No credit card required
Browse credit cards from a variety of issuers to see if there's a better card for you.
I found out, purely by accident, last week that my DFS account had been hacked and someone had ordered something from Microsoft for almost $3000. I discovered this theft! Dell did not! I have been told by phone that the purchase was reported to the three credit bureaus ( my FICO credit score has since dropped 11 points) and that nothing can be done to correct the problem with the credit bureaus for up to 60 days. I was given a case number last week and when I checked online today, Tuesday, the case number seems to be non-existent. A second phone call to the Fraud Phone Number revealed that there will be no information regarding my case until an investigator has been assigned, sometime in the the next 30-45 days. In the meantime, this almost $3000 order is being shipped to someone who just stole $3000. and nothing is being done about it. (I understand that I will not be held responsible for paying this charge, but right now someone has just walked off with a $3000. door prize. ) How did the hacker get my password? It is a password that I ONLY use for this DFS account. No other accounts from other entities have been broached in any way Why and how, only Dell?
I'm not familiar with DFS accounts but, since it's captive financing it's not a priority target in most cases for a hacker to hijack an account. Since you reported it then it should be covered under their fraud policy w/ little to no liability on your part for the purchase.
When is the last time you used the account?
Do you have other accounts that haven't been used in awhile? Did you check those as well?
I used the account 2 weeks ago when paying down the account balance to 0. (Zero). Two weeks later, my previous password (a password that is exculsive to the DFS account) didn't work, I had to reset password and when I finally got through their new login "portal", I found that almost $3000 had been charged to my zero balance account.
I do understand that I am not responsible for the charges and will not have to pay, but how can Dell be so inefficient? Inconvenience is way to mild a word for the difficulties it creates.
@Anonymous wrote:I do understand that I am not responsible for the charges and will not have to pay, but how can Dell be so inefficient? Inconvenience is way to mild a word for the difficulties it creates.
They're a computer company not a bank.... they lend on their balance sheet. Banks are much more uptight about this sort of thing and they should be since they're dealing with currency and not PC's. Depending on what was ordered could just simply be invalidated and prevent them from activating whatever they "purchased".
If you're not going to be using an account like this then I would simply close it out and go with a CC that has well known and better protections and response times. I spotted a potential issue with Chase a couple of weeks ago, sent them a SM, got a replacement card less than a week later.
Every financial instrument has pitfalls in how things are handled but, is fraud worth it for a 6-12 month 0% period?
@Anonymous wrote:I found out, purely by accident, last week that my DFS account had been hacked and someone had ordered something from Microsoft for almost $3000. I discovered this theft! Dell did not! I have been told by phone that the purchase was reported to the three credit bureaus ( my FICO credit score has since dropped 11 points) and that nothing can be done to correct the problem with the credit bureaus for up to 60 days. I was given a case number last week and when I checked online today, Tuesday, the case number seems to be non-existent. A second phone call to the Fraud Phone Number revealed that there will be no information regarding my case until an investigator has been assigned, sometime in the the next 30-45 days. In the meantime, this almost $3000 order is being shipped to someone who just stole $3000. and nothing is being done about it. (I understand that I will not be held responsible for paying this charge, but right now someone has just walked off with a $3000. door prize. ) How did the hacker get my password? It is a password that I ONLY use for this DFS account. No other accounts from other entities have been broached in any way Why and how, only Dell?
A common thought I hear a lot is that a strong password = strong security. This is not the case. There is also a common thought that if someone hacked into your account, it's because they cracked your password. This is also very, very often not the case.
Much more common is to take the easy path in. Find a vulnerability on the server and root it. Don't need anybody's password then. If they're decent, they won't leave a crashed daemon from a noop sled or other traces that amateur admins will find with little effort. Or they'll use XSS or read cookies with PW info in them or any of a number of other poor web practices used by pretty much everyone. Or they'll just socially engineer they way in by having a modicum of basic background information about you and are able to sound semi-convincingly that they're you and are supposed to be there. You'd be amazed how many reps will back off from a hunch because they don't want to deal with confrontation or piss off what they fear might be an over-entitled customer.
Anyone who thinks the big hacks in the world took Mission Impossible type gear and skills doesn't know crap about cybersecurity. The stuff we come to rely on was written by humans who think like humans, make rookie mistakes like humans, or don't think about how something could be so misused to bite them later (like the goons who though SUBs were a good idea, that won't be exploited).
At some point, we can't say it's gross incompetence because it seems to happen to even the best of companies.
As for the rest, I'm not sure exactly what you want them to do about it right now. You have a case open, they'll review it, assess damage done, and move on. You're already comfortable that you won't be liable for the charge, so you already have pretty much the best possible outcome here, unless you're hoping they'll deploy a special ops team to the bad guy's house to take the $3000 worth of stuff back and haul him off to hacker jail. Not for $3,000 they won't; they've already baked losses like that into the cost of doing business. Depending on where it was sold to, there may even be absolutely nothing illegal about what they did, and thus no action can be taken against them.
Thanks for the replies. What I want from Dell is to NOT take 30-60 days to appoint an investigator so that they can correct my credit reports.They either have such poor security that they inivite fraud or they don't care enough about their customers to hire sufficient personnel to deal with what apparently are an overabudance of security breeches.
Dell is an awful awful company to deal with when something goes wrong. I have avoided getting started with them on my laptop I bought in December that runs ridiculously high temps (as in 99C thermal throttle point temps) because I know how they are. What you should do is take the letter from them that they are investigating, contact the CRAs and submit that documentation so they can mark the account as in dispute and remove it from FICO scoring calculations. That will give Dell time to get their act together and protect your credit in the process.
Best of luck, I don't envy you having to deal with Dell.
Thanks. They did not mention any kind of letter that I can use with the credit bureaus I'll look into that.