Chase Hacked Again?
#166
Join Date: Mar 2011
Location: San Antonio, Texas
Programs: AA P-Pro, Chase SP, SPG Gold
Posts: 556
My CSP was hit earlier, but we also have a business card with a California bank. No less than 20-25 staff had their cards compromised. I am thinking it's either an inside job (employee at CC maker/acccess to data) or that somehow they are being skimmed (chip??) on the way out. In most of those cases, the cards were already dead upon arrival and all had been newly made cards.
#167
Join Date: Dec 2004
Posts: 7,904
It's funny that you say that. Chase sent a new Ink MC because my old one had no chip. When I called to confirm receipt the rep wanted me to talk to security and the card had already been compromised. So skimming on the way out (or somehow collecting card info on its way out) fits with your hypothesis.
#169
Join Date: Dec 2015
Posts: 13
Lurker, registered when I found this thread.
Have several Chase cards in household, no problems, but CSP got hacked four times this year. The final replacement card, about three weeks ago, lasted three days before it got hacked again. One fast food chain transaction, never typed online, etc. I finally gave up and closed the account. Now I see it seems to be a widespread problem.
Edit to add more info: the first fraudulent charge was a "Harry and David" order. After that, several of them were $1.00 auth attempts from weird vendors, e.g. a Stein Mart location in another state, or obvious "Square" POS systems with un-Google-able business names. ("Nelson's Buns". Street food or a porn site? Your guess is as good as mine!). I think I got a few fraud texts, but they didn't catch all of them.
To keep this from being a strictly "me too" post ... The account was opened in early 2013. If I wait for them to close this leak (I guess when this thread stops being bumped?, heh) and then reapply, am I correct to assume I'll be eligible for a new sign up bonus?
Edited to answer my own question: chase approved me tonight for a new CSP, via a bonus landing page. I'll call them next week to verify I do qualify for the bonus program and waived AF.
Have several Chase cards in household, no problems, but CSP got hacked four times this year. The final replacement card, about three weeks ago, lasted three days before it got hacked again. One fast food chain transaction, never typed online, etc. I finally gave up and closed the account. Now I see it seems to be a widespread problem.
Edit to add more info: the first fraudulent charge was a "Harry and David" order. After that, several of them were $1.00 auth attempts from weird vendors, e.g. a Stein Mart location in another state, or obvious "Square" POS systems with un-Google-able business names. ("Nelson's Buns". Street food or a porn site? Your guess is as good as mine!). I think I got a few fraud texts, but they didn't catch all of them.
To keep this from being a strictly "me too" post ... The account was opened in early 2013. If I wait for them to close this leak (I guess when this thread stops being bumped?, heh) and then reapply, am I correct to assume I'll be eligible for a new sign up bonus?
Edited to answer my own question: chase approved me tonight for a new CSP, via a bonus landing page. I'll call them next week to verify I do qualify for the bonus program and waived AF.
Last edited by Jenesequoia; Dec 25, 2015 at 8:59 pm
#170
Join Date: Jun 2013
Location: SJC/SFO
Posts: 373
The difficult part is guessing the expiration date and the CVV. The fact that Chase is usually catching those transactions is likely because the fraudster doesn't have the correct CVV or expiration date. They conduct a couple of small test charges. Of course some merchants (like Amazon!) don't even check the CVV, so you only need the expiration date.
The reason why Chase is hit so often is also simple: they issue a lot of cards, so they have a large block of credit card numbers. The probability that someone guesses a Chase number is thus higher than for other issuers.
#171
Join Date: Jul 2014
Posts: 71
I just opened a CSP and a Freedom card. I received the the Freedom card first, and when I tried to activate it I got forwarded to the fraud department, who said a charge had been attempted on this card with some wrong information, and they had to cancel it and send a new one.
I still have not received the new Freedom card and already got again a call from Chase fraud to confirm declined transactions on the new, unactivated card that's still in the mail. Again a new card was issued. They said most likely the thieves were using automatic number generators.
When I received the CSP, I used it a couple of times, until I received a call from the fraud department, alerting me of fradulent transactions. They cancelled the card and sent a new one.
This seems too much, all in a 3-week timespan. I've never had this happen with other banks.
I still have not received the new Freedom card and already got again a call from Chase fraud to confirm declined transactions on the new, unactivated card that's still in the mail. Again a new card was issued. They said most likely the thieves were using automatic number generators.
When I received the CSP, I used it a couple of times, until I received a call from the fraud department, alerting me of fradulent transactions. They cancelled the card and sent a new one.
This seems too much, all in a 3-week timespan. I've never had this happen with other banks.
#172
Join Date: Dec 2015
Posts: 13
Update to my post a few posts above: The fact that I was eligible again for the signup bonus was too tempting; I applied again (as mentioned) and was re-approved. I called this morning and confirmed my new account is part of the 50k/$4000 spend program.
I have a completely irrational/superstitious hope that a whole new account might mean I can spend a little time off the hack-go-round, but based on theories of how this is happening, seems unlikely. I'm not going to bother adding the card to recurring minor payments/Apple Pay/etc, and not going to bother trying to get the significant other to adopt the new card, as he has far less patience for this than I do (and he was surprised I bothered re-applying).
Additional data points: this hasn't happened to any of my other Chase accounts, including a long-standing Amazon card, a six-month-old Southwest card, nor a long-standing Freedom (which has been being utilized in identical patterns to the oft-compromised CSP, although I doubt I have to convince anyone in this thread that the hacks aren't happening on the 'user' end). Nor have any of SO's Chase accounts been compromised.
I have a completely irrational/superstitious hope that a whole new account might mean I can spend a little time off the hack-go-round, but based on theories of how this is happening, seems unlikely. I'm not going to bother adding the card to recurring minor payments/Apple Pay/etc, and not going to bother trying to get the significant other to adopt the new card, as he has far less patience for this than I do (and he was surprised I bothered re-applying).
Additional data points: this hasn't happened to any of my other Chase accounts, including a long-standing Amazon card, a six-month-old Southwest card, nor a long-standing Freedom (which has been being utilized in identical patterns to the oft-compromised CSP, although I doubt I have to convince anyone in this thread that the hacks aren't happening on the 'user' end). Nor have any of SO's Chase accounts been compromised.
#174
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,763
Got a Chase Fraud Alert email on a declined charge attempted on husband's Marriott Biz Card that has not been used since Sept and not even ever left home since then. Someone tried to buy $600 worth of merchandises from a merchant called Tunertool.
Charge was declined hence not even showing as pending. Called Chase fraud dept in Cebu Philippines endured 10 min wait to finally got a rep who took 4 tries to get the card number correct. After 5 or 6 security questions (the usual DOB, last 4 of SSN, Security Word, Address at application, and a phony question that has no answer, plus one I dont remember now), she finally was satisfied and shut down the existing card. Replacement card will arrive next week. Husband was very frustrated dealing with the Filipina rep when she asked the card number repeatedly because she somehow did not get it right so could not pull up the account.
Last 2 compromises on UA Explorer cards were also on cards not used for ages before the fraudulent charge attempts, fwiw.
Charge was declined hence not even showing as pending. Called Chase fraud dept in Cebu Philippines endured 10 min wait to finally got a rep who took 4 tries to get the card number correct. After 5 or 6 security questions (the usual DOB, last 4 of SSN, Security Word, Address at application, and a phony question that has no answer, plus one I dont remember now), she finally was satisfied and shut down the existing card. Replacement card will arrive next week. Husband was very frustrated dealing with the Filipina rep when she asked the card number repeatedly because she somehow did not get it right so could not pull up the account.
Last 2 compromises on UA Explorer cards were also on cards not used for ages before the fraudulent charge attempts, fwiw.
#175
My Ritz card was compromised last week. I rarely use the card but got a fraud email for ~$300 used at a Dubai based travel agency, charge was approved. I also checked activity online and there was a ~$1.50 charge at a CA electronics store. Called into JPM and answered security questions and got the charges reversed and new card in my hand the next day.
I have no clue where it was taken from. I have used it about 10 times in person and either at the AAdmirals club or a Marriott. I also have it on auto bill for the newspaper and At&t.
I have no clue where it was taken from. I have used it about 10 times in person and either at the AAdmirals club or a Marriott. I also have it on auto bill for the newspaper and At&t.
#178
Did they let that charge go through with wrong security code? Kinda defeats the purpose.
#180
Join Date: Aug 2015
Location: Houston, TX/Australia
Programs: AA EXP/Exec Citi, NZ* G, Nat EE, Avis PP, HH Gold
Posts: 649
I read this thread the day before charges started appearing on my CSP. 3 x $800 to London Drugs in British Columbia (all different store numbers) and other miscellaneous charges. It seems like they've found places where they can use the card numbers without the address and security code verifications. All charges were approved and showed up in my pending transactions. No idea if they guessed the number or pulled it from somewhere.