Tags

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

From May 2013:

Last week I found out I was attacked by identity theft.

I was doggie sitting for the weekend and was in Safeway to get some milk when I received an automated, not human, call from TD (Toronto Dominion) VISA informing me that they had flagged some unusual transactions on my account and asked if I had made a certain large purchase. When I said, ‘no,’ I was asked to stay on the line, presumably for a real person, or I could call back. A grocery store was not the place to deal with this. When I called back, I discovered that someone had racked up around $11,000.00 in Toronto during three days. I was told that I was not responsible for these charges and that my card had been cancelled. I just got it not long ago, so I was not reliant on it. The charges will remain while they launch an investigation. The girl was very nice and made me feel comfortable that this would not be a huge inconvenience to me. I suppose, in the back of my mind, I knew this was just the start of trouble.

wpid-iu-2014-10-30-17-04.jpeg

One other time, I had another card just canceled out of the blue. Their explanation was that the number of my card fell within a range of numbers that they suspected might have been compromised. Just to be safe, my card was cancelled and I had to wait for a couple of weeks for a new one. This is a good reason to have more than one card, otherwise one would have to resort to cash or some other form of transaction.

Just exactly what compromise really means is a bit unclear to me. Do these thieves get just my card number, or can they get other information? These days, there is so much information out in the abyss of the technojungle. One piece of information can easily be linked to other information. Just with a name and city, one can get addresses and phone numbers. That represents your physical footprint. You also have a digital footprint that can start with your E-mail or your social media links. We should have great concern for privacy and security.

The attack on my identity was not isolated to my VISA card. They tried to open an account with Rogers. Since I already have an account with Rogers they decided to not issue another account and promptly sent out a letter to me. When I called them, I was told to call their fraud department. That department was closed for the day, so I called the next day. I was advised to check with Equifax and TransUnion.

My first call was to Equinox, since I had heard the name before and understood that they had something to do with credit ratings. I entered an endless phone tree. It was completely automated. I could order a copy of my credit rating, get various reports and access a variety of other services. I got frustrated and hung up.

My next call was to TransUnion. I began the same endless journey through the phone tree. At one point, the voice stated, “If this is about fraud, say fraud.” The words had hardly left my lips when a real human voice came on. The heavy accent and poor pronunciation alerted me to the possibility that this person was not in Canada and probably did not have much authority, and that this might actually turn out to be more frustrating than the call I had made to Equifax.

He looked into my account/profile and said that Rogers had made some sort of request and then he asked if I wanted to report the Rogers request as fraud. I said no. Why would I do that? They told me to call TransUnion because of a fraudulent request made to them. We entered a conversation circle during which he must have asked me at least three times if I wanted to report the Rogers request as fraud.

Not far into our conversation and after mis-pronouncing my last name as Grawhome, he decided that he needed to verify some information. “Do you live at XXXX Rygeawood?” I told him that we have moved. He repeated and I insisted that we no longer live at that address and had moved some years ago. He told me I had to have the information updated. OK, I agreed, let’s do it. Not so fast. He informed me that I would need to send a registered letter and $5 to have the information changed.

Wait a minute. I explained that I never engaged them in any service agreement, that the company was keeping information about me without my permission and selling it to corporations and back to the individuals they track and now they want to charge me to have them correct information that they have wrong. I’m sorry, I don’t think that is right. If I had engaged their services and neglected to send in an address change when I moved, as I did with all the other services I was using, I could understand charging me to make a change. I was frustrated and hung up.

It seems like every couple of days we are hearing of breaches in security due to cyber crimes and yet, we are encouraged to do more online and adopt more technology. Wouldn’t this normally fall under the definition of insanity?

If we look carefully at our society, we find that our behaviour might well be explained by an addiction fed by large-scale multinational corporations that literally have no regard for us as humans, but only to forwarding their own agenda that has ‘make money’ at the top of the list. It would also follow that ensuring most of the ‘problems’ associated with a technology should not be publicized so users’ confidence would not be diminished. In other words, don’t tell people what goes wrong, just recoup the costs through higher fees and make sure more people use more credit cards more often so that we (the corporation that is) can make more money and the corporation will grow. Never mind that a large number of customers are never able to pay their balance off and feed the corporation even more through paying interest.

A credit card is a perfect example of technology that has inherent problems that, not only inconvenience people, but end up creating greater costs. To think that I am not responsible for the transaction is somewhat false. If the costs are not recouped from the perpetrator(s) of the crime, then someone has to pay. VISA is not going to cover the costs. They are out to make money. Do they have some sort of insurance? No matter how you look at it, the costs of fraudulent transactions most likely get passed on.

If you pay a fee for your card, then that fee probably goes toward covering losses. The same could probably be said for merchant transactions. Every time you use your credit card, the store pays a fee. Oh, and let’s not forget interest on unpaid balances. If the losses to the credit card company increase due to fraudulent charges, they will most certainly pass the cost on to us. If transaction fees to merchants need to increase, that increase will be reflected in higher prices to consumers.

VISA is not telling me that I don’t have to cover the fraudulent charges directly, I have to cover a portion of all the fraudulent charges on all the credit cards issued by VISA.

Think about it. The fraudulent charges on my VISA card amounted to more than I spend on the card all year. Now how does that work out? This may be the reason cash could be with us for a long time.

We all need to look at protecting ourselves. I don’t know how my credit card was compromised. Nobody has been able to tell me, so I don’t know how to plug the hole. Did somebody hack into a database somewhere? Was there a card reader device of some sort used to read my card when I used it somewhere? What happened?

The card did not have an RFID chip. I keep my chip cards in a protective wallet. Chip cards can be scanned without having to insert them into a machine or tap them on a reader. They can be scanned right from your pocket.

The truth is that this type of crime is becoming so common place that many people in our society just take it for granted. As I talk to people, they all have some sort of story about what happened to them or someone they know. Should we just let this become part of everyday life in the technojungle?

While personal identity theft is a big problem, corporate cyber attacks are a huge problem. If we only knew what really happens out there, we might lose confidence in more that just the banking and financial systems.

Update:

It took many weeks for the charges to be removed from my account. In the meantime, I was charged interest. Finally, I was sent an affidavit to sign stating that the charges had been removed. The problem, they missed six of them. I even noticed that charges were made even after the card had been cancelled.

As the weeks passed, I discovered I did not have enough accounting skills to figure out what they had done and where my account stood. I was on the phone many times. I had been told to list the missed fraudulent charges on the back of the affidavit and sign anyway. I was very reluctant to do that and protested, however, they convinced me to sign anyway.

In the end, I called again and complained that I was not an accountant and had no idea of what they had done, but I would accept the $183 positive balance on my account anyway.

I think I could be quite comfortable going back to using only cash and making transactions in person with, what, a real human being. Nowadays, that would be quite a novel thing.

Advertisements