Dear Consumerist,

I bought an HP printer (LJ M1522nf) at Office Depot yesterday, for $259.99 after $140 instant savings. I attempted to use an Office Max coupon for $20 off a purchase of $100 or more, because Office Depot's website says they accept competitor coupons. When I presented the coupon to the cashier, it was refused. She said they don't accept any coupons for technology purchases.

That would have been fine, but I checked Office Depot's policy regarding competitor coupons again to check the wording, and it makes no mention of excluding technology purchases. Here is what the website says: "Does Office Depot accept coupons from Competitors? Yes. Coupons are accepted in-store only. Acceptance of coupons from the Competitors is subject to the terms and conditions listed on the coupon. Office Depot does not accept Competitor coupons for free/promotional or non-identical products."

So today I called Office Depot, and spoke with the Manager on Duty. I pointed out the policy on the website, but he still refused to honor the coupon, citing the technology excuse. I said okay, and asked for the General Manger's name and when I'd be able to contact him (tomorrow at 8 AM).

This is where the story gets interesting. I called Office Depot's corporate customer service line (1-800-Go-Depot), explained the situation, pointing out the policy on the website, and asked if it was valid for the store to refuse the coupon. The CSR said he'd need to "research" the issue, and came back in a few minutes. He told me that they COULD NOT accept the coupon on technology items. I asked why the website does not specify this, and he said that the website has "not been updated" and they are "working on it."

Can Office Depot do this? Don't they need to honor their own terms as stated on their website? I still have a shot with the General Manager to get the coupon honored, but I was hoping corporate would back me up so that I have ammunition when I speak with the GM of my local store. If the GM does not honor the coupon, is there any course of action I can take?

Thanks,
Chaz

Alright, well let's look at Office Depot's so-called "low price guarantee:"

Does Office Depot accept coupons from Competitors?

Yes. Coupons are accepted in-store only. Acceptance of coupons from the Competitors is subject to the terms and conditions listed on the coupon.

Office Depot does not accept Competitor coupons for free/promotional or non-identical products.

Office Depot's policy says nothing about restrictions on technology purchases. Guess what? That means it applies to technology purchases! Go ahead, Office Depot, change your website if you want, but until you do, shut up and pay up.

Low Price "Guarantee" [Office Depot]
(AP Photo/Jeff Chiu)

The cashier first claimed that there was a limit of 5 cartridges per week, and then threatened to send Chris' picture to other stores. Finally, he confronted Chris, saying "I don't know where you're getting these, if you're stealing them... but it needs to cut down."

Chris writes:

I've finally had my first really angering customer service issue. But a little bit of background:

I run a computer repair business. Obviously, I'm constantly buying/selling computer supplies and equipment, and one of the things I get from customers and my vendors are empty ink cartridges. From my vendor they arrive assorted, so I take the ones I need for the models my customers have, and recycle the rest. I also get quite a few when customers upgrade printers. I recycle the empties at Staples, OfficeMax and Office Depot, since I don't do enough in volume to recycle directly with the ink companies. Each store gives you $3 per cartridge to spend at the store. It's a bit long to explain where I get them; and cashiers are puzzled when I tell them I run a computer repair business (since I'm only 20 and look young) so I usually say I get them from friends and it's done. Funny sidenote: once a cashier at Staples read my jacket that says my company name and said "So I guess you're going to give this money back to your employer, right?" Yep, I sure am.

At Staples, it's awesome. I'm actually on a friend basis with one of the cashiers, and when they gave out coupons for recycling cartridges, I would use them online all the time. For the reason of them having a robust online store with great prices and rebates, I spent close to $3700 after coupons with them in 2006. This year I'm almost at $1000, so I'm not a once-in-a-while customer. Staples recently changed to put the credit from recycling on your Staples Rewards card, but I don't plan on ramping down my spending given the great service I always receive.

At OfficeMax, it's a different story. They've never given out coupons, and their prices aren't that great in store or online. However, instead of recycling 3 ink cartridges for a total of $9 in credit, they allow you to recycle up to 5 cartridges for $15 in credit. This puts their prices back at being decent. Unfortunately, they don't have great prices in store/online, so I only buy in store with cartridges. I follow the rules, limit of 5/day/person. I have brought my girlfriend or a friend sometimes as well.

There's a single cashier/manager/something there that has a problem with me. To be honest, I don't even see him that much, but he feels like I'm taking the money out of his wallet when I use the cartridges for credit. It first started with him telling another cashier in a way to get me to overhear that there's a new limit of 5/week. BS. Then he outright lied to my father and I by saying that the coupon system was down, forcing me to drive to another store to get memory cards for my dad's camera.

Today was a new low. While checking out, he walked up to the checkstand and here's the conversation that ensued (he's Cashier, but not the one ringing me out, she's very nice):

Cashier: Excuse me if you don't mine[sic] me asking where did you get the cartridges?
Me: I get them from friends.
Cashier: That's impossible, you have too many of them. You come in with these and you come in with your girlfriend or a friend.
Me: (getting angry) OK, well, I'll go to the [redacted] store from now on.
Cashier: Well, I have you on camera, I'm gonna send your pictures to the other stores so they know to look out for you.
Me: At Staples, they have a box from HP - aren't you getting money for these?
Cashier: Yes well it needs to cut down.
Me: Let me ask you, am I taking the money from your wallet? Am I reaching in to your wallet and taking money out?
Cashier: No, but I'm in charge of it and it needs to cut down, I don't know where you're getting these, if you're stealing them or-
Me: No, I'm not stealing them.
Cashier: but it needs to cut down.
Me: OK.

Why would he be sending my picture around unless I've done something wrong?

I'm getting sick and tired of being treated like a common criminal because I use coupons. I play by their rules and still they don't like it. If they don't want to take coupons they should remove the program.

Thanks,
Chris

OfficeMax needs to realize that recycling is good, not bad. Try having a calm conversation with the cashier's manager, and explain your business and that you appreciate having an outlet to help you recycle. If that doesn't help, call corporate and ask the people running the MaxPerks program why their employees hate the environment.

(Photo: Getty)

He writes:

Howdy Consumerist,

I stumbled across your site recently and am now addicted to it. Today I got a package from OfficeMax where we recently ordered some CD-Rs.
One of our front office gals opened the box to find the following: (attached picture #1)

Quite a bit different than what is pictured on their website.

I guess whoever packaged the cds was hard up for spindles? The shrink wrap from the spindle was still in the box, but the cds were not in the shrink wrap. We're sending the cds back of course and hopefully the next batch won't come unwrapped, unspindled, and with scratches all over them!

Susie's eight months pregnant. She needs some decent back support. So she was excited when she got a coupon from OfficeMax, offering 30% off any order of $150 or more. She imagined long, languorous days in her office working from home, a homuncular Winston Churchill look-alike suckling at her teat as her spine was cushioned by cool, soft leather.

But OfficeMax nailed her with the old bait-and-switch. When she called to place the order, the 30% off coupon magically transformed into a $30 off coupon.

Susie's pissed — she's the wrong pregnant lawyer to piss off. Her email, after the jump.

See the coupon I received by mail and then the hell I just endured below...

"There is an online phone coupon valid thru 10/7 - 30% off your purchase of $150 or more - "to take advantage of this special offer, call: 1-800-OFFICEMAX and mention offer #107620310821 or shop online and enter this promo code on the shopping cart page: GHA2LOXLRS8BVNW8C"

I went to the site. Spent a whole lot of time - over three days - picking out two perfect home office chairs. One is for me (I'm 8 months pregnant and soon to be working from home more often) and one for my husband.

The site didn't accept the promo code. So I called in the order. They said the coupon was valid. Phew!

So after 15 minutes of giving my details and setting up a "Office Max Customer ID #" - I was ready to order. Gave the 8 digit codes for the chairs. Had to hold for a long time as "the system is slow today." I asked if they could call me back to let me know when the chairs would arrive. She tried again. Although the chairs are "in stock" I am told the chairs would take 14-21 business days to arrive. Fine, whatever. Let's do it.

She calculates the price, but I notice the total seems high. She forgot the coupon. She recalculated the price with the coupon... it was still very high.

Why? Well she said the coupon was for $30 off - not, as the email said, for 30% off. She said, oh yes, that was a typo... the email they sent should have said $30.

I get peevy. I made it very clear it was not her fault, but that this is a bait and switch scam.

Still, he was skeptical when an OfficeMax employee tried to upsell him on their $30 Max Assurance extended warranty. But, somehow, he ended up being convinced, specifically by the promise that he didn't need to hang on to a scrap of paper indefinitely (namely, his receipt) to make good on the warranty. His name and the printer's serial number would be enough.

Flash forward 14 months. Guess what little tattered scrap of paper he needs?

Steve's email after the jump:

ot sure if this really fits in with Consumerist's mission, but I just got finished fighting with OfficeMax over their "Max Assurance" extended warranty scam. Extended warranty programs are getting pushed harder and harder on consumers, but some of them look to be a complete waste of money. Max Assurance is definitely one to stay away from.

In April 2005, I purchased an HP 6210 all-in-one printer from OfficeMax. At the time, I was assured by the sales person that I wouldn't need to save my receipt, and simply registering my name and address would be enough. They, supposedly, would save the serial number of my purchase so they can identify me later. Okay, cool, I thought, since I'm bad at saving receipts and since printers tend to break often, it would be worth the $30 or $40 to get it replaced. I was told that it was a simple matter of bringing the printer in for a replacement, or if the printer no longer is on the market, they'll give me equivalent value in store credit so I can buy something new. How can I go wrong, I thought. I buy the two year extended warranty and feel like a smart shopper.

Fast forward to today, September 2006. The flatbed scanner on the printer dies in a way that Google searches can't resolve. So I call the store where I purchased it (OfficeMax #582 in San Francisco) and ask them what I should do. This is where everything goes sour.

I bet you can guess what happens next.

Suddenly I need a receipt, despite being told explicitly that I didn't need one a year and a half ago. (I wouldn't have purchased the plan had saving a receipt been required.) The first person I speak with asks me the name of the checkout person who rang me up a year and a half ago. I tell him that I don't make a habit of writing down the name of every person at every store I shop at, and that all I want them to do is look up the transaction for me, or otherwise tell me what other piece of information I can give them to identify my purchase. I offer him my credit card number and the serial number of the printer, but he refuses to help. I'm told this is for "my security" (translation: we're not going to help you and we're not going to tell you why). He then gives me a toll-free number to call (866-805-9095), which he says will email me information about my Max Assurance plan. Somewhat relieved, I ask him that if I print out the email and bring it in, will that be good enough? He says no, that I still need the original receipt. When I ask him what the point of calling is, he puts me on hold for an indefinite period of time, and eventually the line goes dead.

I call back, and speak to someone who identifies himself as the store manager. I explain my story to him, and he becomes immediately belligerent. Granted, I clearly expressed my frustration from the beginning, but I didn't use profanity or ask for anything unreasonable - I simply wanted my printer replaced per the terms I agreed to when purchasing it. I again offer my credit card number and the serial number of the printer, and ask for the phone number of any department at OfficeMax that can look up my transaction. He insists that it's impossible to ever reference any past transaction, and that if I don't have the original receipt, he won't help me. I remind him again that the person who sold me the printer made it clear that I don't need the receipt. He tells me that he doesn't believe me - effectively accusing me of lying.

I also tell him what the last person said, about the toll free number that will email you information about the purchase, and ask him why that isn't good enough to prove that the printer is mine and that I did indeed purchase it from OfficeMax. He tells me that he has no idea what I'm talking about, and there's no way anyone at the phone number will email me anything about my purchase. His tale completely conflicts with what the last person at the same store tells me, though ultimately the result is the same.

Then the store manager offers me a "discount" on a new printer, and it becomes immediately apparent that I am, in fact, being scammed. He claims that this is to meet me "half way". Yeah, what a compromise - I buy more from his store, I don't get my printer fixed, my Max Assurance plan is worthless, and everyone makes more money from me. My $200 printer is about to cost me $400.

Finally, I call the toll free number given to me earlier. The story is now completely different. They don't look up my transaction; instead they take my word that I am the owner of the printer and what the value of the printer is, and claim to email me a shipping label for the printer. However, they tell me that I can't bring the printer in to the store to get it replaced, even though that's what I was originally told!

Instead, I am to box it up, and wait 10-14 business days for processing, then wait another 10-14 days after that to receive the "gift coupon" that I can use at any OfficeMax store. 20-28 business days without a printer is about a month and a half of calendar days. Wow, how convenient. A month and a half without a printer for a small business is painful and pretty much impossible, so now I'm just going to buy a new one (though definitely not from OfficeMax). Which is exactly what I would have done without the $30 extended warranty, except now I'm out $30 and an hour of wasted time on the phone, arguing with the rude and unhelpful. I'm also not told what will happen to my printer if they can't match up the serial number. Am I notified? Do they send it back to me? Do they throw it away?

And that's assuming I ever receive this "shipping label", which still has yet to appear in either my Inbox or my spam folder.

I guess the moral is save your receipt? But that's not really the point, is it. Someone at the company tells me one thing ("oh no problem, you don't need a receipt" and "if it breaks, bring it in! we'll replace it! no problem!") when I'm deciding whether or not to give them my money, yet does something completely different when the time comes to follow through. And worse, when I remind them of what they promised, I'm either lying or it's the fault of some rogue employee whose name I'm expected to remember a year and a half later. No one tries to take responsibility for the situation, except by offering me the "privilege" of spending more money with them. Suddenly the corporation becomes a maze of individuals and departments for me to navigate, rather than a single entity structured to service their customers. Why is the consumer expected to learn the internal functioning of a giant corporation just to get a printer fixed, or otherwise get accused of lying? The whole thing is completely insane.

"Rebates were the No. 1 customer complaint we were getting," said Ryan Vero, OfficeMax's chief merchandising officer.

In the place of rebates, in-store discounts will be favored.

"OfficeMax bids farewell to mail-in rebates" [CNet] (Thanks to jpacooney!)

We're getting reports from all around the country. Several are from Southern California. But the problem is not limited to just that region.

Christopher writes, "My wife is a debit card holder of a Farmer's and Merchants National Bank here in Columbia TN and she just got a notice last week to reorder her card. the bank will be forcibly canceling her current card in April.

She uses her personal card for business transactions (she is reimbursed later) at all of the stores in your latest post. the letter that she got said the loss happened between Nov '05 and Jan '06."

More readers share similar stories, after the jump. Please send yours in to tips@consumerist.com.

Christopher continues, "I hold the same type of card that is tied to our joint account and have not received any notice. I primarily only use my card for gas and food (non PIN # transactions."

We caution that his story and the following only constitute circumstantial evidence. Regardless, it's evidence, something this situation has been sorely lacking.

Brian from Texas has a story sounds right on the money. He shops at Sam's Club and someone tried to withdraw $500 from his account on February 8th. From Moscow. "The transaction happened just after midnite, and I'm certain I was not in Moscow at the time since I was sleeping here in Texas." He writes,

"My VISA checking card was used, showing a $500 ATM withdrawal from Moscow. I called my credit union and reported it, the same day I went to the police to report the theft and visited the credit union personally to order a new card. My $500 was returned less than two hours after I gave the CU a police report number.

The local paper said between 20 and 50 people at four local banks (but predominantly at my credit union, Aggieland Credit Union) experienced similar fraudulant activity, most of it originating outside the country. Local police are unable to do much other than notify the Secret Service and VISA.

Rumors locally are that a "local vendor stored credit card information on their computer" and they suspect that may be the problem. I'm wondering if it isn't so local.

Yes, I use my card frequently (and PIN) at Sam's Club. Sam's (ours at least) will not let you use it as a credit card and sign for it, but has always allowed you to use a debit card. Buying gas I always use it as a credit card because I'm lazy and don't want to type a four digit PIN. I've also used it at grocery stores. Note that I have used my card this way for years and this is the first theft for me.

Brian
College Station, TX"

Three weeks ago my card was locked down without warning. I called WaMu and was told that nothing appeared out of the ordinary on my account. Still, the card was locked. Tracked down a "fraud prevention" number and they told me my card had been counterfitted and was being used to buy gas at multiple stations in FL, utilizing my PIN.

Never been to Sam's...I'm a Costco guy if I have to be...but did make a purchase of pen refills — using my PIN — at Office Depot almost one month to the day before the fraud.

Interesting, and might all be a coincidence, but interesting.

Brandon"

I couldn't use my old card anymore (it worked for about 3 days after I activated the new card). There was no reason given in the mail as to why I was receiving this new card. I'd never merited one of their GOLD debit cards before, I don't know why they'd give me one now.

Of the companies you listed, the only one I would have done a PIN transaction was Wal Mart, and the last time I used my debit card there was (according to wells fargo website) 1/17/06. Other places are Target, Starbucks, and one of those post office automated stamp thingy's. Everything else is at gas stations.

This article is the first I'd heard, and I'd be interested to hear more."

We're interested, too, especially if any of you can send scans of any documents related to your card reissue.

"I came home from a trip to find a FedEx Express envelope leaning against my door. I opened it to find a new ATM card from my credit union - DCU (Digital Credit Union). I'll skip the rant about my ATM card sitting outside my door where anyone could have grabbed it...

With my new ATM card was a bright yellow slip of paper:

If the fact that his new ATM card was sitting outside his front door is any indication of how concerned the banks are about your debit card security... Start hoarding shiny metal objects and colored beads.

"In December 05 I received an overnight package via DHL from my bank, Wells Fargo. Inside was a new ATM card and instructions on how to activate it, with no indication of why I was being sent a new card. I activated it, chose a different PIN and the very next day there was a pending withdrawal from an ATM in Southern California (we live in Washington State) for $300 when we checked our account online. We called Wells Fargo, verified they had sent the new card, and complained about the withdrawal. They said they couldn't do jack about it since the activity was still pending, but they could tell that it was a PIN-based transaction.

So we watched our account and the following day there was another withdrawal, from a different account in Southern California. We called them again and asked them to put a stop on all activity to and from our account, which they said they would. The checked he numbers on the card used to make the withdrawals and it was from my old card, not the new one they had just sent me. By this time the first withdrawal had cleared and the money was officially sucked out of our account, so we could officially begin the process of getting our money back. The next day there was another withdrawal, this time from an ATM in Brooklyn, NY, another $300 (the daily maximum?). We waited another day and a second withdrawal happened from New York.

I called Wells Fargo customer service and ask them why the fuck there were still withdrawals from our account when I had told them to stop all withdrawals. The CSR said they had only stopped check activity, not ATM/DEBIT card activity. At this point I lost my mind, asked her why the fuck would you stop us from writing checks when the problem was with PIN-based ATM withdrawals, and did everyone there at the call center have their heads up their asses? She asked if my card had been stolen, I said no it was right here in my hand, and then she asked if I had ever given anyone my PIN "Uh, no" then she suggested I report the card as stolen and that was the only way they could stop the transactions. I told her to do it and the withdrawals stopped. It only took Wells Fargo 5 days and $1300 of my money to stop the fraudulent activity on our account.

The dispute process itself took about 3 weeks for us to get all our money back at which point we closed all our accounts and moved everything to a local credit union . One of their investigators told us they had sent out the new card because there was some reason to think that my existing card had been compromised, he wouldn't say how except they were reviewing places I had used my card to see if there were any matches.

A friend who works in the fraud department of a large bank told us they sometimes keep the old card and its PIN active for up to 30 days after you activate a new card unless you explicitly report it as stolen. So they sent me a new card, suspecting there was going to be some fraudulent activity, and then kept the old one active so the fraudsters could do what Wells Fargo suspected they might do. Really fine service Wells Fargo, way to put the customer first.

-J."

"Hi,

In late Jan my mom's Mastercard [MC] statement showed $800 in overdraft transfers. She called MC as she never uses overdraft. They only told her to call her bank, Wells Fargo, and didn't warn her about current MC activity.

She almost immediately called WF: $4,000 in fraudulent pin-based debit card existed. ($100 from the historic balance, $3900 transfered in from MC- trouble in itself as her MC rate doubled!) Between the calls to MC and WF MC still transferred $300 to WF before WF cancelled the debit card.

The fraud was mostly $300 ATM withdrawals and some $10-50 purchases all in the Philipines in January (with one last ATM in NYC). WF's algorithms hadn't caught this, although WF was aware that pins had been compromised. They had told my mom "Don't worry, you're not alone" when she first called fraud.

Around then the San Jose Mercury ran a story on a security breach at an "office retailer." My mom reviewed 6 months of debit card purchases. OfficeMax is the only retail store in her list.

All her other retail purchases were from small local restaurants or grocers. The only other chains were Arco gas and Marriotts.

Undoing the MC interest rate doubling took more time than undoing the fraud- that's another issue.

My mom had to pay MC the $4,000 to prevent a "30 days late" credit report flag. WF refunded the $4,000 once the fraud investigation was over. Given when the fraud started, she could easily have owed MC $6k- only the statement timing prevented that.

She paid because she had it in savings, but how many people have thousands of dollars readily available *and* can afford to lose access to it for the days or weeks until an investigation is done? Lost access is a harm.

MC "understood" my mom's concerns but insisted she pay to avoid the credit rating hit.

Helen"

My card was cancelled with NO notice. i was forced to get another one.

I live in san francisco and my bank said that there was a scam going on dowtown of people's pins and info being stolen from ATMs in the financial district.

This was around the first week of Feb. 06.

When i complained, they said it was 'for my own safety.'

I work for a large bank in the southeast as a CSR. (I'm honestly a bit scared to talk about this and ID the bank, as while I don't plan on working their forerver, I do need my job for a few more months. Let's just say its initials are ST. You're all smart people.)

In February, we had an internal memo that said almost 6000 check cards had been compromised, and that clients might be calling in about them. We were told to assure them that they'd been turned off as a 'precautionary measure' and that they'd have their new cards in 7-10 (?????) buisness days.

I didn't realize anything at the time, and while we haven't heard anything offical inside, I can't help but believe it's related.

Not as large as our friends at CitiBank, but...

Oh, and I've been giving out advice for a *long* time that you should always sign instead of using your pin. Just based on who's involved alone, you get more help with your signature. Visa tends to be more protective of their corperate image than ANY bank is. A bank will not hesitate to tell 2000 people "You're fucked. Deal with it." Visa, from what I undestand, will.

-Plaid

Just writing to tell you that I'm a Washington Mutual customer in Seattle, and I was just issued a new debit card on 3/3/06. It got switched from a Visa to a Mastercard. Didn't think much of it at the time when I received a letter telling me I was going to get a new card, because it was expiring this year, but now that I checked - it didn't expire until June. The letter specifically said that I would be keeping my previous PIN. Looks like I should probably change that, eh?

Anyway, hope this helps with your data collection. Thanks for keeping us updated on this stuff!

Bonnie

I was sent a letter in early March about a security breach. A new card was sent the next day. No name of company was given. I have not shopped at OfficeMax, Wal-Mart, Sam's Club or Office Depot.

The bank was National City Bank, based in Cleveland. I am in Columbus OH.

This can be a very big problem for people who have automatic payments set up on their cards. I got my notice of cutoff only 1 day after a large cable bill went through (Time-Warner changed billing systems, and there were 2 payments due at the same time.)

National City banks must have also been effected by the leak. I received a notice last week that because of security reasons they would be reissuing my check card. I called customer service to find out what all the hubbub was about but was directed from once representative to another and not one had any idea why my card needed to be reissued. Then the next day I saw the story of the Citibank leak on Boing-Boing.

Scott of Michigan

Two days after this article appeared in our local paper we noticed three ATM withdrawls from London totaling over $1,500. I know of several other people that this has happened to within the last week. We haven't had any transactions with OfficeMax, but have with Wal-Mart. I'll never use the debit function on my checking account again!

Hi there,

This may or may not be related, but I received a call two weeks ago from Keypoint Credit Union, saying that my debit card was in a "range of compromised cards" provided to them by Visa, and that all ATM and credit activity on my card had been blocked. They were very proactive about it, and they've since sent me a new card and PIN, although I had to wait two weeks for it. Fortunately, there were no fraudulent transactions on my account.

As for the source of the compromise, my last "Office Retailer" transaction was at Office Max last September. Our other 2 ATM cards (including one with more recent Office Max and Wal-Mart transactions) were not affected.

-Chris

Hi there. I'm a Bank of America customer and had my ATM card counterfeited and used to withdraw about $1,000 at ATM machines in New York City last week (I live in Southern California). The counterfeiters made 20 different ATM transactions, most for $40, at the same Citibank ATM machine, on the same day.

First, if this is from the same security breach as all the other incidents, then I can tell you for sure it's not from Sam's Club/Wal-Mart or Office Depot/Max, since I haven't bought anything at all from any of those places in the past few months. I reviewed my statements and the only three places (other than at ATM machines) where I've used my card as a debit card and entered my PIN since November are: Robinson's May, Taco Bell, and the Post Office. One transaction each. Maybe there's been more than one of these security breaches? I noticed one other person mentioned the Post Office as one of their transactions.

Second, I have a qualified rant about Bank of America's handling of this situation. I suppose they haven't been completely awful about it, but they definitely haven't been great either. They cancelled my ATM checkcard without warning when they suspected the security breach (they claim they sent me a letter, but I haven't received it yet and I've already gotten the new ATM card at this point), AND they canceled my online access to my account at the same time, so that I couldn't look at what transactions were fraudulent until I physically went into a branch and spent half an hour to get online account access set up again. Also, they apparently weren't going to send me a new card until I called them and requested one. Which, if I hadn't, you know, tried to use my card and called them to find out what the hell, might not have happened until I received the "letter" they "sent" me on "March 4th."

On the other hand, when I called Bank of America in a panic late on the evening I found out about this, they were able to pick out all the fraudulent transactions and credited me for them the next day, which fortunately meant no charges to my account bounced. And every B of A employee I've spoken with has been very kind and as helpful as they could be (and, for whatever it's worth, obviously based in the USA).

BUT. Back on the original, evil hand, they have NOT credited me yet for $49 worth of non-Bank of America ATM fees resulting from the 20 different fraudulent ATM transactions; and I'm told they can take up to 90 days to do so because they don't do this until their investigation into my dispute claim has been completed. So, in other words, the money that the counterfeiters got, they're willing to give me back right now; but as for the money that Bank of America gave itself because of transactions that they're already pretty sure are fraudulent, well, those charges they have to "investigate" before they give back. I was able to request that they credit me right away, but I could only do so by asking a fraud department representative to send an email to the investigation department, and she couldn't tell me whether they would do it or not. The same apparently applies to insufficient funds fees (which I only through a stupendous stroke of luck didn't have any of).

Anyway. I'll be reading Consumerist for the news on all this crap. Grr.

Amanda M.

"Got home today to discover a love note from Washington Mutual.

PO Box 2436
Chatsworth, CA 91313-2436

February 18 2006 [odd, it's March 11th today. Chatsworth isn't that
far from me.]

Customer McCustomer
address
city, state, zip

Dear Customer McCustomer:

Exciting news! We are converting all of our customers' debit cards
from Visa to MasterCard, and we are upgrading your debit card to gold
status for free. In the next few weeks, you'll receive a Washington
Mutual Gold Debit MasterCard to replace your Visa Check Card ending in
XXXX.

This upgraded Washington Mutual Gold Debit MasterCard will offer all the same benefits and more, with the same PIN.

With your upgraded card, your benefits will be expanded to include the following and much more:

* Double manufacturers' warranties for up to one year
* Toll-Free US roadside assistance and worldwide travel assistance
* Theft and damage protection for 90 days after purchase
* Price protection for 60 days after purchase

Please keep an eye on your mailbox

Your upgraded debit card will arrive in the next few weeks. If you
have additional Washington Mutual Debit or ATM cards, you'll receive information about each card in the mail. If you have questions, you can reach us in one of the following ways:

* Click: Visit us online at wamu.com/debit
* Call: Toll free 1-800-788-7000
* Come in: Stop by any Washington Mutual Financial Center

Thank you for choosing Washington Mutual!

Sincerely,

Doug Marshall
Senior Vice President

There's a footnote, too, which notes that a Guide to Benefits will be
mailed under separate cover.

Kind of interesting that it's dated almost a month prior to now and
yet I just got it in my mailbox. Looks like WaMu has decided to put
their trust elsewhere... also, I wonder if only some customers are
getting the gold upgrade, since it says they're reissuing everyone's
cards and then says "upgrading yours." If anyone else sees a
different version of this letter, that might be worth checking out.

This may be totally unrelated to the debit card news you've been splashing about, but 3 weeks ago (just before I started reading about the debit card fiasco), I got an urgent phone call from Citibank on my voicemail, asking me to call immediately.

When I phoned them, they told me that one of the vendors where I had used my credit card had reported that it "may have been" stolen, and they wished to re-issue a new credit card to me right away. I asked them WHICH vendor had reported that the card had (er. MAY have) been stolen, as I wished to avoid them in the future. They told me that "they can't release that information." Which, frankly, struck me as damned odd. Nonetheless, I agreed to have a new credit card issued to me. In a moment of astonishing cheapness (and a nice Consumerist moment), they said it would be 5 to 10 days to get the card by mail; I laughed at the phone-troll and said that there was no way I was waiting 10 days to get a new credit card when I hasn't had anything to do with the loss of my information, after which she relented and said they would send it UPS overnight.

In terms of the debit card discussion, this MAY be a red herring, in that I don't have a Citibank-issued debit card; I have a 100% pure MasterCard for its chewy credity goodness. But, I *do* shop at OfficeMax, and I *have* used this card there before (as a credit card), so the timing seems very suspicious. I sure would be interested to hear if other "credit-only" Citibank customers were affected; if so, the scope of the problem may be even larger than what you've reported. Or, heck, it could be totally legit and the restaurant down the street had a disgruntled employee issue.

Thought I'd add to the steaming pile of knowledge y'all are wading hip-deep in.

Cheers!

..Chris..

"Here in Iowa , my wife and I got home Friday to find new Wells Fargo debit cards for each of us - I wasn't due for a replacement until January, and I'm not sure when hers was due. A letter was included stating that the numbers may have been stolen and this was precautionary. We haven't noticed any strange things on the account yet (we check mutiple times daily anyway) but have changed our pins already since I had been reading this topic for the last few days. After I told her about this she called Wells Fargo to ensure our old cards would be disabled as soon as we activated the new ones, but didn't get any more information on why this had happened. We have a habit of using our cards as debit cards, but that's quickly changed. We've ranged around the midwest a bit since November, and have visited several of the stores listed. -Rhys"

"I received a reissue of my Visa debit card from Washington Mutual. I felt that the wording of the note is very strange. I can type it up or scan it for you guys if you want. I live in Southern California, if that helps.

The re-issued cards are MasterCards, instead of Visas, which we always have had at WaMu.

What's funny is I remember asking my banker what would happen if my debit card was used fraudulently, and they said something like, "well, you'd be responsible, that's why we recommend you get a credit card." They had no option to get a strictly ATM card, rather than a debit card.

-Paul"

Here are scans of the "card upgrade" Paul was forced to do:

Front

Back

"Howdy,

I saw your article on recent debit card reissues via a link from BoingBoing. I just got a new debit card from Washington Mutual. The letter included reads "We are providing you with this replacement card because we have reason to believe the the information on your Washington Mutual Gold Debit MasterCard may be at risk of fraudulent activity. Although we are unaware of any fraudulent use of your card as of the date of this letter, please activate this card immediately and destroy your old card for your protection."

I didn't connect this with the recent story until I saw your article. I believe Washington Mutual partners with Citibank for these cards"

"Hi,

I just read your post "ATM Fraud UPDATE: Wal-Mart, OfficeMax, Sam's
Club, Office Depot Suspected" and wanted to let you know that I am a
Washington Mutual customer and was recently sent a new debit card when my old one still has months until it expires. The letter that was sent with it said that there may have been fraudulent activity in my account and that is why they were sending me another one. I got worried and called (also called because I traveled to Costa Rica last year and Washington Mutual decided to turn off my card because I didn't tell them I was traveling, however I had never had a problem using my card before in France, Japan, or Singapore, but that's another story.)

Anyway when I got someone on the phone they told me that there wasn't
any fraud in my account (neither had their been in Costa Rica) but
that they thought that all of their customers deserved gold card
instead of the previously issued blue ones. Um waste of money! Maybe they wouldn't need to charge $30 for an over draft if they didn't decided to change the color of their cards for what I thought was no reason. Maybe the reissue of the WaMu gold cards has something to do with this however? BTW the gold card doesn't get me anything more than the blue one I had for years before.

Thanks!
Phoebe"

"Thanks so much for staying on top of this story. It is really disturbing how little MSM press this has gotten. We'd really like to know just how far reaching this is and what retailers plan to do about it. It irks us that they won't disclose which retailer or third party transaction processor is at fault.

It's been over a week since our money went missing. Our bank (Suntrust) has been really great. They redeposited the funds to our account within 48 hours. They told us we didn't need to file a police report because of the sheer volume of cases in our area that were already reported.

We still haven't gotten our replacement cards yet, so we have no way to get cash other than checks, which ironically means we have to make charges on our traditional credit cards. I'd like to also mention that Suntrust did, about a month ago, pull the same thing other banks have done; cancelling good check cards and send out new ones. A friend of mine had gone to lunch, went to pay and had her card decline even though there was money in her bank account and her card had not expired. The only explanation she got from Suntrust at that time was they were cutting off an "old" version of the check cards and sending out new ones. Her main issue was that they cut off her card before she received a new card. Since we bank at the same bank and because I too had the "old" card, I asked if the same thing would happen to me. They said it could but would send me a new card right away just in case. No mention of fraud at all. Unfortunately for us, I got the new card but my husband's card was the one that got nabbed. Now we'll both get new cards. That will make new two check cards for me within one month.

Anyway, thanks for all the great work! For all of us that have gotten taken, we're still paying attention.

Sincerly,
Sarah"

"I bank with National City and recieved a letter then a new debit card would arrive. But heres what really is stupid is that of course my debit card is one of two tied to our joint checking.. The bank only reissused my card, they didn't suggest closing down our checking account! Hello wouldn't that have made sense too CLOSE the checking account too! Why invite trouble and cause stress, the bank wasn;t going to tell me anything they didn;t have too I had to ask a million questions, of course I read everything I could on the banks web site on fraud and I as amazes on what they refused to tell me untill I grilled them on the policy."

"I know you guys don't care much for personal anecdoes (or so I read), but I thought you might be interested to know that my bank, Wachovia (I'm in North Carolina), sent me a new debit card in the mail, unsolicited by me, with a letter that said they had been informed by VISA that "an incident involving unauthorized access into third party merchant systems had occurred," and that "based on the information provided by Visa, it has been determined that [my] Visa Check Card number, name as it appears on the card, expiration date, and magnetic strip data were potentially exposed."

The use of my new card will deactivate my old one. The letter also reminds me that I'm not responsible for any fraudulent purchases under "Wachovia's Zero Liability Fraud protection policy," plus more marketing stuff. Fortunately, I've never had to submit any claims under this policy, but I can't vouch how "zero liability" it really is. Interestingly, my card has the same account number, and I assume the same pin number until I change it so I guess the new magnetic strip makes a difference? In any case, it's cool that my bank caught wind of this pretty quickly and sent out new debit cards to their customers (presumably all their debit card customers - no small feat in a few days)."

"Here's my report of a debit card reissue.
BB&T bank sent me a letter the other day saying (in part) this:

"Visa U.S.A. notified BB&T and other financial institutions of a security breach that affected the data base of a U.S. merchant. This breach MAY (emphasis theirs) have put a very small percentage of BB&T cardholder information at risk. Your BB&T Check Card was identified as one of the cards that may have been affected.

This breach was not the result of any actions taken by BB&T; it does not mean that there has been an unauthorized transaction on your account. However, as a precaution, we are ordering a new BB&T Check Card for you. The card will have a different number, but for your convenience, your Personal Identification Number (PIN) will remain the same. You should receive your new BB&T Check Card prior to March 28, 2006."

So, step #1? I Google "Visa database breach" to see what's up. Seeing breached from last July, I modify the search, adding 2006 to the above, and found your site.
Step #2? I logged into BB&T online banking to see my statement and I find no suspicious activity and breathe a sigh of relief.

There were lots of Sam's Club transactions, not surprisingly, that's where I get my gas. From one of the entries on somebody's page it looks like I can skip the PIN part when buying gas, so I might do that...

You can bet that I'll change the PIN ASAP!

Thank you!

Richard D.
Charlottesville, Va. "

Ross writes on 4/3/06:

"This week, 2 things happened to my girlfriend and I;

First, she was buying a few items at a pharmacy and they declined her Bank of America debit card. She went to the nearest BofA and they told her that her atm card was compromised. They told her they'd issue her a new one and she would receive it in the mail in 7 to 10 days. My girlfriend insisted on finding out the source of the compromise, but BofA told her it wasn't her business. Enraged, she told me also there was no communication from BofA telling her that her debit card had been shut down, no email, phone call or letter. This is a complete inconvenience for a person who uses their debit card daily.

Then on Saturday night I went to a BofA atm and it declined my transaction, after using it only a few hours before for dry cleaning, gas, breakfast. I went to another atm down the street and it also declined my call. After repeated attempts at calling BofA, I could not get a human on the phone! Their system told me I could get an associate on the phone between the hours of 7am and 10pm and hung up on me, but this was only after 7pm PST! Imagine if I had an emergency, this is one of the largest banks in the country and I can't get a person on the phone on the weekend? So I called the next morning and their atm dept told me they detected an abnormality with the gas station I went to that afternoon and froze my card. After verifying who I was, they unblocked my card.

I wanted to know if there was any other word of this compromise from anyone else this week?

Thanks,

Ross"

Keep those stories coming in and we ll add them here.

Previously:

• ATM Fraud UPDATE: Wal-Mart, OfficeMax, Sam's Club, Office Depot Suspected
  
• The Office Hax 'Guarantee'
  
• ATM Fraud Update
  
• Alert! Citibank Scandal Update: It's Not Just Citibank...
  
• Citibank's Statement on the ATM Crisis
  
• Citibank s ATM Crisis Merely Extends Money Don t Matter Campaign
  
• Massive Citibank Alert: UPDATE
  
• Massive Citibank Fraud Alert: UPDATE
  
• Massive Citibank Fraud Alert

They name...Office Depot (not Office Max, as we heard) and...

Come on, wait for it... your favoritest company in the whole world... oh yes, here it is, here it comes.......

WAL-MART! Wheee! Blog yourself outta of that one, sucka!

A Computerworld article sent in by reader Georgia (thanks!),says the offender may be Sam's Club, a division of Wal-Mart. We learn that Visa, in response to a letter sent by Rep. Barney Frank (D-Mass.) in February, concerned over retailer intrusions, said, "Accusing a single source of the compromise before the investigation is complete could be inaccurate and unfair... Similarly, disclosing the name of the compromised entity would become a powerful disincentive for the compromised entity to share time-sensitive information with Visa."

Computerworld's source who works for a company aiding the lawmen following the fraud says most evidence suggests that a point-of-sale (POS) system at a California OfficeMax is involved.

OfficeMax has flatly denied these allegations, leading one analyst to posit the source is a third-party transaction processor.

Questions remain. Who are the retailers responsible? Why are the credit agencies hiding their identities? And, why isn't this being reported in the mainstream media? The WSJ was said to be doing an article but it's failed to surface as of yet.

Many, many things about this are not adding. These companies mutual masturbation doesn't help assuage our concerns.

If you or someone you know is a customer of Citibank, Bank of America Corp. Wells Fargo Bank, or Washington Mutual and that bank forcibly reissued you a new debit card, let us know at tips@consumerist.com.

Previously:

• The Office Hax 'Guarantee'
  
• ATM Fraud Update
  
• Alert! Citibank Scandal Update: It's Not Just Citibank...
  
• Citibank's Statement on the ATM Crisis
  
• Citibank s ATM Crisis Merely Extends Money Don t Matter Campaign
  
• Massive Citibank Alert: UPDATE
  
• Massive Citibank Fraud Alert: UPDATE
  
• Massive Citibank Fraud Alert