11-02-2009 10:13 AM - edited 11-02-2009 10:44 AM
So reference this link for info on the Heartland data breach- http://www.nytimes.com/2009/01/21/technology/21bre
I have a Macy’s visa/normal account with a solid credit limit and have had the account for over 4 years. I always pay online, have never missed a payment, run an average of $100-$200 in small retail charges monthly, and almost always PIF. I had not reported anything wrong with the account in regards to illegal charges or the card getting stolen/compromised ever during the account history. That last bit of information is necessary to the rest of my story. I went to use the card Saturday, the 31st, and the merchant said their card machine gave them a code they had never seen before, "pick up card". I was pretty alarmed. So I talked my way out of them actually taking the card and finished with the merchant. I went home and jumped online to check the accounts. They both were marked as "closed". I picked up the phone and tried to call the backdoor Macy's number. They are closed on the weekends so that got me nowhere. I then called the rewards number that is on the back of the card. After about 10 minutes I talked to a live body, this one from a foreign country. They spent some time listening to my situation and researching whatever they could see. What I was told at that time was that the card was reported lost or stolen on Oct. 30th. They rep could not tell me if it was specifically reported “lost” or “stolen”. They could not tell me how (phone, online, in store) the lost or stolen information was reported. They could not trace the specific rep that took the lost or stolen report. They only thing they really could tell me was that the old accounts had been closed and a new card/accounts had been issued on the 30th. They could also tell me that the new card was going to the address they had for me on file and that no new address had been attached to the account.
By the end of the 20-minute conversation I was pretty steamed. So I wanted more information about what had occurred. The rep told me they were going to transfer me to another department who could give me more information. I was put on hold and after 15 minutes a message came back on the line that the department I was trying to reach was closed. It had XYZ operation times, which happened to be M-F, and I needed to call back then. The system then hung up on me. So now I am really concerned that someone has compromised this account and ordered a new card somehow and is trying some way to intercept it. I have to wait till today and give them a call to find out exactly what is going on. So after a 30-minute call to the backdoor number and talking to three different reps I get the following information.
If I am not specific in the comments they I don’t know anything more specific then what I am listing. I also can’t talk to the accuracy of the information, I am only reporting what they told me.
1. There was “some kind” of attempted “activity” on my card on the 30th. This “activity” was not something I actually did.
2. Whatever this “activity” was caused some type of security flag to go up.
3. Someone from the “fraud” department checked the "activity".
4. Whatever this person saw in the “activity” caused them to mark my account as stolen/lost and thusly close the account.
5. This person then issued new account numbers and had a new card sent out to my address on file.
6. Macy’s at no time tried to contact me on the phone or email about this situation on the 30th.
7. Macy’s has been doing this type of monitoring/closing/lost/stolen scenario on thier visa accounts sense “late last year”.
8. Macys' has been doing this type of monitoring/closing/lost/stolen scenario sense “late last year” of because of a “data breach from Heartland Payment Systems”.
9. That Macy’s knew my visa card number specifically as being part of the numbers “reported as part of the data breach”.
10. That Macy’s didn't immediately close the account when they were provided with my account number from the Hearland data breach, but instead put some kind of monitoring system in place to watch my card activity and act on that activity if necessary.
So after my long-winded post here what can be concluded from the vague information I got. These conclusions are if I take the information I was provided with as accurate.
1. That some Macy's visa cards where in the data that was compromised from Heartland “data breach”.
2. That Macy's is aware of that fact (#1) and has been sense late last year.
3. That Macy’s has been monitoring the visa cards from the “data breach” sense late last year.
4. That Macy’s is closing cards that were from the “data breach” if they become aware of certain kind of account activity.
5. After way more then a year after this “data breach” happened it is still affecting consumers.
While I appreciate the fact Macy’s is watching out for my account and trying to stop fraud from happening on my account. I also, find it disturbing that they just didn't close my account straight out when they found it was part of the data breach. Or they didn't even attempt to inform me in any way about my account being part of that data breach. Or that Macy's didn't call me at all on the 30th when they decided to close the account to let me know what was going on. Or that they didn't call me on the 30th to verify if whatever activity they saw on my account was from me or not. Or that they didn't call me on the 31st to see if it was actually me trying to use, what was at that point was my closed account. They have been good to me with very regular GLI and it nice to have the available credit on my credit report, but now I am really questioning some of their other business practices in regards to thier credit cards.
Two final things, I was told that my past credit history with them will get transferred over to the new account numbers on my credit reports. I’ve had issues with other companies doing that correctly. So, I’ll update this thread once I get my new card and let you know if that credit report transfer of information actually happens and if it happens correctly. I also need to make a payment today as it’s my due date and the only way that can happen is I have to go into an actual store and have them look up the account by my last name/ss#. Because for me to do it online I would have to have the new card physically in my possession to activate the new card/account number before being able to pay online. Ehhhh….
myFICO is the consumer division of FICO. Since its introduction 20 years ago, the FICO® Score has become a global standard for measuring credit risk in the banking, mortgage, credit card, auto and retail industries. 90 of the top 100 largest U.S. financial institutions use the FICO Score to make consumer credit decisions.>> About myFICO