Frank says he wasn't allowed to complete his purchase at a Best Buy in Des Moines, Iowa unless he signed up for their Rewards card: "He called over his supervisor. In a rather harsh manner, she told him that everyone purchasing items is now required to sign up for a rewards card." Sounds like somebody had a quota to meet!

You may have heard about this already, but I thought it was rather odd.
 
I was at Best Buy the other day here in West Des Moines, Iowa. It was the store at the Jordan Creek mall. I went to purchase my items and the young kid working at the register asked to see my rewards card. I told him that I don't have one. I avoid that card because I don't like the junk mail coming into my mailbox. I prefer to purchase my items and leave.
 
Well, he looked confused and called over his supervisor. In a rather harsh manner, she told him that everyone purchasing items is now required to sign up for a rewards card. She said that they cannot let buy things without having one of those cards. I was rather anxious to get back and finish homework for my college courses, so I got the rewards card and left.
 
Maybe this is normal, but I wasn't very happy about it. Granted they'll send me coupons, but I know it's going to benefit them more than it will me - otherwise they wouldn't do it.

(Photo: qnr)

http://www.cardratings.com/creditcardnews/2007/11/chase-will-no-longer-increase-rates.html

According to the article, Richardson is likely in violation of a state law that prohibits unfair sales practices, as well as state laws "prohibiting discrimination on the basis of race or national origin in places of public accommodation." Even the group that Richardson claims membership in—Rhode Islanders for Immigration Law Enforcement (RIILE)—is trying to distance itself from Richardson:

"There's no way I can defend what he did. It definitely isn't the policy of RIILE to go around and use your RIILE card to intimidate people," said Gorman in a phone interview. "That's not something that RIILE would promote ... to make citizen's arrest."

Genao said he is still upset over the encounter, which he called "loud in tone." Richardson called it "a discussion."

"I told [Richardson] I'm a U.S. citizen by choice, whereas he was just born here," said Genao. "I have every right to be here. I told him his behavior was shameful. And he went on to say that a lot of these illegal immigrants are criminals and we have to stop them, and he said he did this for his country — because it's going downhill, because of all these illegal immigrants.

"What [Richardson] should have done was say, 'Thank you for shopping with me.' That's all he had to do."

(Thanks to ElizabethD!)

"Store owner asks to see shoppers' Social Security cards" [The Providence Journal]

I'm sure you've been flooded with Valentine's Day flower delivery disasters, but here's a disaster that happened without me even placing an order:

On the 13th (day before Valentine's Day), I went to Proflowers.com to send some flowers to my stepmom. I intended on getting the cheapest arrangement because I don't have a lot of disposable income, and it turned out to be tulips for $29.99. So I proceed in processing the order, and get to the confirmation page, which displays my total as over $64 (9.99 for rush delivery, 9.99 for the vase, blah blah blah), so I close out of the window (there is no "Cancel Order" button) and go about my business. A little while later I get an email from ProFlowers saying they noticed I didn't complete my order, and they'll give me a free vase and 10% off to complete it. So I log back in, go through the whole process again, and get to the confirmation page, and the total is about $54.

Still not what I was hoping, but if I wanted to pay less, I shouldn't have waited. So I hit confirm, and it tells me they're out of the arrangement I wanted to get, and I should choose another, more expensive arrangement. I feel overwhelmed and a little scammed, so I close the window again, and order them from somewhere else.

I get yet another email promising the same free vase and 10% discount, which I ignore.

Yesterday, I log into my bank to find two pending charges on my debit card for the totals for the orders I DID NOT CONFIRM on the ProFlowers website. I immediate call customer service ($100 is a lot of money to me, and to not have it is very hard). The woman in customer service sounds genuinely concerned, takes all my information, apologizes profusely, and assures me I'll get a call soon from someone who can fix this.

I wait all day, no phone call. I miss a call at work (today, 4:16 p.m.), from ProFlowers, telling me to call a number for someone who can take care of the charges on my account. I call them back, and a woman again apologizes profusely, and starts to take all of my information and tells I'll get a call soon from someone who can fix this.

I said, but I've already submitted this claim and gone through this process. They HAVE called me, and told me to call this number and someone would help me, and now I'm just having to start all over? Meanwhile, there's over $100 seized in my checking account that I absolutely did not authorize?

She was, again, profusely apologetic, and asked me to hold while she researched another method of recourse, and continued to apologize when she said this is the only thing she can do. I asked her what was going to happen when I keep going through this process and the charges naturally drop off my account, and she said, "Honestly, that's probably what's going to happen."

So, not only has ProFlowers captured and processed my credit card number without my consent, they're giving me the runaround until the problem resolves itself.

Somehow, not okay in my book.

No longer a ProFlowers customer,

Anne

FYI - after six phone calls and seven days, the charges for over $100 are still pending on my account for orders I didn't place. Even one of their account specialists told me they "need to modify their card verifying process so it just takes a $1 or something."

Because the banks were closed yesterday, they told me to call back this morning (a week after the charges were made) and they would take care of it, except the phone number is going straight to voicemail. I'm now overdrawn in my account as scheduled payments have come in.

The problems began when Mike discovered his new card would have a credit limit of $1000, far below what they'd need for such a long time away in multiple countries. Capital One wouldn't increase the credit limit, but they told him he could pre-pay above his limit—in effect, turning it into a Capital One-branded debit card.

Before he did any of this, he verified that it was allowable, first via the enrollment agent when he applied for the card and then again when he called to activate it. But when he tried to pre-pay online, the transaction was rejected, telling him: "You are only allowed to transfer up to 110% of your current balance. Your current balance is $0.00."

I once again called Customer Service, dreading the hold times and quality of service that I would surely be in store for on the day after Christmas. I slowly and carefully explained everything: the trip, the limit, the conversations with earlier reps. The agent told me that if I wanted to pay an amount that was more than 10% over the current balance, I would have to mail them a check. It couldn't be done on the website or over the phone.

I again asked for a higher limit, and was told it would come naturally when the time was right. When would the time be right? "Oh, that varies." Varies? Like what? Months? Years? "Oh, it should probably happen within a year." Giving up hope of a higher limit and now wary of believing what the reps tell me, I went over the plan step by step: I would write a check for $6000 and mail it to the address he had given me. A few days after it arrived, I would be able to charge up to $7000, using my credit card like a debit card. He confirmed all of this, but I still insisted he make a note on my account and read it back to me. I also spoke to the Fraud Department, repeated my whole life story, and begged them not to place a hold on my account if our travel looked like suspicious activity. I started to enumerate the dozens of countries and expected dates, but he cut me off and said he would make a general note that we were traveling.

[The account specialist] told me that a $6000 deposit on a zero balance was a huge red flag, and there would be a mandatory hold on my account. I started to explain everything, but he cut me off: "You have to understand, there are rules. I know you wish you could make the rules, but these are Capital One's rules." I was rather upset at being talked to like a fifth-grader, but I set that aside to focus on the matter at hand: how could I get the hold removed as quickly as possible?

I spent the next hour talking to him, his boss, the guys in Fraud, and even the fancily-named Account Supervision department. They all confirmed that: (1) Yes, the notes from the December 26 call clearly show that I did exactly what the rep had told me to do, (2) Despite that, this was still my fault because I shouldn't have listened to him, and (3) There was absolutely no way the hold would be removed.

Some final tips for anyone who might be planning a similar trip:
• Definitely shop around for a card with a low or nonexistent foreign currency fee; it adds up!
• Get the card as far in advance of the trip as possible. I was told multiple times that if my account had been more than six months old, they might have been able to work with me, but as a new customer I was screwed.
• Once you get the card, use it enough that they raise the limit, so you can avoid everything I'm going through.
• Add someone back home to the account so they can act on your behalf.
• Consider doing all of the above with multiple credit cards; it's not likely that they'll ALL leave you high and dry on New Years Eve.

(Thanks to Mike!)

RELATED
"Is It Legal To Record My Customer Service Calls?"
(Photo: Getty)

• Credit cards are not free money
• The card issuer charges interest.
• Don't max out your credit. "Hold your charges to 25% of your credit limit, or even less" if you want to max out your credit score.
• Pay your bills on time to avoid screwing up your credit rating.
• Blots on your credit record can affect your ability to get a job, rent an apartment, buy a car or get a cell phone, which is why the previous bullet point is so important.
• Pay your bill in full each month, if you can, and always pay more than the minimum.

"What Teens Need to Know About Credit" [Kiplinger]

RELATED
"Jumpstart's Reality Check" [Jumpstart Coalition]
"College Credit for Life" DVD [National Foundation for Credit Counseling] (last item on page)
(Photo: Getty)

One thing is to ask the person to tell you your balance and due date: "They are allowed to give out that info, and it should be correct. If not, a red flag should go up." You should also call the number on the back of your card and speak to someone in their fraud or security department if you are suspicious.

We've had similar phone calls in the past, and we always tell the person that we'll call the number on the back of the card and navigate back to their department that way. It's earned us a few amused responses, but it's a relatively easy way to be safe.

What Do You Do If A Credit Card Employee Calls You? [bloggingawaydebt.com]
(Photo: Getty)

As an ex sales person, I will tell you that we did not work on commission, nor did we get any sort of bonus for opening these cards. What we did get was threats of being fired for not opening a certain number of cards per shift. Because of this I saw many sales people who feared for their jobs basically trick non-english speaking customers into opening these cards. I am not sure that this is illegal, but it is certainly immoral in my eyes.

Jesica writes:

I would first like to start out by thanking you for all of the wonderful information that you make available to the public. As a result of all of the ex-employee confessions about unethical business practices I am grateful that I now know not to give these places (such as Best Buy, B of A, etc.)my business, or to at least be cautious upon doing so. I would also like to give you a little tidbit about the Limited Brands, owner of The Limited, Express, Victoria's Secret, & Bath & Body Works.

Though this is not a horrifying story (as many of your other features are), I think that people deserve to be cautious of these things. I worked for The Limited for a few months (fell upon some hard times, needed a job... ANY job), and the one thing that bothered me was the pressure that is put on the sales people by management to open the store credit cards. As an ex sales person, I will tell you that we did not work on commission, nor did we get any sort of bonus for opening these cards. What we did get was threats of being fired for not opening a certain number of cards per shift. Because of this I saw many sales people who feared for their jobs basically trick non-english speaking customers into opening these cards. I am not sure that this is illegal, but it is certainly immoral in my eyes.

Let me also go on to say that I once opened one of these cards (to meet a quota), and very much regretted doing so! I put a charge of about $25 on this card (hey you can't afford much when you make minimum wage!), paid this off completely, and to my knowledge closed the account. About 8 months later I had moved, taken a much better job, and forgotten all about it. Then I started to get harassing phone calls from the creditor stating that I owed over $100 in late charges. I will not detail the chaos and upset that ensued, but it involved many hours of phone calls with moron CSRs, being juggled from department to department, and them trying to make it as hard as possible for me to close the card even after I paid off the "alleged" balance.

I can only imagine what these people have gone through who were bullied or tricked into opening these cards. This is why I would like to encourage people not to patronize these establishments, or at the very least SAY NO when hassled with "saving 10%" by opening a store card. That ten percent you saved will miraculously turn into a big fat bill and harassing phone calls after you "close the account."

Thank you for letting me vent!

Sincerely,

Jesica

Safeguard your Social Security number
Keep your card in a safe place at home - not in your wallet or purse.

Read your bills and bank statements
Keep your eye out for charges you didn't authorize.

Exercise doubt, and check it out
If you have any doubts about a caller or e-mailer, find the company's phone number and call its fraud or security department.

Report fraud to the FTC
Use the FTC's Consumer Complaint Form.

FTC Mother's Day Card [FTC]

We're getting reports from all around the country. Several are from Southern California. But the problem is not limited to just that region.

Christopher writes, "My wife is a debit card holder of a Farmer's and Merchants National Bank here in Columbia TN and she just got a notice last week to reorder her card. the bank will be forcibly canceling her current card in April.

She uses her personal card for business transactions (she is reimbursed later) at all of the stores in your latest post. the letter that she got said the loss happened between Nov '05 and Jan '06."

More readers share similar stories, after the jump. Please send yours in to tips@consumerist.com.

Christopher continues, "I hold the same type of card that is tied to our joint account and have not received any notice. I primarily only use my card for gas and food (non PIN # transactions."

We caution that his story and the following only constitute circumstantial evidence. Regardless, it's evidence, something this situation has been sorely lacking.

Brian from Texas has a story sounds right on the money. He shops at Sam's Club and someone tried to withdraw $500 from his account on February 8th. From Moscow. "The transaction happened just after midnite, and I'm certain I was not in Moscow at the time since I was sleeping here in Texas." He writes,

"My VISA checking card was used, showing a $500 ATM withdrawal from Moscow. I called my credit union and reported it, the same day I went to the police to report the theft and visited the credit union personally to order a new card. My $500 was returned less than two hours after I gave the CU a police report number.

The local paper said between 20 and 50 people at four local banks (but predominantly at my credit union, Aggieland Credit Union) experienced similar fraudulant activity, most of it originating outside the country. Local police are unable to do much other than notify the Secret Service and VISA.

Rumors locally are that a "local vendor stored credit card information on their computer" and they suspect that may be the problem. I'm wondering if it isn't so local.

Yes, I use my card frequently (and PIN) at Sam's Club. Sam's (ours at least) will not let you use it as a credit card and sign for it, but has always allowed you to use a debit card. Buying gas I always use it as a credit card because I'm lazy and don't want to type a four digit PIN. I've also used it at grocery stores. Note that I have used my card this way for years and this is the first theft for me.

Brian
College Station, TX"

Three weeks ago my card was locked down without warning. I called WaMu and was told that nothing appeared out of the ordinary on my account. Still, the card was locked. Tracked down a "fraud prevention" number and they told me my card had been counterfitted and was being used to buy gas at multiple stations in FL, utilizing my PIN.

Never been to Sam's...I'm a Costco guy if I have to be...but did make a purchase of pen refills — using my PIN — at Office Depot almost one month to the day before the fraud.

Interesting, and might all be a coincidence, but interesting.

Brandon"

I couldn't use my old card anymore (it worked for about 3 days after I activated the new card). There was no reason given in the mail as to why I was receiving this new card. I'd never merited one of their GOLD debit cards before, I don't know why they'd give me one now.

Of the companies you listed, the only one I would have done a PIN transaction was Wal Mart, and the last time I used my debit card there was (according to wells fargo website) 1/17/06. Other places are Target, Starbucks, and one of those post office automated stamp thingy's. Everything else is at gas stations.

This article is the first I'd heard, and I'd be interested to hear more."

We're interested, too, especially if any of you can send scans of any documents related to your card reissue.

"I came home from a trip to find a FedEx Express envelope leaning against my door. I opened it to find a new ATM card from my credit union - DCU (Digital Credit Union). I'll skip the rant about my ATM card sitting outside my door where anyone could have grabbed it...

With my new ATM card was a bright yellow slip of paper:

If the fact that his new ATM card was sitting outside his front door is any indication of how concerned the banks are about your debit card security... Start hoarding shiny metal objects and colored beads.

"In December 05 I received an overnight package via DHL from my bank, Wells Fargo. Inside was a new ATM card and instructions on how to activate it, with no indication of why I was being sent a new card. I activated it, chose a different PIN and the very next day there was a pending withdrawal from an ATM in Southern California (we live in Washington State) for $300 when we checked our account online. We called Wells Fargo, verified they had sent the new card, and complained about the withdrawal. They said they couldn't do jack about it since the activity was still pending, but they could tell that it was a PIN-based transaction.

So we watched our account and the following day there was another withdrawal, from a different account in Southern California. We called them again and asked them to put a stop on all activity to and from our account, which they said they would. The checked he numbers on the card used to make the withdrawals and it was from my old card, not the new one they had just sent me. By this time the first withdrawal had cleared and the money was officially sucked out of our account, so we could officially begin the process of getting our money back. The next day there was another withdrawal, this time from an ATM in Brooklyn, NY, another $300 (the daily maximum?). We waited another day and a second withdrawal happened from New York.

I called Wells Fargo customer service and ask them why the fuck there were still withdrawals from our account when I had told them to stop all withdrawals. The CSR said they had only stopped check activity, not ATM/DEBIT card activity. At this point I lost my mind, asked her why the fuck would you stop us from writing checks when the problem was with PIN-based ATM withdrawals, and did everyone there at the call center have their heads up their asses? She asked if my card had been stolen, I said no it was right here in my hand, and then she asked if I had ever given anyone my PIN "Uh, no" then she suggested I report the card as stolen and that was the only way they could stop the transactions. I told her to do it and the withdrawals stopped. It only took Wells Fargo 5 days and $1300 of my money to stop the fraudulent activity on our account.

The dispute process itself took about 3 weeks for us to get all our money back at which point we closed all our accounts and moved everything to a local credit union . One of their investigators told us they had sent out the new card because there was some reason to think that my existing card had been compromised, he wouldn't say how except they were reviewing places I had used my card to see if there were any matches.

A friend who works in the fraud department of a large bank told us they sometimes keep the old card and its PIN active for up to 30 days after you activate a new card unless you explicitly report it as stolen. So they sent me a new card, suspecting there was going to be some fraudulent activity, and then kept the old one active so the fraudsters could do what Wells Fargo suspected they might do. Really fine service Wells Fargo, way to put the customer first.

-J."

"Hi,

In late Jan my mom's Mastercard [MC] statement showed $800 in overdraft transfers. She called MC as she never uses overdraft. They only told her to call her bank, Wells Fargo, and didn't warn her about current MC activity.

She almost immediately called WF: $4,000 in fraudulent pin-based debit card existed. ($100 from the historic balance, $3900 transfered in from MC- trouble in itself as her MC rate doubled!) Between the calls to MC and WF MC still transferred $300 to WF before WF cancelled the debit card.

The fraud was mostly $300 ATM withdrawals and some $10-50 purchases all in the Philipines in January (with one last ATM in NYC). WF's algorithms hadn't caught this, although WF was aware that pins had been compromised. They had told my mom "Don't worry, you're not alone" when she first called fraud.

Around then the San Jose Mercury ran a story on a security breach at an "office retailer." My mom reviewed 6 months of debit card purchases. OfficeMax is the only retail store in her list.

All her other retail purchases were from small local restaurants or grocers. The only other chains were Arco gas and Marriotts.

Undoing the MC interest rate doubling took more time than undoing the fraud- that's another issue.

My mom had to pay MC the $4,000 to prevent a "30 days late" credit report flag. WF refunded the $4,000 once the fraud investigation was over. Given when the fraud started, she could easily have owed MC $6k- only the statement timing prevented that.

She paid because she had it in savings, but how many people have thousands of dollars readily available *and* can afford to lose access to it for the days or weeks until an investigation is done? Lost access is a harm.

MC "understood" my mom's concerns but insisted she pay to avoid the credit rating hit.

Helen"

My card was cancelled with NO notice. i was forced to get another one.

I live in san francisco and my bank said that there was a scam going on dowtown of people's pins and info being stolen from ATMs in the financial district.

This was around the first week of Feb. 06.

When i complained, they said it was 'for my own safety.'

I work for a large bank in the southeast as a CSR. (I'm honestly a bit scared to talk about this and ID the bank, as while I don't plan on working their forerver, I do need my job for a few more months. Let's just say its initials are ST. You're all smart people.)

In February, we had an internal memo that said almost 6000 check cards had been compromised, and that clients might be calling in about them. We were told to assure them that they'd been turned off as a 'precautionary measure' and that they'd have their new cards in 7-10 (?????) buisness days.

I didn't realize anything at the time, and while we haven't heard anything offical inside, I can't help but believe it's related.

Not as large as our friends at CitiBank, but...

Oh, and I've been giving out advice for a *long* time that you should always sign instead of using your pin. Just based on who's involved alone, you get more help with your signature. Visa tends to be more protective of their corperate image than ANY bank is. A bank will not hesitate to tell 2000 people "You're fucked. Deal with it." Visa, from what I undestand, will.

-Plaid

Just writing to tell you that I'm a Washington Mutual customer in Seattle, and I was just issued a new debit card on 3/3/06. It got switched from a Visa to a Mastercard. Didn't think much of it at the time when I received a letter telling me I was going to get a new card, because it was expiring this year, but now that I checked - it didn't expire until June. The letter specifically said that I would be keeping my previous PIN. Looks like I should probably change that, eh?

Anyway, hope this helps with your data collection. Thanks for keeping us updated on this stuff!

Bonnie

I was sent a letter in early March about a security breach. A new card was sent the next day. No name of company was given. I have not shopped at OfficeMax, Wal-Mart, Sam's Club or Office Depot.

The bank was National City Bank, based in Cleveland. I am in Columbus OH.

This can be a very big problem for people who have automatic payments set up on their cards. I got my notice of cutoff only 1 day after a large cable bill went through (Time-Warner changed billing systems, and there were 2 payments due at the same time.)

National City banks must have also been effected by the leak. I received a notice last week that because of security reasons they would be reissuing my check card. I called customer service to find out what all the hubbub was about but was directed from once representative to another and not one had any idea why my card needed to be reissued. Then the next day I saw the story of the Citibank leak on Boing-Boing.

Scott of Michigan

Two days after this article appeared in our local paper we noticed three ATM withdrawls from London totaling over $1,500. I know of several other people that this has happened to within the last week. We haven't had any transactions with OfficeMax, but have with Wal-Mart. I'll never use the debit function on my checking account again!

Hi there,

This may or may not be related, but I received a call two weeks ago from Keypoint Credit Union, saying that my debit card was in a "range of compromised cards" provided to them by Visa, and that all ATM and credit activity on my card had been blocked. They were very proactive about it, and they've since sent me a new card and PIN, although I had to wait two weeks for it. Fortunately, there were no fraudulent transactions on my account.

As for the source of the compromise, my last "Office Retailer" transaction was at Office Max last September. Our other 2 ATM cards (including one with more recent Office Max and Wal-Mart transactions) were not affected.

-Chris

Hi there. I'm a Bank of America customer and had my ATM card counterfeited and used to withdraw about $1,000 at ATM machines in New York City last week (I live in Southern California). The counterfeiters made 20 different ATM transactions, most for $40, at the same Citibank ATM machine, on the same day.

First, if this is from the same security breach as all the other incidents, then I can tell you for sure it's not from Sam's Club/Wal-Mart or Office Depot/Max, since I haven't bought anything at all from any of those places in the past few months. I reviewed my statements and the only three places (other than at ATM machines) where I've used my card as a debit card and entered my PIN since November are: Robinson's May, Taco Bell, and the Post Office. One transaction each. Maybe there's been more than one of these security breaches? I noticed one other person mentioned the Post Office as one of their transactions.

Second, I have a qualified rant about Bank of America's handling of this situation. I suppose they haven't been completely awful about it, but they definitely haven't been great either. They cancelled my ATM checkcard without warning when they suspected the security breach (they claim they sent me a letter, but I haven't received it yet and I've already gotten the new ATM card at this point), AND they canceled my online access to my account at the same time, so that I couldn't look at what transactions were fraudulent until I physically went into a branch and spent half an hour to get online account access set up again. Also, they apparently weren't going to send me a new card until I called them and requested one. Which, if I hadn't, you know, tried to use my card and called them to find out what the hell, might not have happened until I received the "letter" they "sent" me on "March 4th."

On the other hand, when I called Bank of America in a panic late on the evening I found out about this, they were able to pick out all the fraudulent transactions and credited me for them the next day, which fortunately meant no charges to my account bounced. And every B of A employee I've spoken with has been very kind and as helpful as they could be (and, for whatever it's worth, obviously based in the USA).

BUT. Back on the original, evil hand, they have NOT credited me yet for $49 worth of non-Bank of America ATM fees resulting from the 20 different fraudulent ATM transactions; and I'm told they can take up to 90 days to do so because they don't do this until their investigation into my dispute claim has been completed. So, in other words, the money that the counterfeiters got, they're willing to give me back right now; but as for the money that Bank of America gave itself because of transactions that they're already pretty sure are fraudulent, well, those charges they have to "investigate" before they give back. I was able to request that they credit me right away, but I could only do so by asking a fraud department representative to send an email to the investigation department, and she couldn't tell me whether they would do it or not. The same apparently applies to insufficient funds fees (which I only through a stupendous stroke of luck didn't have any of).

Anyway. I'll be reading Consumerist for the news on all this crap. Grr.

Amanda M.

"Got home today to discover a love note from Washington Mutual.

PO Box 2436
Chatsworth, CA 91313-2436

February 18 2006 [odd, it's March 11th today. Chatsworth isn't that
far from me.]

Customer McCustomer
address
city, state, zip

Dear Customer McCustomer:

Exciting news! We are converting all of our customers' debit cards
from Visa to MasterCard, and we are upgrading your debit card to gold
status for free. In the next few weeks, you'll receive a Washington
Mutual Gold Debit MasterCard to replace your Visa Check Card ending in
XXXX.

This upgraded Washington Mutual Gold Debit MasterCard will offer all the same benefits and more, with the same PIN.

With your upgraded card, your benefits will be expanded to include the following and much more:

* Double manufacturers' warranties for up to one year
* Toll-Free US roadside assistance and worldwide travel assistance
* Theft and damage protection for 90 days after purchase
* Price protection for 60 days after purchase

Please keep an eye on your mailbox

Your upgraded debit card will arrive in the next few weeks. If you
have additional Washington Mutual Debit or ATM cards, you'll receive information about each card in the mail. If you have questions, you can reach us in one of the following ways:

* Click: Visit us online at wamu.com/debit
* Call: Toll free 1-800-788-7000
* Come in: Stop by any Washington Mutual Financial Center

Thank you for choosing Washington Mutual!

Sincerely,

Doug Marshall
Senior Vice President

There's a footnote, too, which notes that a Guide to Benefits will be
mailed under separate cover.

Kind of interesting that it's dated almost a month prior to now and
yet I just got it in my mailbox. Looks like WaMu has decided to put
their trust elsewhere... also, I wonder if only some customers are
getting the gold upgrade, since it says they're reissuing everyone's
cards and then says "upgrading yours." If anyone else sees a
different version of this letter, that might be worth checking out.

This may be totally unrelated to the debit card news you've been splashing about, but 3 weeks ago (just before I started reading about the debit card fiasco), I got an urgent phone call from Citibank on my voicemail, asking me to call immediately.

When I phoned them, they told me that one of the vendors where I had used my credit card had reported that it "may have been" stolen, and they wished to re-issue a new credit card to me right away. I asked them WHICH vendor had reported that the card had (er. MAY have) been stolen, as I wished to avoid them in the future. They told me that "they can't release that information." Which, frankly, struck me as damned odd. Nonetheless, I agreed to have a new credit card issued to me. In a moment of astonishing cheapness (and a nice Consumerist moment), they said it would be 5 to 10 days to get the card by mail; I laughed at the phone-troll and said that there was no way I was waiting 10 days to get a new credit card when I hasn't had anything to do with the loss of my information, after which she relented and said they would send it UPS overnight.

In terms of the debit card discussion, this MAY be a red herring, in that I don't have a Citibank-issued debit card; I have a 100% pure MasterCard for its chewy credity goodness. But, I *do* shop at OfficeMax, and I *have* used this card there before (as a credit card), so the timing seems very suspicious. I sure would be interested to hear if other "credit-only" Citibank customers were affected; if so, the scope of the problem may be even larger than what you've reported. Or, heck, it could be totally legit and the restaurant down the street had a disgruntled employee issue.

Thought I'd add to the steaming pile of knowledge y'all are wading hip-deep in.

Cheers!

..Chris..

"Here in Iowa , my wife and I got home Friday to find new Wells Fargo debit cards for each of us - I wasn't due for a replacement until January, and I'm not sure when hers was due. A letter was included stating that the numbers may have been stolen and this was precautionary. We haven't noticed any strange things on the account yet (we check mutiple times daily anyway) but have changed our pins already since I had been reading this topic for the last few days. After I told her about this she called Wells Fargo to ensure our old cards would be disabled as soon as we activated the new ones, but didn't get any more information on why this had happened. We have a habit of using our cards as debit cards, but that's quickly changed. We've ranged around the midwest a bit since November, and have visited several of the stores listed. -Rhys"

"I received a reissue of my Visa debit card from Washington Mutual. I felt that the wording of the note is very strange. I can type it up or scan it for you guys if you want. I live in Southern California, if that helps.

The re-issued cards are MasterCards, instead of Visas, which we always have had at WaMu.

What's funny is I remember asking my banker what would happen if my debit card was used fraudulently, and they said something like, "well, you'd be responsible, that's why we recommend you get a credit card." They had no option to get a strictly ATM card, rather than a debit card.

-Paul"

Here are scans of the "card upgrade" Paul was forced to do:

Front

Back

"Howdy,

I saw your article on recent debit card reissues via a link from BoingBoing. I just got a new debit card from Washington Mutual. The letter included reads "We are providing you with this replacement card because we have reason to believe the the information on your Washington Mutual Gold Debit MasterCard may be at risk of fraudulent activity. Although we are unaware of any fraudulent use of your card as of the date of this letter, please activate this card immediately and destroy your old card for your protection."

I didn't connect this with the recent story until I saw your article. I believe Washington Mutual partners with Citibank for these cards"

"Hi,

I just read your post "ATM Fraud UPDATE: Wal-Mart, OfficeMax, Sam's
Club, Office Depot Suspected" and wanted to let you know that I am a
Washington Mutual customer and was recently sent a new debit card when my old one still has months until it expires. The letter that was sent with it said that there may have been fraudulent activity in my account and that is why they were sending me another one. I got worried and called (also called because I traveled to Costa Rica last year and Washington Mutual decided to turn off my card because I didn't tell them I was traveling, however I had never had a problem using my card before in France, Japan, or Singapore, but that's another story.)

Anyway when I got someone on the phone they told me that there wasn't
any fraud in my account (neither had their been in Costa Rica) but
that they thought that all of their customers deserved gold card
instead of the previously issued blue ones. Um waste of money! Maybe they wouldn't need to charge $30 for an over draft if they didn't decided to change the color of their cards for what I thought was no reason. Maybe the reissue of the WaMu gold cards has something to do with this however? BTW the gold card doesn't get me anything more than the blue one I had for years before.

Thanks!
Phoebe"

"Thanks so much for staying on top of this story. It is really disturbing how little MSM press this has gotten. We'd really like to know just how far reaching this is and what retailers plan to do about it. It irks us that they won't disclose which retailer or third party transaction processor is at fault.

It's been over a week since our money went missing. Our bank (Suntrust) has been really great. They redeposited the funds to our account within 48 hours. They told us we didn't need to file a police report because of the sheer volume of cases in our area that were already reported.

We still haven't gotten our replacement cards yet, so we have no way to get cash other than checks, which ironically means we have to make charges on our traditional credit cards. I'd like to also mention that Suntrust did, about a month ago, pull the same thing other banks have done; cancelling good check cards and send out new ones. A friend of mine had gone to lunch, went to pay and had her card decline even though there was money in her bank account and her card had not expired. The only explanation she got from Suntrust at that time was they were cutting off an "old" version of the check cards and sending out new ones. Her main issue was that they cut off her card before she received a new card. Since we bank at the same bank and because I too had the "old" card, I asked if the same thing would happen to me. They said it could but would send me a new card right away just in case. No mention of fraud at all. Unfortunately for us, I got the new card but my husband's card was the one that got nabbed. Now we'll both get new cards. That will make new two check cards for me within one month.

Anyway, thanks for all the great work! For all of us that have gotten taken, we're still paying attention.

Sincerly,
Sarah"

"I bank with National City and recieved a letter then a new debit card would arrive. But heres what really is stupid is that of course my debit card is one of two tied to our joint checking.. The bank only reissused my card, they didn't suggest closing down our checking account! Hello wouldn't that have made sense too CLOSE the checking account too! Why invite trouble and cause stress, the bank wasn;t going to tell me anything they didn;t have too I had to ask a million questions, of course I read everything I could on the banks web site on fraud and I as amazes on what they refused to tell me untill I grilled them on the policy."

"I know you guys don't care much for personal anecdoes (or so I read), but I thought you might be interested to know that my bank, Wachovia (I'm in North Carolina), sent me a new debit card in the mail, unsolicited by me, with a letter that said they had been informed by VISA that "an incident involving unauthorized access into third party merchant systems had occurred," and that "based on the information provided by Visa, it has been determined that [my] Visa Check Card number, name as it appears on the card, expiration date, and magnetic strip data were potentially exposed."

The use of my new card will deactivate my old one. The letter also reminds me that I'm not responsible for any fraudulent purchases under "Wachovia's Zero Liability Fraud protection policy," plus more marketing stuff. Fortunately, I've never had to submit any claims under this policy, but I can't vouch how "zero liability" it really is. Interestingly, my card has the same account number, and I assume the same pin number until I change it so I guess the new magnetic strip makes a difference? In any case, it's cool that my bank caught wind of this pretty quickly and sent out new debit cards to their customers (presumably all their debit card customers - no small feat in a few days)."

"Here's my report of a debit card reissue.
BB&T bank sent me a letter the other day saying (in part) this:

"Visa U.S.A. notified BB&T and other financial institutions of a security breach that affected the data base of a U.S. merchant. This breach MAY (emphasis theirs) have put a very small percentage of BB&T cardholder information at risk. Your BB&T Check Card was identified as one of the cards that may have been affected.

This breach was not the result of any actions taken by BB&T; it does not mean that there has been an unauthorized transaction on your account. However, as a precaution, we are ordering a new BB&T Check Card for you. The card will have a different number, but for your convenience, your Personal Identification Number (PIN) will remain the same. You should receive your new BB&T Check Card prior to March 28, 2006."

So, step #1? I Google "Visa database breach" to see what's up. Seeing breached from last July, I modify the search, adding 2006 to the above, and found your site.
Step #2? I logged into BB&T online banking to see my statement and I find no suspicious activity and breathe a sigh of relief.

There were lots of Sam's Club transactions, not surprisingly, that's where I get my gas. From one of the entries on somebody's page it looks like I can skip the PIN part when buying gas, so I might do that...

You can bet that I'll change the PIN ASAP!

Thank you!

Richard D.
Charlottesville, Va. "

Ross writes on 4/3/06:

"This week, 2 things happened to my girlfriend and I;

First, she was buying a few items at a pharmacy and they declined her Bank of America debit card. She went to the nearest BofA and they told her that her atm card was compromised. They told her they'd issue her a new one and she would receive it in the mail in 7 to 10 days. My girlfriend insisted on finding out the source of the compromise, but BofA told her it wasn't her business. Enraged, she told me also there was no communication from BofA telling her that her debit card had been shut down, no email, phone call or letter. This is a complete inconvenience for a person who uses their debit card daily.

Then on Saturday night I went to a BofA atm and it declined my transaction, after using it only a few hours before for dry cleaning, gas, breakfast. I went to another atm down the street and it also declined my call. After repeated attempts at calling BofA, I could not get a human on the phone! Their system told me I could get an associate on the phone between the hours of 7am and 10pm and hung up on me, but this was only after 7pm PST! Imagine if I had an emergency, this is one of the largest banks in the country and I can't get a person on the phone on the weekend? So I called the next morning and their atm dept told me they detected an abnormality with the gas station I went to that afternoon and froze my card. After verifying who I was, they unblocked my card.

I wanted to know if there was any other word of this compromise from anyone else this week?

Thanks,

Ross"

Keep those stories coming in and we ll add them here.

Previously:

• ATM Fraud UPDATE: Wal-Mart, OfficeMax, Sam's Club, Office Depot Suspected
  
• The Office Hax 'Guarantee'
  
• ATM Fraud Update
  
• Alert! Citibank Scandal Update: It's Not Just Citibank...
  
• Citibank's Statement on the ATM Crisis
  
• Citibank s ATM Crisis Merely Extends Money Don t Matter Campaign
  
• Massive Citibank Alert: UPDATE
  
• Massive Citibank Fraud Alert: UPDATE
  
• Massive Citibank Fraud Alert

"Recently, we became aware of fraudulent ATM cash withdrawals on Citi-branded MasterCard credit and debit cards used in the UK, Russia and Canada on customer accounts that had been possibly compromised in previous retailer breaches in the US. To protect customer accounts that were affected, we placed a special transaction block in those three countries on PIN based transactions. We are currently reissuing cards, as appropriate, to affected customers.

Protecting our customers' accounts and personal information is one of our highest priorities."

The security breach is said to extend from a data loss by two retailers that occurred over a year ago. When asked who the retailers were, she said that data was not available at this time.

It seems this article in the Fresno Bee, which BoingBoing pointed to us, may be pertinent. As they report, about three quarters of a million dollars in fraudulent ATM withdrawals were initiated in Russia and across the world. These withdrawals seemed to stem directly from data loss by an unspecified retailer. As to why the retailer is unnamed, Foley, an employee of the Identity Theft resource center said, "I'm quite sure that (the retailer) doesn't want the world to know that he was quite so dumb as to lose this information."

It seems that the banking organizations are more than willing accomplices in keeping the retailer's identity cloaked.

Another article, also found via a BoingBoing pointer, if not directly related, certainly makes for interesting reading. It describes the guilty pleas of 12 of the 21 arrested members of a global ATM scam network called Shadowcrew operating a website trafficking in stolen credit and bank card numbers and identity information.

Previously:
Citibank's ATM Crisis Merely Extends "Money Don't Matter" Campaign
Massive Citibank Alert: UPDATE
Massive Citibank Fraud Alert: UPDATE
Massive Citibank Fraud Alert

UPDATE: We finally reached Louis in Citibank's public affairs office. He says they're "looking into it" and will "get back" to us. When we told him the story is already running and it would be good to have some kind of official response, he said that as the issue "borders on several products" he will forward our information to his "colleague" who will "get back" to us "as soon as possible." The Wall Street Journal is supposed to be running a piece about this tomorrow. Bet they don't have too much trouble getting an official quote...

UPDATE: A reader tells BoingBoing the Royal Bank of Canada is experiencing similar issues.

UPDATE: Jake Applebaum's, who first reported the problem, response as to why this new info contradicts what he was told.

Previously:

• Massive Citibank Fraud Alert: UPDATE
  
• Massive Citibank Fraud Alert

Our calls to the public affairs office were unsuccessful in reaching Louis Roserro, whom we were told to speak to about this. Ask for him at 212-559-1299. If you get the machine, star T, then star A, then enter R, O, S, then 3 to be transferred to his direct line. Or you can call him on his cell at 202-607-9027. We ve called several times and left messages this morning, to no avail.

Then we called up the Citi Identity Theft Services 800-627-3999 (NY metro area) 800-274-6660 (other areas). We Pressed 6 for victim of Identity theft and pretended to be a concerned customer who got the same "INELLIGIBLE ACCOUNT" screen in Toronto. They asked for our account information but we refused, saying we were uncomfortable disclosing that information over a cellphone as people could be listening in.

Here s what we pried out of the rep:

They ve known about the problem for a month. Citibank alleges that the service shutdown is not due to class break or security fault, but is because some of the various interlocking ATM networks are not accepting transactions initiated by Citibank customers. He said that he was unable to specify which networks were affected as Citibank didn t know either. The rep confirmed that the problem only affects Canada, UK and Russia.

No ETA was available the problem s resolution. If customers see any suspicious transactions, they should report it and Citibank will verify the dispute.

Assuming they re telling the truth, this doesn't sound as sexy to us as the virtual bank robbery theory brought up by BoingBoing. If you re traveling to Canada, UK or Russia, make sure to take out all the money you need ahead of time.

Or, take this opportunity to switch to a different bank.

UPDATE: Jake Appelbaum's response, as posted on BoingBoing, on why this contradicts what he was told:

A month huh? That's two weeks up from the last time! This new explanation doesn't seem correct. The woman I spoke with on the phone said that the networks in these countries were compromised, she sent a new card to my US address as a result of using said networks. She also told me that if I used these networks again, Citibank might lock my card again. She could not assure me that it wouldn't happen the first time I used the Canadian ATM network with my new card. Her suggestion to withdraw large sums of money was cute, but perhaps not unwarranted given the stupid state of Citibank.

This sounds like an issue that's unrelated to cards just being rejected, doesn't it? If it was just the networks rejecting cards, why did I need to have a new card reissued? I've had fraud issues with my account cleared over the phone numerous times from my insane traveling schedule. Never have I had to have a card reissued because my card was "rejected by some banks." WTF?

Though if anything, it's like there's more than one problem with Citibank and ATM networks in Canada. It seems like we've got a few issues:

1) Citibank cards are being rejected by some Canadian banks on the Canadian ATM network. This is being claimed the consumerist. It happened to me but perhaps this isn't the same case. My card was rejected but it wasn't only rejected by the bank I visited, it was locked by Citibank.

2) Citibank had/has a fraud issue with people generating card numbers and pins. This was disclosed when I called previously. It is unclear if my card was generated or if my pin was generated. I'm of the mindset that this could be the case but they're pretty tight lipped about it.

3) Citibank claims that using any of the Canadian ATM network will result in a card likely being flagged and locked. The only way to reset this flag is to get a new card issued. This does not prevent the issue though. They claim this is because the Canadian network itself is insecure. This is a pretty bold claim and the woman I spoke with on the phone repeated that this has been an issue for two weeks. This was also disclosed when I called.

4) Citibank says this is also happening in the UK and Russia. Again, they told me this over the telephone. The consumerist appears to have gotten the same response to the affected areas of the world.

I say they're doing damage control. Something doesn't sit right with me. How does "some banks reject citibank customers" translate into three nations worth of ATM networks being untrusted? I give a hearty WTF.

So what's really going on? Is there a security breach or a vendor issue?

UPDATE: Bill Hansley told BoingBoing that the Royal Bank of Canada is having similar issues.

I'm a US customer of Royal Bank of Canada / Centura, and they're having similar issues. The word from them was that Visa corp told them that several thousand (65,000 according to the service desk people at my grocery store, who knew about this as well) *cards* (not accounts) had been compromised and were cancelled Saturday and replacements mailed. My card was affected, my wife's, who's on the same account, was not. I wonder how many other banks were affected?

Isolated incident or global bankup fux0rup? Rumor has it the Wall Street Journal will tell us something tomorrow.