Yesterday, I received a letter in the mail from my credit card company saying that they have been desperately trying to reach me and that I should call them about my account as soon as possible. This was curious; I can pretty much identify all the calls I’ve been avoiding and I don’t recall American Express being one of them. It occurred to me that the good thing about phishing scammers, I guess, is that they tend to avoid print. (Point in our favor!) But I do love those e-mails I get purportedly from PayPal or Bank of America, where the logo graphic is distorted, things are spelled wrong, including the name of the company (“An important mesage from Paypall”), and the reply-to address is something like [email protected]. Sometimes it seems like the scammers aren’t even trying anymore.
Still, I was suspicious about the AmEx letter, so I did some verification. Before I wasted five minutes calling them back, I thought I would waste twenty minutes examining their letter first. I made sure that everything in the letter was spelled correctly, I compared the logo on the letter to one on a past statement to make sure they were the same color and proportions, and I was satisfied that it was a legitimate letter. Sometimes I will do anything to avoid raking the yard.
I called them, still somewhat dubious, and the phone system was fairly labyrinthine and irritating. “Say or enter your card number...Say or enter your mother’s maiden name...Say or enter the number of quarts in a gallon...Say or enter the Gettysburg Address...Now press the pound sign for no earthly reason.” Then I accidentally coughed, the robovoice got indignant and said tersely, “I don’t understand what you said,” and made me start over. Yep, there was no mistake: it really was American Express’s phone system. (At least it was better than Verizon's, which is basically the Winchester Mystery House of phone systems.)
A human ultimately came on the line and told me that someone has stolen my identity. My initial response was, “My identity? I guarantee, give them five minutes and they’ll be begging me to take it back.” But, no, someone used my card to buy a $1,000 sewing machine from Singer.com and $1,600 worth of leather handbags from something called Coach.com, which I had never even heard of before. They also changed the address, phone number, and e-mail address on my account. These guys (or girls, perhaps, given what they bought, but then one never knows...) were good; the next time I move, I wonder if I can get them to change my magazine subscriptions.
Last year, another card number of mine was stolen, and someone had bought a few hundred bucks worth of beauty care products at Sephora.com, another company I had never heard of before.
Then it occurred to me: I wonder if this is a new type of marketing strategy. A company nicks someone’s credit card number, charges some stuff from their own store, knowing full well the credit card company will probably end up rejecting it anyway if the cardholder disputes it. But regardless, the cardholder ends up going to their Web site to find out what the heck Coach.com is (maybe they did buy something from them and forgot about it), and maybe sees something they like. Or ends up at Sephora.com to find out what they sell, and keeps it in mind when the significant other’s birthday rolls around. Hmmm...could this strategy be transpromo’s “evil twin”?
Farfetched? Yeah, probably. But then I’m the same person who for years thought that credit card companies also partnered with the companies that made paper shredders.
Still, in all seriousness, say what you will about credit card companies, but I am impressed with American Express's ability to spot and resolve identity theft problems. About five years ago, someone had stolen my AmEx number (you know, I've really come to like using cash) and charged (I swear I am not making this up) a couple hundred bucks' worth of anti-spyware. AmEx had caught that before I did, which was rather impressive, because it's the kind of thing I would be likely to buy (unlike leather handbags or a sewing machine). So I asked them, "How did you figure out it wasn't me?" And they responded, "We don't tell anyone so that the bad guys don't find out." That's a fair point.
Discussion
By LG on Oct 19, 2009
Enjoyed reading this. It's good to make people think...
By Bob Raus on Oct 20, 2009
This is a situation where electronic communications are far more effective, BUT as you will read – printed communications are more secure.
While you theory on companies stealing identities to generate business is pretty far fetched, I have to agree with being impressed with the credit card company’s ability to identify counterfeit charges –most of the time.
My question is why they would MAIL you the notice instead of calling you immediately to resolve the issue. Case in point, I opened a new charge account recently and then used the card while at On-Demand for a week in Chicago. Since the first charge on the account was at a place several states away, the card company put an immediate hold on the card – unknown to me. They mailed me a notice which I didn’t receive until I returned home, at which point I had used the card to make nearly 75 purchases (hotels, meals, taxis, gifts, etc.).
When I called them to resolve the issue, they told me that I’d need to rerun all the charges to date. Besides the fact that I wasn’t going to try and find the dozen or so taxi drivers I’d used on the trip, I told them that was impossible because I was no longer in that state! I asked why they hadn’t CALLED me immediately and they told me that these types of communications where only done in printed form because it was the most secure communications process.
So, as an industry we’ve got the recognition that printing and mailing communications is secure. An important and valuable point, even if there are many unhappy people in Chicago who have to resubmit my charges to Mastercard to get paid.
Discussion
Only verified members can comment.