Go Back  FlyerTalk Forums > Miles&Points > Credit, Debit and Prepaid Card Programs > Citi | ThankYou Rewards
Reload this Page >

Citi fraud procedures and experiences [Consolidated]

Citi fraud procedures and experiences [Consolidated]

Old Jun 28, 10, 7:54 pm
  #1  
FlyerTalk Evangelist
Original Poster
 
Join Date: Jul 2003
Location: Florida
Posts: 27,448
Citi fraud procedures and experiences [Consolidated]

I got a call from Citicard's Fraud Alert Dept this afternoon.

One of our cards is being used in Mexico. Between June 26 Friday evening and this afternoon there were 5 charges in restaurants and food store - all on the Authorized User's card. Because we have not had any travel notice on our accounts, this has raised red flag and prompted them to call to verify if these charges are legitimate.

The last time the authorized user's card is used legitimately was on June 17 at a doctor's office for a co-payment. Both the primary and authorized user's cards are in our wallets.

The fraudulent charges are of small amounts - between $60 and $80 each. This is similar to what happened to one of our Chase cards being compromised after used in a restaurant - took a week to 10 days for the fraudulent charges to show up, and the fraudulent charges were small amounts. It seems the thieves in both cases are small potato individuals for small gains.

While we were still on the phone, once the charges were determined fraudulent, the Citicard caller went ahead to close the card. I went online to look at my accounts and saw the red message: This account is closed due to Security Alert.....

Replacement cards should arrive within 7 to 10 business days. I also would receive the Affidavit Form to verify these being fraudulent charges. Once the signed Affidavit Form is returned to Citi, these charges will be removed.

I am expecting some credits from Expedia on cancellation of hotel reservation. Citi CSRs said the credits would go through and would show up on the replacement card.

People, please notify your card issuers your travel plans so in the case like this, the card issuer can catch the fraudulent charges quickly.
Happy is offline  
Old Jun 29, 10, 11:58 am
  #2  
 
Join Date: Apr 2010
Posts: 979
I never looked at it that way, but that's a good point.

Citi's fraud detection seems to have a much lower false-positive rate than Chase. I generated my first false alarm last week by using the wrong billing address in an online transaction to a foreign merchant

In the past I haven't used travel notices because I've never had a problem using my Citi cards overseas. If, by adding travel notices, I can help make fraudulent charges stand out more, that is worth it.
_kurt is offline  
Old Jun 29, 10, 1:49 pm
  #3  
FlyerTalk Evangelist
Original Poster
 
Join Date: Jul 2003
Location: Florida
Posts: 27,448
4 of the 5 fraudulent charges posted today. I can see them under unbilled activities section. Talked to the office manager at the doctor's place to inform her such incident. She vouched that the girl handling charges were 100% reliable... I have done my part. Now we are in the waiting game.

What really irks me is, this card has a 1 extra point bonus going on till Mid Sept. However I dont have a card to use now. Even when I get the replacement card, I would want the fraudulent charges be removed first before I continue using the card.

In the past we did not notify card issuers of our travel plans - never experienced cards not working aboard for not doing so.

We have started the practice about 2 years ago after another fraudulent charge case on a Chase card.

You can use the secured email to inform them your travel plan with either Citi or Chase. BofA / FIA is the only issuer I found that still does not provide secured email function. Unbelievably behind the curve.

UPDATE:

Just got an email from Citi to tell me go to Account Online / Document Center to view the document related to this card. It turns out that the Declaration Form is now available online for download. Instead of being sent via mail as being told by every CSR I talked to, it is now sent to me via Account Online. Have to wait for the 5th fraudulent charge to post before I print the Unbill Activities page. The space on the Declaration Form simply is not enough to fill out all the information. I would just attach the printout to the Form.

BTW, Citi's Fraud Alert Dept 1-866-517-5348 now is outsourced and located in Manila. However, the main, direct Customer Service number 1-866-517-5347 would reach CSRs based in US though I have a hunch these are home-based CSRs. I got one lady based in Missouri yesterday.

Furthermore, Fraud Alert Dept seems unable to see prior statement transactions while the Customer Service Dept is able to. This is mind-boggling. But as we have learned that, with Citi almost everything is mind-boggling. :rolled eyes:

Last edited by Happy; Jun 29, 10 at 2:39 pm
Happy is offline  
Old Jun 29, 10, 6:12 pm
  #4  
 
Join Date: Feb 2009
Location: SFO
Programs: Grounded
Posts: 660
Just because you used it last at a doctor's office does not necessarily mean that it was compromised there. It could've been a much earlier transaction, a leak at the payment processor, etc.

There's far too many weak links in the system to be sure you've pinpointed it unless you remember something particularly suspicious.
MrPink is offline  
Old Jun 29, 10, 7:36 pm
  #5  
FlyerTalk Evangelist
Original Poster
 
Join Date: Jul 2003
Location: Florida
Posts: 27,448
The authorized user card only was only used 2 times in 6 weeks between May and June. One on May 17, and the other on June 17. The compromising happened on June 26. The pattern is very similar to the last incident we had on a Chase card - a brand new card used only once online to pay AT&T and the 2nd time in a restaurant. 8 days after using it in the restaurant the fraudulent charge occurred. On that one I caught it myself as I was looking at Chase Online and noticed there was a reduction of available balance. Called Chase immediately - the card was used in California at Point of Sale transaction.

Both breaches happened 8 to 10 days AFTER the cards were out of sight at making payments, with falsified cards used in far away places. The magnetic strip info was stolen by some handheld devices and then phony cards are made using stolen info.

The reason why it does not look like being compromised at the processing system is, the breach is being done with Physical Card - i.e. the magnetic strip is coned and used to reproduce a phony card for transactions made at Point of Sale. Other types of breaches generally involved ordering merchandises online.

Oh both incidents also share one common theme - the fraudulent charges are of smallish amount on each charge - unlike those breaches from compromising database (the case of TJ Maxx for example), that involved fraudulent charges over thousands $ a pop.

Last edited by Happy; Jun 29, 10 at 7:44 pm
Happy is offline  
Old Jul 3, 10, 11:32 pm
  #6  
 
Join Date: Jul 2009
Location: LNK
Programs: US,PC
Posts: 730
OT: Chase called me but they had my old number on file and one of my cards was showing no activity So called back and they told me a card which I hadn't been used for 2 years was used recently somewhere so they blocked and re issued a new card. But thats it. No other formality.

Dracs
dracs is offline  
Old Jul 7, 10, 12:57 pm
  #7  
FlyerTalk Evangelist
Original Poster
 
Join Date: Jul 2003
Location: Florida
Posts: 27,448
UPDATE

To facilitate future search on this topic.

1) Signed Declaration Form of Unauthorized use together with copy of Account Activity were faxed to Citi Security Services Dept on June 30,
Wednesday afternoon. Hard copies mailed on July 7th, Tuesday after long weekend.

2) Replacement cards arrived on July 2nd Saturday.

3) Today July 7th Wednesday, Fraudulent charges shown on closed card with description "Security Write Off - Dispute. All line items are transferred to replacement card which now have description of "Security credit - Item under Investigation".

I imagine once the investigation is finalized Citi would send me a written notification of such with the "Security credit" become permanent. This should happen within 30 days after Declaration Form is faxed back according to the Customer Service rep at the Citibank No.1-866-517-5347.

I strongly recommend if anyone has ever had similar issue after initially talked to Citi Security Dept, uses the Citibank customer service number listed above, (5348 also works too) instead of the number at the back of your card because in many cases the number at the back of your card leads to offshore call centers with CSRs have no clue on what is going on.
Happy is offline  
Old Jul 13, 10, 7:18 am
  #8  
 
Join Date: Jan 2006
Programs: aa, contin, avis, others
Posts: 14
Very informative. Never knew this stuff. Thank you for the information. Sorry about what you went through. Thanks for posting the phone numbers. Very helpful.
rosarybjork is offline  
Old Jul 13, 10, 10:05 pm
  #9  
FlyerTalk Evangelist
Original Poster
 
Join Date: Jul 2003
Location: Florida
Posts: 27,448
Update

Have received a letter from Citi over the weekend. Essentially it is the SAME letter together with the Declaration of Unauthorized Use Form that an earlier email instructed me to download both from the Document Center at Account Online. However, the attached blank Declaration Form has a slightly different reference number at the bottom under the bar code when comparing to the downloaded one.

I dont think I need to fill out this newly arrived blank form again. Just to be on the safe side I called Citi dispute dept to inquire if I still need to fill out this form. The CSR put me on hold and then came back to tell me only Security Dept can answer it and she transferred me to Security Dept.

A very helpful woman based at South Dakota told me they got the previously sent in form and the case was now considered closed. I asked that since the description shown under the reversals is "Security credit - Item under Investigation", would I receive a written communication from Citi to inform me the Investigation is completed and the Credit is Final? She said No, there would not be a written communication. As far as she can tell from the system, the case is closed. But if I like to receive a confirmation letter, she can inform Customer Service to send me one to that effect. (Yes, I do want to have a confirmation letter though I am not sure if I ever will get one!)

There is yet another 800 number if one needs to contact Security Dept - that is 1-800-950-5114, given by this CSR.
Happy is offline  
Old Jul 16, 10, 4:13 pm
  #10  
 
Join Date: Sep 2008
Location: Los Angeles, CA
Programs: AA Gold, Marriott Silver
Posts: 444
My experience...

I used to put on about $1000 a month on my AA card and PIF. During Christmas, I would get denied about two or three times while shopping. I have to call the fraud department. They put a hold because of "unusually spending"... hmm, its Christmas!

Now.. one day, I look on line and my balance jumped from $800 to $7500. $6500 charged to the card in one day with over 35 transactions ranging from $25 to $600. Citibank never stopped those. And to boot, all the charges were made in Ottawa, Canada. They reserved the charges.

I have not used any Citibank products the past year, they no longer get my business, so I do not know what it is like today.
jbdk is offline  
Old Jun 10, 11, 5:41 pm
  #11  
 
Join Date: Oct 2009
Location: Land of the parrots and parrotheads
Programs: Several dozen
Posts: 4,818
Citi Card Fraud

Anyone else with a Citi credit or debit card get hit with a fraudulent charge for The Urdu Times?

If so, which card,
what was the date and amount, and
were there any other fraudulent charges?
AlohaDaveKennedy is offline  
Old Jun 10, 11, 5:54 pm
  #12  
FlyerTalk Evangelist
Original Poster
 
Join Date: Jul 2003
Location: Florida
Posts: 27,448
Why dont you report this to Citi? They would take care of it pronto.
Happy is offline  
Old Jun 10, 11, 5:59 pm
  #13  
 
Join Date: Mar 2010
Posts: 1,173
nope

Nope, I guess your the lucky one. Follow Happy's advise, and stop giving your Citi card number to Nigerian princes in need of help with their inheritance.
wise2u is offline  
Old Jun 10, 11, 6:04 pm
  #14  
 
Join Date: Sep 2010
Location: Cypress Hills Research Center
Posts: 5,295
What kind of card got hit? AMEX, VISA or MC?
uszkanni is offline  
Old Jun 10, 11, 6:16 pm
  #15  
FlyerTalk Evangelist
Original Poster
 
Join Date: Jul 2003
Location: Florida
Posts: 27,448
Watch for your card even at doctor's office!

Last year hubbie used his card (actually is authorized user on my Citi TYP card) at an eye doctor's office. This was his only one single time use his card in many moons because we had some bonus offer on that card at the time.

A month later Citi called on a Monday to ask if he was in Mexico because his card was used 5 times in Mexico over the weekend - all in restaurants and food markets for several hundreds worth of meals and grocery shopping. (must be small time thieves). If he is at home, has he lost his card?

Nope we had his card sitting in the drawer. Citi said they were all POS charges, meaning his card info on the mag strip was stolen and a cone card being made. Citi promptly issued temp credits, canceled the compromised card number and mailed us new cards. The funny thing was, those fraudulent charges actually earned the bonus. The regular TYPs earned were reversed together with the credits issued, but the bonus points stayed.

Since his card was only used once at the doctor's office - the info must be lifted there by the receptionist who swiped his card for the co-payment. Husband said the card was not swiped in front of him but somewhere behind the counter that he could not see clearly.

So, there are threats everywhere even at places you would never suspect could happen.

Luckily the Consumer Cards are well protected by the law. Not so much for business cards just so you guys know.
Happy is offline  

Thread Tools
Search this Thread