Safety and security with your online accounts is something everyone should be concerned about. With websites having their user details leaked and exploits happening all the time to try to steal your data. It’s not if but when it will happen to you. Recently I went through my own crisis where someone tried to steal my Chase account.
One morning recently I woke up to a text message from Chase asking me to confirm a large ~$250 purchase at Jack in the Box. First I thought, who would spend that much money at a fast food place, before I turned back to how my credit card info was stolen. Thankfully Chase has a pretty robust fraud detection department and the charge was blocked.
After confirming that the purchase attempt was not made by me Chase immediately put my account into lock down as to prevent any further fraudulent activity. And as a safe measure I used the Chase app to go in and lock my Chase card from purchases as it would take me quite some time to call in and request a new card from Chase.
I had a suspicion that my Chase Freedom Unlimited (CFU) card had been vulnerable as I had used it at Newegg during the time that their website had been attacked and credit card information stolen. This is the only logical place that I can think of my card information being stolen from as I don’t use my CFU card that often and it was mostly restricted to unbonused spend that I may incur.
When I was able to call into Chase to request a new card and verify fraudulent activity it took me about 20 minutes to reach a representative. This wasn’t due to wait times but because of my account type I found out. When I first talked with a customer service representative she redirected me to the fraud department. From there I verified my account information but was immediately told that I had a ‘VIP account’ and had to be transferred to a senior fraud analyst. I’m not really sure what a ‘VIP account’ is in Chase’s eyes. I’m not a Chase Private Client, however I do have high credit limits and their luxury Chase Sapphire Reserve card which may qualify me as a ‘VIP account.’ I was bounced around twice more as I was then transferred to the VIP account line and then to a fraud analyst within that department. These were probably some unneeded steps as I could have probably just done this whole interaction with a normal fraud analyst.
During the course of the call we went through normal boiler plate verification questions and identifying information to verify that I am who I say I am and that I have control of my account. During this line of questioning the representative asked if I had tried to call earlier from another phone number listed on my account. When I responded I didn’t the representative told me that someone called in earlier from a phone number that I didn’t recognize and attempted to change my account information and gain access to it.
I applaud Chase here for not falling for the attempted social engineering to gain access to my accounts. I have a large bank of Ultimate Reward (UR) points built up and it would be devastating to lose those as I’m building them up for a large trip I’m planning. I’ve recently read horror stories of people losing their UR balances to scammers and hackers that drained thousands of dollars of points into gift cards and ran off.
How To Protect Yourself
I make it a habit of being extra careful for accounts that hold a high monetary value. For financial institutions I take extra care in making sure that I have unique usernames that I don’t use on any other site, passwords that are all unique from each other, and setting up personal pins for any telephone inquiries. These few steps protect you from the mass majority of vulnerabilities ensuring that you can’t be hacked by simply reusing login details across multiple sites.
One note with phone pins. Most times you’ll have to call in directly to have that pin set and it can’t be set over the internet.
Being proactive is also a huge step in making sure that you’re not the victim of fraud. Almost daily I review account charges to my cards any verify anything that I don’t recognize. This is also a great way to see if any autobills are being charged than they should be.
Most banking institutions already require it but if you haven’t already or if it’s an option to do so, setup two factor authentication. Usually it’s a text message with a security pin but it can also be more complex like using a secondary authentication app like Authy, that randomly generates codes every 30 seconds. This ensures that even if a scammer has your username and password they would need your phone and its unique code to gain access to your account.
Lastly I recommend that everyone use a password manager that can securely store and generate strong passwords. Personally I use 1Password which has a wide range of support across any platform and browser out there. It has built-in tools to generate strong passwords, can alert you if any of them have been detected in leaks, and save quick information for easy filling. If you’re looking for a free version I would also take a look at LastPass which is widely supported and free for use.
On one final side note before I close out this article, if you ever get a call from your bank wanting to verify charges, never give out personal information. Its becoming even more common of a scam for people pretending to be your bank to verify charges and get you to give up personal information. If you ever do get a call like that say that you’ll call them and hang up. I would recommend calling the number on the back of your card to get into contact with the fraud department, just to ensure that you really are talking to your bank.
The Final Verdict
Being smart about where you give out personal information online is only one part of your greater security online. It can help prevent you from falling victim to major fraud and causing a major inconvenience. Stay on top of your accounts, activate 2 factor security wherever you can, set phone pins for verification, use a password manager to generate strong unique passwords. All this combined will keep you, your credit cards, and your credit card points safe from being stolen.
