Featured Savings Rates
Featured Accounts

Fraudulent Bank/CU Transactions From Equifax Stolen Info?

caliguy1
caliguy1   |     |   5 posts since 2016

Hi,

Does anyone know if banks or CUs will allow transactions like wiring money to an outside bank account with just the information stolen from Equifax (SSN, birthdate, etc)? Or would they require more like going into a branch with a picture id or something else?

I'm worried that someone could try to steal the money in my accounts by using that stolen info and fraudulently pretending like they are me to call and wire money out of the account.

Thanks.



Answers
Kaight
Kaight   |     |   178 posts since 2011
Oftentimes financial institutions will telephone the number they have on record to confirm wire instructions. Last time I wanted to wire funds the CU insisted I visit a branch in person.

A hacker could alter your telephone number of record if he could gain access to your account online.  But to gain that access the hacker would need your username and password, items not in the stolen database.

My own credit report does not list any of my bank or CU accounts.  I think the larger danger is the hacker using stolen information to open NEW accounts in your name, especially credit card accounts.  
Bozo
Bozo   |     |   946 posts since 2011
I suspect Kaight's last sentence is the key. Given the hack, whether credit card companies do this at their peril is another question. Unsolicited offerings to open credit card accounts or lines of credit may (thankfully) be a thing of the past. I mean, seriously, we used to get several offerings a week from credit card companies. Maybe they will stop.
kiwi
kiwi   |     |   112 posts since 2013
You can easily opt out. Just contact the big 3 credit reporting agencies and don't forget the smaller Innovis.
kiwi
kiwi   |     |   112 posts since 2013
I just found out about chexsystems.com and lexisnexis.com. Choice point, choice trust, clue report and a medical database report. I wonder how many more are out there with our info. Maybe, ignorance is bliss until it bites me.
kiwi
kiwi   |     |   112 posts since 2013
I am putting a credit freeze on my credit reports (big 3 and Innovis). Your current account companies can still access you credit reports. If you sign on to Credit Karma for free, before you freeze your credit, then, they can access your credit information, give you credit reports, monitor your accounts and give your credit score. If you have already placed a freeze, it is easy to lift for a period of time or cancel it. With Credit Karma, the freeze must be completely cancelled first. It is easy to sign up and easy to lift the freeze and set up the freeze again. Your existing credit card companies have their own protection.
Over6T
Over6T   |     |   9 posts since 2012
I just did a number of CU wire transfers and found the security to be tight, but not a problem. In each case I did the transfer over the phone, giving the standard information, but then was asked a set of detailed security questions. I rather liked the rigor of the questions, it provided a sense of comfort to avoid identify theft. Also, before the full transfers took place each was tested with two small amounts (less than $1) sent to my receiving account. I then had to verify the amounts that were deposited in the receiving accounts, assuring that the transfers and personal data matched and were valid,
Your question prompted me to call Navy Federal CU and ask if they make an inquiry with any of the 3 credit reporting bureaus when doing a wire transfer to obtain additional personal information. The CSR said 'no"., they do not use Credit Bureau information to make a wire transfer.
Another level of security is that something called (SEC?) Regulation E protects consumers for electronic financial fraud form amounts over (I believe) $50. I would not place a lot of comfort in that regulations, since it's likely there is a huge amount of legal / paperwork associated with that regulation.
Bozo
Bozo   |     |   946 posts since 2011
Over6T, I noticed the enhanced security for telephonic transactions several years ago, with Vanguard, actually. My wife needed a few bucks from her Vanguard account, called them up, and was advised the transfer would be authorized only on a call-back from Vanguard to our "registered" phone number. They called within a matter of minutes, and that was that. It's nice to see financial institutions implementing multiple layers of security.
hank
hank   |     |   44 posts since 2016
I have a different experience than kaight. I have been able to wire money from Navy cu just by calling. I did the same at valor CU. I think I also did at Northwest CU. So it is a real concern , caliguy1. I have a concern about it. One option might be to call your institutions and put a verbal password on your account
Bozo
Bozo   |     |   946 posts since 2011
Hank, Alliant CU has a multiple verification system for telephonic transfers. I suspect most other banks and credit unions have as well. The drill goes like this: "hello, Mr. Bozo. Just so we can verify your identity, please provide us with your on-line login Then, your password." If you don't have an on-line account, they go through all the drills that (theoretically) would elicit information not compromised in the hack. For example, the name of your first roommate in college, your pet's name, etc.

I've done several telephonic transfers internally at Alliant CU (from savings to checking), and it was never a problem. Maybe, with the recent hack, they'll tighten it up. I would have no problem with that. The hackers might know my mother's maiden name, but I doubt they know my favorite vacation spot. Alliant does.
Kaight
Kaight   |     |   178 posts since 2011
Hi, Bozo. I'm not writing here to disagree with your post. I actually agree with the thrust of your thinking. Please be understanding of that.

However, I did read that some financial institutions actually share with the credit reporting agencies the questions and answers used to challenge customers when they log on or call in. No such information has ever appeared on my credit reports when I requested those reports, BTW. However:

I have zero trust in these companies, neither in the credit reporting operators nor in the financial institutions themselves. Many banks and credit unions are surely honorable and respectful of their customers. But too many today I fear are scarcely more than money-grubbing scum, willing and anxious to package and distribute our personal information, including challenge questions and answers, without our permission or knowledge, solely to enhance their own balance sheets. And our politicians are all too willing to turn a blind eye to such despicable and invasive activity.
Bozo
Bozo   |     |   946 posts since 2011
Kaight, inasmuch as my wife was a victim of identity theft not that long ago, we are particularly sensitive to this issue. As to the hacking of security questions, I should think the "Vanguard" approach makes the most sense. If you want to withdraw or transfer money, we'll call you on your registered phone number just to verify. Now, while that would be a bit clunky, it wouldn't bother me in the slightest. "Hello, this is Alliant CU. We just received a request to transfer $5000 from savings to an external account on-line. If this is acceptable, press "1". If you need to speak with a representative, press "2".

Is that terribly complicated?
Ricochet
Ricochet   |     |   329 posts since 2010
https://www.youtube.com/watch?v=Dg_YueZ4fi8

substitute name  Bozo
kiwi
kiwi   |     |   112 posts since 2013
Many people have given out enough security answers information on Facebook, including their date of birth (birthday and when they graduated from high school or college). Some people help open the door for crooks. They may have more "friends" than they think.
kiwi
kiwi   |     |   112 posts since 2013
Yes, because they can get your information by changing your password and user name. Try it for user name first and then using that info change the password. It is scary easy with most of the accounts. Telephone security is bad too. I have one bank where you just need the last 4 of SSN and caller ID. Caller ID can be spoofed. Also, Consumers Credit Union is the only one that appears on my credit report. They must have done a hard pull. I am moving my money because the bad people would know where to look. Check your credit report for that info too. Even big regular walk in banks are not safe. Just write a check and your handyman or utility company have your account # and signature. He/she can order checks or do ACH transfer and there goes your money. They have a copy of your signature and could forge it. Doctors offices get your SSN, date of birth, home address, telephone numbers, emergency contacts (who might be your mother and they could easily find out her maiden name, spouse, date of marriage and spouses maiden name, public records are accesable to build a profile on you, etc) and more. They have dishonest employees too. Facebook is a huge source of information exposure. You might have posted your dog's name, children's names or nicknames, where you like to vacation or lived as a child, favorite food or color, kind of car, your birthday (and it doesn't take much to figure out the year birth because you posted when and where you graduated from high school or collage, change your birth day and when you graduated), etc. You have been more exposed than you think for years.
kiwi
kiwi   |     |   112 posts since 2013
Picture ID isn't secure either. They showed a picture ID to 2 employees to pick up a stolen package. See my post: Credit Card Fraud Through Amazon Or Ebay Or PayPal and Discover Card Response