WSB’er shares a warning about “possible bank card scam”

We’re all sadly used to seeing those e-mails that try to trick you into giving up personal/bank info – but this kind of fraud doesn’t happen quite as often by phone. However, it happened to Kris and her husband, and she e-mailed WSB to share a warning with you:

Just wanted to share with other WSBers about a possible bank card scam. Over the weekend, we received multiple voice mails from an automated system stating that they we calling from BECU regarding security on my husband’s debit card. The message specifically stated they were calling about his debit card and gave the last four numbers of his card. The message seemed suspicious enough, that my husband called BECU to inquire. According to the BECU rep, they had received multiple calls asking about messages like this and that these were not coming from BECU. The rep also stated that they would never use an automated system for security issues, would not leave account information on a voice mail nor would have the customer call back using a 800 number (as our message did) but would leave a direct line. Although there is no way for sure to know how the “scammers” got my husbands card info, we do the majority of our shopping and entertaining in West Seattle and so it is likely someone got this info from a receipt from a local merchant. We wanted folks to be aware and to make sure they call their bank directly if they receive a call like this and to not call the 800 number.

We’re not seeing any alerts about this on the BECU website, but we’re sending a message to a bank spokesperson to see if they can confirm “multiple (reports)” of this problem.

gordon May 11, 2009 (11:12 pm)

Wow. Did you just accuse West Seattle merchants of stealing your credit card number and scamming your account?

“we do the majority of our shopping and entertaining in West Seattle and so it is likely someone got this info from a receipt from a local merchant”

That’s not good for business. Track the 800 number…tell us which merchant cheesed you.

WSB May 11, 2009 (11:20 pm)

I don’t know that she’s accusing a merchant of ripping off the number. A receipt can wind up anywhere. And it could be there are other ways numbers are obtained/guessed; I’m hoping the bank rep might have more light to shine tomorrow. I decided to pass this on as quickly as possible in case others got similar calls – TR

gordon May 11, 2009 (11:27 pm)

And this begs the question of “service” when the local supermarket (code name to protect the innocent “S.a.f.e.w.a._.”) lists a full name, and last four digits of your b/c on their “club card” receipts. No, it wouldn’t take much of a genuis to track you down.

Mike May 11, 2009 (11:42 pm)

It’s also possible for trash, recycle bin or mail to be picked by a theif. However, if this is a common issue for BECU members, I’d suspect BECU either got hacked or dumped personal data in the trash (banks have done this before and this has happened before).

Anything that has your data on it in paper needs to be shredded, cross cut shredder is a better option for shredding too. Any of your ONLINE data can be picked off if you use easy to script passwords (common words in the dictionary, your name and year you were born, etc…). If you open malicious email, it can infect your computer and allow backdoors for hackers to get ALL the files on your hard drive.

There’s a ton of ways this stuff happens. Your local merchant is probably not the one to blame here, unless you noticed a bunch of purchases locally that are not from you, then it’s likely somebody outside the area, potentially outside the country.

Kris May 12, 2009 (7:01 am)

I am in no way accusing a local merchant of “stealing” this info, if that were the case wouldn’t they have the whole debit card number? My intent in mentioning that we shop locally was only to say that this could easily happen to others in West Seattle. And yes, someone could have gotten their hands on a receipt (as I have recently learned, my husband is not shreding them) but again my concern is that the information is being obtained locally and thus it could happen to others.

JH May 12, 2009 (7:29 am)

Remember that people out there have devices called “skimmers” that have the ability store your card information. They can be attached to ATM machines and at gas stations (where you swipe your card outside), used by crooks who work at various places, etc…

#1 Keep an eye out for people who scan your card in a handheld device!

#2 If applicable, cross out your credit card number on receipts, except the last four, before you return the signed copy. Many card readers out there were “grandfathered” in and still put the entire card number on the receipt (including my doctor’s office in WS!).

bridge to somewhere May 12, 2009 (2:52 pm)

report the incident to the washington state attorney general’s office and the police immediately. Scammers move quickly, and so should you if you want the authorities to catch them.

bridge to somewhere May 12, 2009 (2:58 pm)

To follow-up:
for police, call the non-emergency line and report the incident.
.
For the Washington AG’s office, file a complaint here: http://www.atg.wa.gov/FileAComplaint.aspx#Online

.
Also, because this is apparently an attempted identity theft case, the Federal Trade Commission has jurisdiction, and you can file a complaint here:
https://www.ftccomplaintassistant.gov/

Mike May 12, 2009 (3:12 pm)

“Many card readers out there were “grandfathered” in and still put the entire card number on the receipt (including my doctor’s office in WS!”‘

You need to report your doctors office. That’s a direct violation of law and puts YOU and everyone else that pays them at risk. There is no grandfathering law that lets them continue to do that any more, it’s been 6 years, far beyond the time given to merchants to update.

http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=108_cong_public_laws&docid=f:publ159.108.pdf

Tony H May 13, 2009 (8:32 am)

I think it is great that you reported this and posted it. I think it is unfortunate that there are people out there who will stop at nothing to take other peoples hard earned money. These economic times certainly seems to have increased the number and ways of stealing peoples money.

What is more disturbing are those who are responding to you in a negative way. Rather they miss the real issue which is that the most common and successful scam usually is the most simple and least technological. Yes, there are scanners and devices.. they are used and you should keep an eye out for anything odd. Additionally, there are a number of local shops who hire cheap labor. West Seattle merchants are not immune to hiring people who are desperate enough to step out side of the law… and frankly.. the answer is “yes, it is possible that a merchant in West Seattle has an employee who attempted to steal her information”.

The most important thing, is that this is not the first or last of these types of scams.. and I suspect we will see the number escalate.

JH May 15, 2009 (12:14 pm)

Mike-my bad…I’m remembering some old training and forgot about the three-year rule. Below is cut and pasted:

FACTA says credit and debit card receipts may not include more than the last five digits of the card number. Nor may the card’s expiration date be printed on the cardholder’s receipt.However, the effective date of this provision is a long way off, and there are a couple of loopholes:

This section does not apply to receipts for which the sole means of recording a credit or debt card number is by handwriting or by an imprint or copy of the card.
For machines in use before January 1, 2005, the merchant has three (3) years to comply.
For machines in use after January 1, 2005, the merchant has one (1) year to comply.

Sorry, comment time is over.