This post may contain affiliate links, meaning at no additional cost to you I may earn a small commission when you click a product or company link. As an Amazon Associate I earn from qualifying purchases.
I thought my brand-new credit card account had been compromised!
Wow, you guys, the feeling when you think someone else has gotten into your financial stuff is terrifying–I felt so violated and helpless. Fortunately, in this case, it turned out to be a mistake on the bank’s part, but I now have a much better understanding of how it feels to be a victim of credit card theft.
It started when I signed up for a new credit card account for their new account promo. I was planning to make a big purchase and wanted the gift card to offset the cost. Several days later, I received a letter in the mail saying the address on my account had been changed.
“That’s odd,” I thought, since it was a brand-new account. But since the address it had been “changed” to was our current address, I thought it must just be a quirk of the way the bank handled new accounts.
Fast forward to today. I was balancing our accounts and wanted to create an online account to make payments and check balances. Before I got to create a password, the account creation process wanted me to do a two-factor authentication thing with a code at the phone number on my account…
Only I didn’t recognize the last four digits on the phone number they wanted to send it to!
I called customer service to figure out how to get a code to access my account… As they’re verifying my information, they want my address. I give them our current address, and guess what?
They say it’s the wrong address! OK, so I’m a little confused. I received the card at the correct address, so what is going on? I think that maybe information from an old account that my husband had with the same bank got mixed up with my account, so I give them our last address.
Nope, not that one either.
OK, how about email address? Funny, that’s wrong, too.
By now I’m feeling all sense of control slip away. Someone has hacked my brand-new account. How am I ever going to prove it’s mine?
Well, fortunately I apparently know enough about myself that they believe it’s me, and I’m able to change the email address to get the code I need to log in. (Incidentally, email is not really the best choice for two-factor authentication, but we’ll let it slide since it’s what finally got me into my account.)
As I’m talking to the customer service rep, the truth comes out.
“This information is coming from a Health Savings Account you had with us.”
Wait. WHAT? Guys. I have not had that HSA for at least 5 years.
Someone, somewhere in the bank’s software development department (I guess?) decided it was a good idea to compare brand-new address, phone number, and email information that I GAVE THEM to information from over 5 years ago and say, “OK, this old information is good enough. Let’s make this the primary information on the account.”
So that phone number I didn’t recognize? My old work number. The address on the account? A house I haven’t lived at for over 5 years.
For real. Give me a heart attack over broken software.