The first time my oldest daughter got an email from her credit-card company, she learned how to protect herself from spam and phishing scams.
The second time, which was recently, she applied the first lessons and then learned how to protect her accounts, savings and credit record.
But the process was harrowing for a 22-year-old who has learned a lot of financial lessons at an early age, and when I discussed her case with friends, they noted how ill-prepared they would be to deal with the problems my daughter had faced, and how their kids would be lost amid a crisis like this.
- Seattle fifth-graders will get their camp trip, but teachers refuse to go
- Five things to watch as Seahawks begin OTAs Monday
- What the national media are saying about Robinson Cano and the Mariners' hot start to the season
- Man arrested in attack on Metro bus driver
- Designed in Seattle, this $1 cup could save millions of babies
Most Read Stories
The advice I gave my kid as she went through this process was borne of years writing about personal-finance stories just like this; while she was on the horn with Bank of America handling the situation, I checked with some experts to make sure I hadn’t forgotten anything.
One of the key lessons is that a situation like this one — even if it is handled easily — is not over for six to eight months.
Whether this happens to you, your children or anyone you know, here’s how to handle it from start to finish.
The process started with an email; while this was the first time her card actually was misused, it was not the first time she had been notified about unusual account activity.
The previous notes were all scams.
When they arrived at an old email address, or suggesting she had an account at an institution she had never banked with — or when the “instructions” were riddled with misspellings and/or grammatical mistakes or requests for her to provide a password, they were easily rooted out as frauds. (One key sign of a problematic “alert” is that it asks for account information instead of providing you with information about the account and what has happened.)
The recent alert
from Bank of America looked real, however. It had the same scary language of the phishing scams — which asked for an immediate response in order to keep a card working without interruption — but it also had the right ending numbers for her debit card, it correctly noted the last time she had signed into her account online and more.
The fact that it looked legitimate — and turned out to be — freaked her out that someone was not just stealing her card information, but her identity.
First, she had to check out the situation and make sure it was real.
While the email had a link to BankofAmerica.com, she knew from the scams that you never just click on those links in these types of emails; if the note is a fraud, the links look real, but lead to trouble.
So she logged into her account directly — without clicking a link — and was confronted with several purchases made across the country, in places where she has not traveled. She followed that with a call to the bank’s fraud center.
The good news was that the fraud had already been caught. Upon notifying Bank of America, the situation quickly was cleared up; accounts were closed and reopened with new numbers, cards canceled and reissued, fraudulent debits credited back to the account.
She asked about the need to file a police report and was told it wasn’t necessary, but it’s not a bad idea in situations where the customer finds the fraud before the bank does; issuers must investigate and provide provisional credit quickly (big institutions generally do this within 48 hours, but the law gives them up to 14 days), but if a consumer is worried that the card issuer might contest the situation, a police report never hurts.
“It’s understandable that she was freaking out, and it’s one reason why I really don’t like debit cards tied to a main account,” said credit expert Gerri Detweiler (www.gerridetweiler.com). “There is always the risk of someone draining the account while you are trying to pay bills.”
There’s also the worry about what happened to create the problem and whether it could lead to bigger problems.
In talking to bank representatives, the likely conclusion was that the situation was just a compromised card number, and not some bigger problem.
That’s calming, but not a reason to put her guard down.
The next effort involved checking her credit report, which is available free from each major credit bureau once per year at annualcreditreport.com.
“I don’t think she has to place a fraud alert or freeze on her credit reports unless she sees something unusual on her credit files, because it’s probably just this account that has been compromised,” said Greg McBride, senior financial analyst for Bankrate.com. “But she can always place a fraud alert if she is nervous or notices anything else unusual going on.”
Even with everything seemingly resolved (without a freeze on her credit reports), checking her credit files with the remaining agencies means she will still be living with this problem for six to eight months.
One last precaution before closing the book on this involved changing the password for her bank account, just to be safe.
“Even when the bank catches this and it’s cut-and-dried — as it seems to be in this case — you want to take all of the precautions,” said Anne Pace, a Bank of America spokeswoman. “Once you go through any of this once, you know you don’t want it to happen again, and you really don’t want it to turn into something worse, so take the precautions until you feel safe again.”
Chuck Jaffe is senior columnist for MarketWatch. He can be reached at firstname.lastname@example.org or at P.O. Box 70, Cohasset, MA 02025-0070.
Copyright 2014, MarketWatch