card, whether WF suffered any actual losses, whether any arrests were made. But I'm happy with the way the bank handled things from the standpoint of protecting me.

wordgirl said:   Well, we think it's been figured out.

I had forgotten all about this .... but my Wachovia debit card expired a little more than a year ago. I was really hacked when they didn't send me a new card in time to replace the one that was expiring. They had no record that they had sent me a replacement card, so they agreed to "expedite" me one. They charged me $16 for the service, I complained, they removed the charge. End of story ... or so I thought.

But they had sent me a replacement card (before the expedited one) and it was apparently intercepted. That was the card that was used this week... at least, the issue dates seem to match up. (The fraud department is still trying to match up the numbers. It's complicated because of the Wach/WF switch.)

It still seems bizarre to me that someone would steal a card from the mail, sit on it for more than a year, and then start using it to make purchases from random websites. But that seems to be what happened. It also doesn't explain why they told me they were sure it was a Wells-Fargo-issued card at first, unless they were looking at the activation date rather than the issue date.

In the meantime, the debit-card protections Wachovia offered have all come through. None of the fraudulent charges ever fully posted to my account. The biggest damage I suffered was a hold for a few days, in the amount of the original two transactions that I spotted. Most importantly, my bank account numbers were never compromised.

And Wells Fargo has approved me for their 1 percent CashBack credit card, so I'll be using that for online shopping from now on.

I'd still like to know the "rest of the story," like, who had the card, whether WF suffered any actual losses, whether any arrests were made. But I'm happy with the way the bank handled things from the standpoint of protecting me.


Perhaps it wasn't intercepted--perhaps it went lost in the mails and someone found it now.

Umm ... most cards need some personal info (at the least, SSN# etc) to activate... and activating one should deactivate any other active one... so one way or the other, there are holes here.

KLineD said:   Umm ... most cards need some personal info (at the least, SSN# etc) to activate... and activating one should deactivate any other active one... so one way or the other, there are holes here.

you are right. If you don't call from the registered phone # they verify alot of personal info before activating the card

Hc000 said:   KLineD said:   Umm ... most cards need some personal info (at the least, SSN# etc) to activate... and activating one should deactivate any other active one... so one way or the other, there are holes here.

you are right. If you don't call from the registered phone # they verify alot of personal info before activating the card


I always thought it possible to spoof your phone to defeat such protections. So, if you know the address of where the card was sent you can look up the land-line phone number and then spoof your phone to match that number.

There may always be holes, because I don't completely understand it myself. It might have something to do with the fact that two cards were issued in rapid succession.

The only other info I have is that as of last night, they were still trying to use the card,* which suggests they are amateurs and will be easily caught - if anyone bothers to try. (Wells Fargo called me this morning with an update.)

If they had the physical card, they had my address, and my home phone is listed.

*The last attempted charge was for nearly $850, this time at Agent Provocateur. At least their taste in lingerie is getting better.

I hope the bank paid for the losses rather than stuck it to the merchant.

They were all declined, so no merchandise was shipped.



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

TRUSTe online privacy certification

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2014