Identity Theft

About a month ago, Angel & I both experienced an instance of Identity Theft. A combined total temporary loss of about $375. We got the full amounts back almost immediately, so the loss was a non-issue. However, I thought I'd share our experience with everyone.

The day started out as any other, I woke up and walked across the hall to work. However, shortly there after, Angel was asking me about a transaction that was posted on our joint account. Since the transaction was for $299, it immediately jumped out at us. It was a transfer thru Western Union. Neither of us have ever used Western Union nor had made a transaction in the recent past for that dollar amount. Therefore, we began to worry.

The first call was to BofA. Unfortunately, since the transaction had not cleared yet, there was nothing they could do for us. They recommended that we call Western Union. Angel calls to talk to Western Union and they claim there is nothing that they could do for us because the transaction had already been paid out. Also, this transaction, so they claimed, contained all of the information related to Angel's check card. This included, Name, Address, phone number, Debit Card #, expiration date, and security code (the one on the back of the card). With this information in hand, Angel calls BofA bank to have the card blocked and subsequently shreds the card. They inform us that it would take 7-10 days to receive the replacement. We would not get that until we returned from our honeymoon. Unfortunately, at this point, there was nothing more we could do about it until the posting of the transaction cleared. We wait 3 days.

In the meantime, I checked into my PNC account, though for reasons I can't recall, and discover 2 transactions with the European arm of eBay via PayPal. I logged into eBay and find no reason for these charges. These charges were in relation to sellers fees. You know, the type you get charged for posting an auction. I have never sold anything on eBay and don't have a sellers account in my eBay account. The final oddity to the story was that it was charged in Euros. It wouldn't make sense for my US based eBay account to be charged in Euros. Therefore, I call them and start to question the charges. They would not begin the investigation until I could mail them a statement from my account. This was unacceptable. My statement period had just begun and I wasn't waiting for a month to file a claim thru them. I threaten to resolve this thru Paypal and they don't even give up a fight. At this point I'm steamed.

I log into Paypal and start poking around. I find a link for disputing transactions. I give the forms all of the information they want and I feel unsatisfied. But, at least with this action, I know that the ball is rolling. To make a long story short, Paypal attempts to contact eBay three times and do not receive a response. Subsequently, they give me the money back. I don't know how my Paypal account became linked with a different eBay account. Also, I don't even remember what the linking process is like. I don't remember what information is required or anything. Aside the point, I change the passwords for both my eBay and Paypal accounts and did it again once I got my password manager. Now I am certain that noone will be steeling my passwords for any reasons. I can't even remember them.

Back to the Western Union story. So, we've waited the three days required for the transaction to completely clear the system and call BofA back. Once again, we go thru the process of explaining what happened, what we've done, and what we want them to do. They immediately start processing the claim. However, they did not present us with a temporary credit until they receive an Affidavit. They send that out to us immediately. Before we fly home to Pittsburgh, the letter is received, we both sign it (once again, joint account), and get it back to them. While we're in Pittsburgh, we receive notification that while they are investigating the transaction that the money has been replaced in our account. They investigation did not turn up any information that they were willing to disclose to us. However, the end result stayed the same (as it should have), we got our money back.

Between these two little issues, I decided that we would take further steps to securing our information. Introducing a password manager with password change policies. The post RTFM will explain the difficulties of my first few days with it. And the subsequent Password Quagmire will discuss my surprise at the number of passwords that I have to juggle within our favorite ether entertainment spot, which we like to call the Internet.

I know that this little password manager is not going to prevent any future issues like the one that occurred against our BofA account, but I'm pretty certain that they only way that my Paypal account could have been linked to another eBay account was thru hacking my password.