How Committed Are Credit Card Companies To Security?
Credit card companies talk the talk when it comes to security, but do they walk the walk?
We interviewed an individual (let’s call him BJ) that has been at the wrong end of an identity theft/credit abuse case that seemed to have two antagonists, leaving our source fighting against two enemies. We’ll jump right into the interview here.
SCC: So BJ, how did your problem with the credit card companies begin?
BJ: It’s such a long story, but I’ll try to keep it short. I had a business partner who took advantage of our business relationship to access my personal information. He also utilized credit cards to make huge amounts of purchases. I don’t know for certain, but I think he had an accomplice in that part of his scam. All the problems arise from procedures that the credit card companies employ and the lack of fairly simple safeguards.
SCC: So you have an issue with more than one credit card company? And there are multiple ways your partner used credit cards to defraud you and the credit card companies?
BJ: Absolutely on both accounts.
SCC: So your partner used your information to open accounts?
BJ: Yes. He’s not from the US, and isn’t very literate in English, but that didn’t stop him from being able to open credit accounts in my name with American Express, Chase, Capital One, and an attempt to open a Discover card. To Discover’s credit, they did not actually issue a card to him, but sent a letter indicating that they weren’t able to confirm that he was me.
I don’t want to give up my anonymity but let me say that the card was issued ‘in my name’ having 2 out of 3 letters of my first name wrong, and 2 of 6 of my last name wrong. So it was apparent to me that he opened the accounts over the phone. His accent is very strong and English not great. By the way, all of this went on for several months before I knew about it. I found out about it after he had left the country to attend to some family business back in his home country, and I was left to take care of the business.
SCC: Once you found out what was going on, what actions did you take?
BJ: I found out about it when a letter from Amex came to the business indicating that a payment I had made bounced. My wife and I already had our own Amex account, and we always paid the balance every month, and I never bounce a check, so I called them up with my card number to find out what was wrong. Obviously, my account was fine, so I couldn’t understand until we figured out that the account number on the letter was different.
Since it was a different card, they required me to re-verify the account, but when I gave them my mother’s maiden name associated with the bogus account, it didn’t match, and they wouldn’t talk to me about the account. I was flabbergasted. Amex allowed an account to be created using my known personal information like name, dob and social security number, but gave a bogus answer to set up the security questions. So this ‘security’ only prevented me, the real person, from being able to immediately address the issue of identity theft. What really showed me that Amex wasn’t committed to security was the fact that I already had an account with Amex. So Amex already knew my personal information, but allowed someone to open a new account with partial conflicting information. How could one social security number have two different mother’s maiden’s name? Or for that matter, why would I misspell my first and last name on the new account?
SCC: That’s ridiculous. How long was it before you were able to talk to them about the account?
BJ: I had to fill out some identity theft forms, and was able to finally talk to them about the account after a couple of days and several hours on the phone, all the while, my partner was using the account from overseas. Even after I had the account supposedly closed down, he was able to continue charging the card off and on for over a week. Do you know what they did? They had closed down my valid account instead! Then they linked my valid account with the bogus account. But that’s nothing. The worst was yet to come.
SCC: Really, it got worse?
BJ: Yes. Since they linked my real account with the bogus account, to unfreeze my real account, they required me to pay the balance due on the bogus account of about $400 which was from the bounced check that I told you about earlier. So I though, no problem. I’ll pay my partner’s bill and collect it from him when he gets back, and have a talk with him about not using my information any more. Big mistake, HUGE mistake. They required me to pay to release my real account, but then later came to the conclusion that I validated the account by making the payment. I had never been taken advantage of before, so it never occurred to me he hadn’t opened the account for miscellaneous business expenses, since we were in business together. I assumed he had my best interest at heart, since I had his best interest at heart.
Oh, was I wrong. I thought the whole thing was over. It hadn’t even started! My partner had been charging up the card, paying the balance, charging up again, paying the balance down again, over and over again within the same month. Some of the charges of $5000 were to a business owned by his brother in California, who wouldn’t answer my calls any more. Basically, they were using the account as their own personal ATM spitting out $5000 at a time. But they had paid the bill, so it didn’t really seem too sinister. But it gets worse, believe it or not.
I started getting notifications in the mail indicating that payments previously made to the account were now being refunded back to the payer, who wouldn’t be identified by Amex to me. So I thought the process of clearing my name of this account was nearly wrapped up, but the balance of the card jumped from zero to about $150,000, and they expected me to pay. My partner had been using someone else’s bank account to pay down the balance over the phone, time after time. He was either in cahoots with someone who knew that he could refute the payments at a later date, or he was using account and routing numbers from the bottom of someone’s check. So Amex knowingly allowed my partner to use over and over again, a bank account not affiliated with the Amex card holder (him, or me whatever). Then when the payer called Amex and claimed to know nothing about $5000 being withdrawn from his account over and over again over a period of several months, they refunded him back ALL of the payments. So my partner got the benefit of spending $150,000, the payor got all his money back, and Amex who is now stuck with the bill, turns to me and says cough it up.
I was speechless! Needless to say, Amex still considers me guilty, even though I proved it wasn’t my card, I didn’t open the card, I filed a police report, filed affidavits. It was pretty obvious to me that Amex had no intention or interest in pursuing my partner. They knew I had the means to pay it back, and they were intent on getting it from me.
It was Amex’s responsibility for allowing someone to open a fraudulent card, even though Amex already had my information. Then Amex made another ‘mistake’ and allowed payments to the card from some random bank account. Then coerced me into making a payment to the fraudulent account, validating that it was mine. So over and over again, Amex illustrated that their interest is in profits, not customers, not security, not truthfulness. Just pure and simple profit. And it cost them in this case, because there was no way I was going to pay – PERIOD!
All in all, my partner made off with over $250,000 in cash, merchandise, hotel and airfare, hospital visits, etc. I finally got a ‘settlement’. The credit cards wrote off the loss. It took a while to have it removed from my credit, but I still can’t apply for an Amex, a Chase card or a Capital One card.
SCC: So the nightmare is over? How long did it take from start to finish?
BJ: I was under the gun from collections callers and lawyers for over a year. The whole process took nearly two years, and about $5000 of my own money to pay my lawyer for assistance. But the kicker is this. Since we were business partners, it wasn’t considered a criminal case for him to open the accounts, but a civil case. And I just heard from a mutual acquaintance that he’s back in the US, scamming his way from Louisiana to California. So much for justice.
SCC: Thanks for your time.
We’ve heard stories like these over and over again. We’re convinced that the credit card companies knowingly take calculated risks and allow this to happen, safe in the assumption that they will be able to recoup some or all of the monies one way or another. They hold all the cards. They already make money from the merchants on the sale, regardless of whether its fraudulent or not. If you don’t pay, then your credit rating is held for ransom. So you as the victim are hard-pressed to either comply or suffer the consequences.
What happened to BJ was in 2008, and since then procedures for identifying fraudulent accounts and charges have become more thorough. Companies such as Bank of America and Discover actually do go the extra mile to help prevent fraud, more so than American Express. Your best bet though is still credit protection with a company like Lifelock. They will actually be on the hook for any fraud if it does happen, so its in their best interest to follow through with their promise of fraud protection.