Happy

I dont know - truth betold, Chase was able to charge back the merchant who admitted taking card number over the phone for a payment without verifying name of cardholder / billing address, or their security software is at a very low level (low risk business - a Gymnastic Center where people go to take classes, not even a regular Gym). Chase concluded it is a simple mis-enter card number case which it so happened the number entered matched with mine. So Chase closed the case without any affidavit from me - if it is a true fraudulent case, the cardholder must sign an affidavit to certify the charge(s) is indeed fraudulent. I had one done with Chase couple years ago and a recent one with a Citi card which was fraudulently used 5 times in Mexico when Citi finally called me to inquire about it. Turned out it was a faked card from stolen info on my authorized user's card.

nrr

Could they have gotten into my account through the "back door"--Hacking into cc company's system (with a supervisory password) and accessing my acct info that way?

Happy

No.

AFAIK, password cannot be "gleaned". The authorized folks can only cancel your password for you in the case you forgot your password and then you have to go in to re-set your password with a security code, which depends on the bank, must be sent to you to your last email address in file, your mobile phone as a text message, or whatever option you have in file. Or with you on the phone with the Online support and your ID has been verified, they give you a temp password over the phone for the purpose.

BTW, when online support verify your ID, it is not as simple as last 4 digit of your SSN, name and address etc. They pulled personal data from your credit report and then asked you questions which only you would know the correct answers to, mainly your previous addresses, jobs, things like that.

I would venture to say, someone you know has stolen your password to gain access.

nrr

The incident I referred to happened about a 18 months ago. I was given a new card etc. A few days before the incident, I used a system the cc co has, where you create a separate acct (linked to your regular acct), you can put a dollar amt on those charges, and when you make charges your regular acct is presumably safe,l since you never divulge your real acct number.
I don't share my passwords or acct numbers with anyone; in a previous post (in this thread), your guess that my acct was compromised using a "public" computer seems more likely. [All someone has to do is put a keystroke capturing program on such a computer...]

Happy

You are talking about Virtual Account - that is part of your account, just being disguise by a different number and generally has a short life between 1 to 2 months by default. I think Citi's is only 1 month, FIA's is minimum 2 months.

I use a public computer to enter my CC accounts all the time when we are on the road. I have a system to reduce the keystroke capturing program risk. And I do NOT do any account profile change when using a Public Computer.

Citicards would NOT let you do Account Profile Changes until you answer a security question. A mere log-in would not get you access to Profile Change.
I dont remember Chase - but then Chase has even blocked access from a computer its system not recognizes, even with your correct log in. When the computer is not a "recognized" one, Chase would send you an access code by the pre-determined method. Only with that access code you could access your account. You also have an option to tell the system that this is a Public computer so it would not "remember" it, i.e. the access is granted only once with the access code. BofA uses similar method.

Therefore I dont see HOW yours would be compromised other than that you used a Public Computer AND also did a lot of poking around in your accounts other than simply checking charges, making payments that kind of stuff.

We travel extensively and have to rely on Net Cafes all over the world, as well as airport lounges for access to our banks/cards accounts. I have NOT had a single incident. But I have breaches that most likely are caused by paying at restaurants / doctors offices / any places where the cards have LEFT our sights, i.e. it is not swiped in front of us but been taken away to do the swipe. ALL breaches experienced so far can be traced to this type of scenario.

Counsellor

I've read that various places. For instance:
http://www.beachnet.com/~hstiles/cardtype.html
I don't know how accurate the information is, but it seems to make sense.

If the last digit is the check digit, and the first 13 numbers stay the same for each of the cards, the fact that the 14th number changes would cause the 15th (the "check digit") to change as well.

Seems to make sense to me, at least.

IntFF

This looks a good thread for this story. I will appreciate feedback. In short:

In Oct-2010 my wife got a new Citi-AA Visa Signature (the 75K bonus miles CC). 3 days after activation came a h/c letter from Citi Fraud dept that card is blocked and asking to fill an attached form authorizing them to contact Social Security to verify the SSN +asking for copy of SS card.

We were abroad when letter came (it was scanned and sent to us by email). I called Citi and asked for the Fraud dept. Gave card details and explained abt the letter, saying that we are abroad... can I have a fax number to fax the requested info.
The agent (after many questions for our identifiacation) told me: We did not send this letter and the card is not blocked !! She did not ask to get this letter to investigate this.

Since then we already charged almost $1K on this card, and got and paid 1st stmt. No fraudulent charges.

Looks to me 2 diff sections of Citi Fraud dept - Not coordinated.

What do you think...??

GoWestYoungMan

Hi everyone, quick question. Last month I racked-up a big bill with my card (over $20,000), but it was because my card had been stolen. Chase nevertheless deposited 20,000 miles into my OnePass account. Now I am waiting for the FEQM's (should be 4,000) to come into my account so that I top-off my status to Platinum. Does anyone know how long it takes for FEQM to show-up after regular miles are deposited? Also, since Chase went ahead and gave me the 20,000 miles (despite reversing the fraudulent charges from the $20,000 in spending), do you think that they will also give me the FEQM's? Thanks for your help!

philemer

I think they'll eventually take back the 20K once this gets settled.

biggestbopper

Yep, they will probably take back the 20K miles (as they should). Kinda like returning a 20K necklace accountingwise.

By the way, dear OP, not the best idea to post the same thing in different threads as you did here.

Viajero Millero

Don't abuse the good faith of Chase.

wallofiron

I dont understand this and am looking for suggestions. I have NEVER had this happen with any of my other 4 credit cards ever.


I just logged on to Chase to check my balance and noticed once AGAIN fraudulent online charges to my Chase Sapphire card.

This is now the 4th time in the last year this has happened with this card. I spoke to Chase and all they do is keep replacing it with a new card/number. I use various credit cards on the same websites, various credit cards at the same restaurants and none have had this problem. ONLY the Chase Sapphire card.

Any ideas whats going on here or what I should do as Chase cant give me any answers other than just to have them replace the card yet again.


Thanks in advance!

Jkinghome

A friend of mine had the same issue with his Citi Visa. I think he had three replacements. One thing that came to mind was that he was using at parking meters with that card. (He uses Amex for everything else). Apparently it is now known that parking meters that take credit cards send out cc# with poor/little encryption, and people capture/steal the number.

When my friend stopped using the meters, the fraud charge cycle stopped. Not sure if this applies to you, but worth noting,

shadow2k

I've had 3 BofA cards compromised in the last 18 months. After the second replacement, I grabbed the replacement card from my locked mailbox, called from my wired landline to activate it, then secured it in my gun safe which only I have access to, and I live alone. Six months later, compromised again.

The possible culprits for it would be that it happened on BofA's end, USPS opened my mail, or my dog figured out how to get to my guns...which could end poorly for me. Hold on, I'd better go feed my dog.

pdxp2b