Welcome to ECCIE - Sign up today!

chefnerd · 11-20-2014, 06:47 PM

I just got a call from the fraud department at B of A. It appears that someone got a lot of info regarding one of my credit cards including the PIN which is required to get a cash advance at a bank. HELL, I don't even know the PIN to this account nor have I EVER gotten a cash advance on a credit card. Consequently, having spent years in the IT world, it seems to me that there is a very real possibility that a lot of people could be at financial risk. If you are a B of A customer of any type I would recommend monitoring your account(s) closely.

Unique_Carpenter · 11-20-2014, 07:50 PM

That's a classic phone call wherein some store someplace that you used your credit card has had their credit card billing records hacked. It's not Bank of America, it's store X that got hacked, card #s stolen, the card #s sold, then used, and the "out of pattern" purchases on the card # in BoA's card systems flagged it.

You do have to applaud the bank fraud departments, as they are on the front line in a cyber-war with criminal hackers.

Did they say they were going to send a new card? Get one with the new chip. All mine have that now.

Again, it is a war waged by software geeks on both sides, and I know some geeks that build preventive stuff. They are among the very few whose bar tabs I will cover.

Irish Cream · 11-21-2014, 07:11 AM

Yeah, this sounds like a store's system was hacked and #s stolen. That's happened to me before and I have BoA also and they called me about suspicious activity and shut the card # down and reissued another #. Like Unique Carpenter mentioned, their fraud dept is on top of things..

chefnerd · 11-21-2014, 12:05 PM

I would normally agree that is would be a store breach except that two of the transactions required a PIN input. I never use a c/c in that manner and to my knowledge the only place the PIN info for this card resides is in B of A's system. New card is on way, and yes they do an outstanding job of monitoring. Earlier this year they notified me of suspicious activity due to a lot of gas purchases (this is a gas rebate card btw). However at that time I was in Vegas on my way back from SOCAL and over a three week period had driven about 4k miles. Tend to use a lot of gas with that much driving.

Unique_Carpenter · 11-21-2014, 01:34 PM

Just a comment on pins:
For a 4 digit pin, there's only a thousand variations, and a decent hack program can run through them rather quickly. Sometimes only a minute or two. Perhaps less. Even if the card # is obtained elsewhere. This is an example of how long some of these software hack wars last. Again, the banks are at war on this stuff.
Note my earlier comment of no pins and isolating accounts from other accounts.

NewNameSameLife · 02-10-2015, 07:07 AM

Quote:

Originally Posted by Unique_Carpenter

Just a comment on pins:
For a 4 digit pin, there's only a thousand variations, and a decent hack program can run through them rather quickly. Sometimes only a minute or two. Perhaps less. Even if the card # is obtained elsewhere. This is an example of how long some of these software hack wars last. Again, the banks are at war on this stuff.
Note my earlier comment of no pins and isolating accounts from other accounts.

There are 10,000 variations, not 1,000, and just about every bank in the world is going to shut off the card once you start trying multiple PIN numbers.

In all likelihood, based on the OP's information, this would be a BoA issue, however I doubt it, because there has been no breach notification by them, if a single card was compromised, likely all BoA cards would be.

The likelihood of it being a store / merchant breach are VERY VERY small, IF the PIN was actually compromised. Merchants NEVER get your PIN number, they can't see or store it in the clear. The PIN is encrypted at the device you type it into, and is only decrypted at the bank when the transaction is authorized. In very rare cases retailers will store the encrypted version of the PIN, but that has become very very rare with the changes in compliance regulations.

Most likely your card number was compromised at a retailer, BoA's fraud department caught an attempted charge, and froze your card, and when they notified you, they went through the standard speech of were issuing a new card and you need to change your PIN just in case. The number of retailers that have been breached for card data is actually pretty large since the Target hack in late 2013 (Target, Home Depot, Jimmy Johns, Sally Beauty, Dairy Queen, Albertsons / Jewel Osco, Orange Julius, Goodwill, Harbor Freight, KMart, MAPCO gas stations, Michaels / Aaron Bros, Neiman Marcus, PF Changs, Park and Fly, Numerous other airport parking vendor, Schnucks, Spec's, Supervalue Grocery, The Taste Buds, UPS Stores, White Lodging hotel management, and about 1,000 unnamed mom and pop retailers - and this is not a comprehensive list.)

If you dont know the PIN and the PIN truly WAS compromised, then it was something internal to BoA, but not large enough of an issue to warrant a breach notification on the scale that you would expect. More likely would be someone at BoA grabbing card numbers and PIN's here and there and trying to make out with some money, but even that seems slim. I just have a hard time believing the PIN was actually compromised (I believe you, just not them.)