@Credit12Fico wrote:
@ocheosa wrote:
@Credit12Fico wrote:
@ocheosa wrote:
@Anonymous wrote:
@Anonymous wrote:
If it's an old number, normally nothing to worry about. Since you got a declined purchase text, however, I would call BoA just to make sure that card isn't still active in their system. You shouldn't be getting notifications for a card that has been shut off.
It's an active card but not the current card number. Since it was changed by the issuer automatically 3 years ago (presumably) due to a compromise, it should always decline if used, but should it have sent me an alert? Maybe to let me know an attempt was made. I'll probably give them a call in a day or two, no rush. Unless it happens again....or I see an attempt on my current number.
It wasn't a phishing attempt, there's no contact info in the text, plus it came from the same texting # that alerts I get when I legitimately use my card comes from.
@Anonymous I would take this seriously, take a screenshot of the message, call and report asap.
My partner uses BOA for both business and personal accounts. It is the only bank out of quite a few that he consistently has fraud charges. I had originally thought it was the convenience store or gas station, even a possible local hacker, then there were charges on a new replacement card that he had not even received yet !
I have continually asked him to close accounts with BOA and move to another bank (preferably a CU) but he's a somewhat lazy banking client. He's been with them for decades, his businesses have a long history with BOA so he doesn't want to start over. Complains it takes time to build up the internal limits/private relationship with a bank to which I agree wholeheartedly. My argument, it's an inside job! How the he** else can they get a hold of a card you haven't even received yet ?!? Unfortunately he doesn't listen to me, would rather play refund/replace musical cards. <rolls eyes...hard>
GL OP!
This is actually more innocent (or just poor implementation) than you think. Visa and Mastercard have a card number updating service that is "activated" with certain billers. What this means is that billing to old card numbers, gets automatically "corrected" to a charge on the new account number. It doesn't mean anybody other than the owner has the new account number. It just means VISA has detected the account number change, and for convenience, they have billed the charge from the old account number, to the new account number automatically. It's a convenience feature. That's why you typically see the fraudulent charge appear immediately on the new card before it's even received in the mail. Because the thief is still on their "shopping spree" that triggered the initial card shutdown and Visa is routing certain charges on the old card number, to the new card number.
It's one of the areas where there is a disconnect between Visa/MC and Banks. When a card gets shutdown and re-issued for fraud, Visa has no way to distinguish between new charges made to the old account number by your partner, and those of the thief. They rely on the issuing banks own algorithms which look for irregular purchases to decline since only the Banks have the customer spending habits. So Visa just passes everything through. It's not an easy problem to solve because it's touted as a "convenience" thing, and many people do find it convenient when recurring bills don't have to be updated manually when card is lost/stolen, but are done in the backend with Visa/MC. Additionally, it's one of those things were they may decide that the cost to solve the problem, are more than the losses when the cards are used fraudulently. After all, we still don't have EMV chip and Pin in the US, like they do in europe, because the Banks aren't losing enough money yet to be worth the cost of updating everything.
I'm not going to say more than what I've already said but no, it was not innocent preauthorized transactions. There is a stark difference in procedure between replacing an expired card and cancelling a card due to fraud/lost/stolen. I think most know and understand how that works. What transpired in the case(s) I referenced was much different and was obvious to both bank management as well as my guy. Whether or not they ever identified the source, I have no idea.
I'm not sure what the tension is here. It's what Visa and the banks do. You are not considering that your vision of how this should work, and what actually happens are two different things. It's not a coincidence that when you cancel your old card, the charges show up immediately on the new card.....The thief is still on his "spree" that caused the closure of the first account and when the bank updates your account information with Visa, and the merchant being used by the thief subcribes to Visa's service, that can be a reason why charges are showing up on the new account. Visa even advertises it:
Visa card issuers submit electronic files with updates to Visa when a cardholder’s
account information changes. Such updates could result from a product upgrade, a
portfolio conversion between Visa issuers or from MasterCard, American Express, or
Discover to Visa, card expiration, loss or theft, account closure or other changes. The
updates must be sent within two business days of a permanent change’s becoming
active in their authorization system. However, issuers are strongly encouraged to
send these updates daily to ensure that account-on-file merchants have the latest
authorization data.
Yes, it's stupid and defeats the purpose, but that's just how it is because it doesn't cost the American banks enough to do anything about it. Remember, for a lost/stolen card, it can no longer be used in person, which cuts off a lot of what a thief might be able to do in person. They also typically won't have your address so any merchant using address verification service will block online transactions without an address. These two stumbling blocks prevent most of the abuse with a stolen card, and that's good enough for the banks....The extra fraud that slips through the cracks isn't enough for them to spend more money to fix. Not all companies even subscribe to Visa's auto-update service which means thiefs will get declined at some Merchants and they will "discard" the card number and move on to someone else's.
I have no idea what you are talking about, what tension? Do you have a stake in this bank ? My advice was to the OP and had absolutely nothing to do with you or the points you are making. My gripe is with and will always be with BOA security which I thought was made clear in my first post on the matter. For the record, the card is not the issue, the problem is with the bank. Moving on -
OP, I apologize for veering off topic and sincerely hope all remains well for your accounts going forward. Enjoy the day!
[9/25] Scores 8/9: 7-800s. Util: ≤ 1%. AoOA: 18.2y, AoYA: 10m. New Acct: 1/12, 1/24. Inq/12: EQ 0, EX 0, TU 0.
TCL $703.5K: Personal $572.5K, Business $131K.
. 