RICKMAN: My Bank Account Was Hacked
Sometimes it seems like my life is forever in crisis-mode.
Nevertheless, on Wednesday everything seemed to be fine. There was no weirdness at the office (remarkable at a radio station), I'd had a great weekend in Dallas visiting friends and I'd made some new ones! My ex and I were being civil to each other; downright nice even.
So, for all intents and purposes, I was having a nice day.
Cut to 2pm CST. My show had just started. I had some great stuff planned for y'all. Hilarity, fun and prizes and, of course, great rock music.
I received an email from my bank.
I get a ton of these. I have my account set up to alert me any time a transaction occurs. It's overkill and, most times, I just kinda ignore these messages. After all, I get an alert when I buy groceries, buy gas for the car, etc. It's usually nothing strange.
This time, though. I knew I hadn't spent any money. I was just sitting there in the studio. I hadn't gone anywhere. "Huh," I thought. "Wonder what that is? Maybe Netflix renewed for another month."
Luckily, I opened the email:
"Account transaction alert: $368.00 purchase at EuroPayGB. Your new account balance is $102.00."
WTF?!
Now, friends, I'm not rich. Not by any stretch. But having a $102 balance in my checking account is odd for me.
I immediately log on to my bank's website and there are tons (and I mean tons) of unrecognizable purchases. And they're all quite large.
In total, a whopping $1,600 or so spent in the previous 24 hours.
So, obviously, I contact the bank immediately. I explain that these are not my purchases. I have no idea how in the hell anyone, other than me, would have access to my account.
They were very friendly and helpful and began an investigation. It seems that a lot of these charges came from Europe. Belarus specifically. Where? I had to look it up on Google Maps. Oh. There.
Yep. I have never been to Belarus. I certainly wasn't there on Tuesday.
All of the purchases were made online. But I still can't figure out how they were able to buy anything as most websites I've bought items from require the three digit confirmation number on the back of the card. I wouldn't think that they'd have that too. Unless a legit website that I visit and purchase things from had been hacked itself.
The items bought were all over the map too.
One looks like take-out food, another was for a very expensive, $600 suite of software (some kind of web-hosting thing), but the most bizarre purchase was this:
$300 worth of cat toys.
Who the hell buys $300 worth of cat toys?!
These were purchased from a wholesale company, so the best I can figure is that the scammer had intentions to resell them on eBay? Maybe this person owns a pet store and used my debit card to restock.
Regardless, this was clearly ridiculous.
The bank understood that the purchases were not mine but what complicated matters was the fact that payday down here at the station was Thursday. My check would be direct deposited into my account around midnight.
Normally, you would simply close the account and go about the process of collecting refunds. However, in this case, the business department informed me that the direct deposit was already processing. It couldn't be stopped.
So, if I were to close the account, the money would have nowhere to land. The radio station would certainly re-issue the money but I would have to wait several days for that to happen. Keep in mind, I now had $100 to my name and rent is due on the first of the month.
The bank presented a tedious option:
Don't close the account...just yet. Allow the money to transfer and get here as soon as we open. We'll then dump all of the funds into a new account and close this one.
They would also begin the process of charging back the fraudulent purchases.
So began a concerning and sleepless night. I stayed logged on to my bank's website, constantly refreshing the browser to see if any more cat toys had been bought with my money.
Every time an email alert went off on my phone, I cringed.
Finally, I went to bed scared to death that I was going to wake up broke and soon homeless.
Well, morning came and I was up early. The first thing I did was check my account. There had been one additional purchase that happened overnight. This one was somewhat small. Turns out, it was a membership for an adult website.
But, my check had arrived. I rushed to the bank, thinking they opened at 8am. Nope. 9am. Crap. All the while, I'm checking my phone for account updates.
I was waiting in the bank parking lot when they unlocked the doors. They had been expecting me.
So, we closed the account and moved what remained of my money to a new account. I was then given the following instructions:
Contact each and every vendor of the fraudulent charges and explain what happened. See if they'll issue a refund voluntarily. If not, the bank would likely charge it back but I would need to show that I've made an effort to remove the charge.
Then, call the cops.
None of us are under any illusions. It's not as if Interpol is going to drop everything to try to find the jerk who stole my money. But, I need the police report so that the bank can press forward with forgiving any charges that I may not be able to get removed on good faith from the vendor.
Ugh. What a nightmare.
But, so far - many of the merchants have been cool about it and they have already began to refund the money. Even though, it can take up to 10 days in many cases for it to be redeposited, I'm just happy that the money isn't gone completely.
Also, I'm happy that I can now pay my rent.
The question still remains, though...how did this even happen?
It's not as if I'm fast and loose with my debit card number. Quite the contrary. I'm usually very careful. So, if this can happen to me, it can happen to anyone.
But we still don't know how this person found my information.
My advice to you? Well, foremost, change your passwords frequently. A lot of times, information like credit and debit card numbers are obtained by relatively simple matters of logging in to your email account.
You can use pre-paid cards exclusively for online purchases. When you decide you want to buy something, just transfer the money out of your "real" account onto the pre-paid card. That way, if the number is compromised, they won't get much.
Many credit card companies have an extra layer of security that a lot of consumers don't know about. MasterCard has something called "secure code" and Visa has "verified by Visa." These services require you to enter an additional, verification code with every purchase you make. Ask you bank about it.
Check your browser settings and turn off the auto-complete function. As convenient as it may be to allow Google to pre-populate your credit card details when making a purchase, it's just not worth the risk. Pull the card out of your wallet when you want to buy something and manually type in the info.
Those are just a few suggestions. What are your extra precautions for avoiding having your card stolen? Share them in the comments