Wednesday, September 28, 2016

A Cautionary Tale

Before I get to today's topic I wanted to say thank you to everyone for your lovely comments on my last post. A special thank you to Julie Dyson, who mentioned a poem called October's Bright Blue Weather. I looked the poem up and it was lovely. And Marie asked about our dogs. She was confused because she thought we only had one. We actually have two dogs, and they are sort of "his and her" pets. I'm the person who belongs to Fergus the Westie, and my husband is the person owned by Jenny the wiener dog. Fergus gets very jealous if I mention Jenny on my blog, so that could be why you hadn't heard about her before.

Now for the serious stuff. If you aren't interested in the details surrounding what happened with the breach of my online banking please feel free to scroll down, and there will be a few pictures that have nothing whatsoever to do with crime.

My online banking was broken into early in August. The bank caught the fraud while it was happening, immediately stopped online access to my accounts, and phoned me. This was all good. They also immediately deposited back the amount that had been stolen. That was also good. But this is where the good stopped and the bad started, at least in terms of the bank and their response.

In that initial phone call alerting me to the fraud I was told my account was accessed on the very first try of the password, and that meant I had to have malware on my computer. They told me I needed to take it in to a professional to have the computer completely wiped. Several phone calls with the fraud department later they reluctantly agreed that it would probably be okay if my son-in-law wiped it rather than someone at a big box store, but they weren't very happy about it. They wanted a receipt proving it had been done. And here's the scary part. I was told that if I didn't wipe my computer and the fraud happened again I would be on the hook for any funds stolen. Gulp.

I took my computer into Anton, and he had a very good look at it. His verdict was there was almost no chance it had malware. Also, he said the malware that would be required to do what the bank claimed had happened would have to be very sophisticated. Probably not the kind of thing you pick up downloading knitting and sewing patterns.

While he had my computer, and about two weeks after the original bank fraud, we got a phone call late one night from an RCMP officer in a nearby community. He had recovered a stolen car that day, and in it was a cell phone. And on the cell phone were pictures of my driver's licence, bank debit card, and my two charge cards. He said the person who stole the car was definitely the person who broke into my car that day back in July when I was at Teapot Hill. It was a drug addict, well known to the police, and it was the second car he had stolen in the past week.

When an addict breaks into your vehicle they are after one thing. Cash. They have two ways of getting that cash. One is taking whatever money you happened to have in your purse. The other is by selling the stuff they find when they break in. And one of the things they sell is your ID. They get a couple hundred dollars, and someone who knows how to use your ID hits the jackpot.

Yes, I had immediately cancelled my bank cards and my driver's licence. But unbeknownst to me, when the bank reissued my client card they gave me a card with the same number. It never occurred to me to check. It never occurred to me they would be stupid enough to do something like that, especially since I told them I needed it replaced because it had been stolen. And here's the thing. That client card number is the user name for signing into online banking at my bank. I might have noticed when I next logged into my account, but I wasn't logging in from my computer since I didn't have it. I had downloaded the banking app onto my phone and since it was new had to enter the number. I didn't have anything to compare it to.

So the thief had my user name for my account. They also had all kinds of information about me. They had my address, birth date, my husband's full name, all from what they stole that day at Teapot. And here's where it gets really icky. Anton told me that what they then do is Google you. And, of course, the first thing that would come up would be my blog. Which meant they also now had my email address. The bank theft was connected to the theft that day at Teapot!

In an attempt to keep this post from becoming book length, I'll shorten the next part and just say this. After multiple calls with the fraud department, and several visits in person to the bank, this is where things stand. It turns out that after reviewing the sequence of events (the bank keeps a record of every call, every time you log in, where you log in from, etc.), what I was told in that very first phone call was not even true. They had not got in on the first attempt. They actually tried to log in eight times, no doubt trying passwords they thought were obvious using information they got off my blog (I'm sure Fergus was one of the tries!). They did not succeed.

Then they phoned the bank. And this is where I get a little mad. Well, actually quite mad. They managed to impersonate me and get the email address to my account changed. Within a minute they then changed the password, and they were into my banking. Seriously. The bank apparently let them change my email address over the phone. Yet they had placed the blame squarely on me and my computer, saying it had to be malware. And told me if I couldn't prove I had dealt with it and my account got hacked again I would be held responsible. Just typing this out makes my blood boil.

I have asked for a written statement from the bank saying it was not my fault. What I would really like is a statement from them saying it was all their fault. They reissued a card with the same client card number. They let someone change my email over the phone, knowing that all one needs is an email address to change a password. They never sent a notification to my old email saying the email address had been changed. And this is from one of Canada's largest banks. Which is why there's no point in asking them to admit wrongdoing. It's a David and Goliath story, only this time I'm afraid there's no way of slaying the giant. I'll be happy just to have something in writing absolving me of any responsibility, so if my account gets broken into again I won't be out the money.

If sharing this story saves even one other person from going through what I have it will have been worth typing it all out. If you have ID or banking cards stolen, don't let your guard down just because you've cancelled them all. And don't expect that a bank will do even the basic steps necessary to protect you, in spite of the fact that they have billions of dollars and a whole team of security experts. I'll let you know if and when I get the letter from them stating that what happened with my account was not my fault. Now, on to more pleasant topics.




Here's Lucy heading off to her first day of preschool. She suddenly looks very grown up.




Here's sweet little Oliver, modelling the Gingersnap sweater I knit for him. Ravelry details can be found here.




And Ella with her Granny's Favourite sweater, which was a late birthday present. I can see why there are over 1200 of these little sweaters posted on Ravelry. It was fast and easy to knit, and looks very cute when worn. Ravelry details here.

I'm headed to Victoria this weekend for a knitting adventure. Details will be in my next post. I'll sign off for now with this picture of the light on a spider's web, taken today on Teapot Hill. Light, nature, crafting, friends and family. These are the things I want to focus on.



29 comments:

  1. Holy shit! That's awful but I can believe it. Business ethics are in scarce supply it appears. Screw up, cover your arse and lie your face off and blame the innocent party. It's absolutely atrocious!! You should contact Anne Drewa on go Public on global . Absolutely disgusting. I feel
    Bad for you- what a terrible experience. I'd be hopping mad. On a lighter note your grandchildren are adorable!! Knitting adventure on the Island ?!?! I'm intrigued/. Have fun!!!!

    ReplyDelete
  2. That's a terrible chain of events!
    I am So glad you shared it with us and so sorry that you had to go through this...hope your knitting adventure is fun.

    ReplyDelete
  3. Oh my goodness, what an awful, awful story. I am so sorry Kristie that you do not get the respect and apology you deserve from your bank. Had it not been for your own insistence to get to the bottom of the fraud, the bank would have quietly swept this under the rug. In fact, they were actively trying to put the blame on you! I hope you have changed your bank! Is there something like an Ombudsman in Canada? Or something like a consumer interest group (we have the Which magazine here) to whom to report your story? Thanks for sharing this all Kristie, I'll be much more vigilant from now on.

    I can't quite believe how much your three adorable grandchildren have grown since I last saw photos! They are very sweet. xx

    ReplyDelete
  4. Wow, I will certainly be more vigilant in the future thank you for sharing your terrible experience. You have beautiful grandchildren, hope the first day at pre school went well such a big adventure for Lucy. She suddenly looks all grown up, bless her.

    ReplyDelete
  5. The Ombudsman would be a great person to contact/report; it's very easy and they have the ability to track and regulate Banks that have issues like this.

    You can do it through their website and they are responsive! I know when the Banks receive an Ombudsman complaint they take it very very seriously. I know one time I had an issue and all I had to do was mention I was going to make a Ombudsman report and before I knew it they had a top level Manager on the phone to fix the issue!

    ReplyDelete
  6. I'm aghast at the response(s) of your bank, Kristie. I know it would probably be a pain, but I'd drop them like a hot potato for a bank that takes security more seriously *and* that doesn't blame the customer for something they must have known *they* screwed up on. What a bother, and I'm so sorry you had to go through that. On a happier note, I love the sweaters, and even the spider. Thank heavens for knitting (and grandchildren!), right? :)

    ReplyDelete
  7. All I can say is (so that I don't get all riled up, too) I'm glad you finally found out how it happened! I hope the bank admits their mistakes, not only for your own sake, but for every other customer's sake, too. Hmmmm, perhaps contacting the newspaper would change their mind if they don't assure you it will never happen again to you or anyone?

    ReplyDelete
  8. Thanks for sharing. I work for the fed. gvmt in the states who is actively trying to give away my personal info. My only hope is confusion. I rarely name names on my blog, and if I have to put in a birthdate, I use a pseudo one. In my opinion, it's just a matter of time before it happens. Your reminder to be vigilant is useful.
    Your sweaters are adorable.

    ReplyDelete
  9. Thank you for sharing all of this, it made me angry on your behalf. I'm afraid I would have needed to find someone to yell at.

    ReplyDelete
  10. Your story sounds very much like an experience my daughter had with a big, well known, Canadian bank. She was a student with very little money to start with. The way the bank treated her, like SHE was to blame for the whole fiasco, who horrible. It took several years to get her personal info. and financial credibility back on track again. I urge EVERYONE to only carry cards and ID that are absolutely essential to you that day.

    ReplyDelete
  11. Cautionary tale indeed. Thank you for sharing it - and grrrrrr - I am chuffed at your bank too.
    Sorry your teapot hill has a crummy memory.
    Love the pics of the kids and their knitted yummies!

    ReplyDelete
  12. That is outrageous, Kristie! How could they possibly give you an access card with the same number as the one you reported stolen? It makes you wonder if they even have a "security" department. Could this be something for Global News Consumer Matters?

    ReplyDelete
  13. It's so scary how easily someone can access your bank! However careful we are, we rely on our banks to protect us, appalling neglect on their part.

    Love the jumpers!

    ReplyDelete
  14. That is complete bs! They messed up and if you didn't keep digging who knows what else may have happened. As soon as you get that letter from them, you should consider changing banks. I could never trust them again. But I know changing banks isn't always the easiest depending on how much you have tied up with them. Going to the news like one of the other commenters suggested is a good idea. Let it be known on a l national level. Love the sweaters on your grand-kids!

    ReplyDelete
  15. That is so awful. Do you have other banking options? i would get my money out of there as fast as I could if I were you. Anyway, it sounds like a terrible experience and I hope you can get some kind of restitution or apology from them.

    ReplyDelete
  16. Oh Kristie, what a nightmare! Poor you. Is there a consumer rights tv or radio programme in Canada? There's a really good radio show in the UK that takes on 'cases' like this, gets publicity and sorts stuff out. But, as you say, it's important to now focus on the good things in life like your gorgeous grandchildren – lovely photos. Take care. Sam x

    ReplyDelete
  17. I don't know how you resisted mentioning the bank's name. They need all the bad publicity they can get! I seem to be a rare person who is very happy with her bank. Their security seems to be very good. They block payments if they look slightly suspicious and then telephone me. I have to go through lots of security questions but don't mind. The more security the better. If I was you, I wouldn't be happy staying with that bank.

    ReplyDelete
  18. I was hoping your luck would change this fall. Geesh. The fraud is bad enough but what your bank is doing is ridiculous. But following your lead...on a pleasant note all the little ones and their knits are awesome! And glad to see this experience hasn't kept you from Teapot Hill.

    ReplyDelete
  19. This is while I deal only with credit unions, which have dealt promptly and ethically when any problem I have ever had.

    ReplyDelete
  20. Oh my goodness, what a story. There must be a banking commission that you can alert that your bank did all of this incorrectly. There has to be someone you can talk to about the way this was handled. I know that that would no longer be my bank if that happened to me. I would be out of there in a split second. The Little's are growing up so fast, and they are as adorable as ever. Have fun on your knitting adventure.
    Meredith

    ReplyDelete
  21. This was very useful information. And those sweaters and kids are adorable!

    ReplyDelete
  22. How awful! I think I'd be looking for a new bank! I had my identity stolen a decade ago, but the person just opened a few accounts in my name. Thankfully it was caught quickly and it never involved my bank account. We never did learn how they got hold of my social security number. I hope this is the last of all the trouble you've been through!

    ReplyDelete
  23. Hi Kristie, I'm just catching up. I can't believe what you've been through. I'm so sorry. I don't have any advice. I mentioned previously that my children and husband had some information stolen from a government database related to my husband's work (he is a contractor with the US Dept of Energy), and it was sort of a hassle for us, but was mostly dealt with on the government's end so we didn't have a lot to do with it. I really can't imagine what you've had to deal with. I hope things are looking up soon. The grandchildren are getting so big and they look adorable and healthy. I can't believe Lucy is going to preschool already, time really flies!

    ReplyDelete
  24. I truly hope this is the VERY end of your terrible saga. I worry about this happening to me. I am vigilant and I am learning through you. sending you a BIG BIG BIG hug :)

    ReplyDelete
  25. I can't believe what you went through! It is so frustrating that all those experts in Silicon Valley and beyond haven't spent more time and effort on security! I am so sorry you had to deal with this!

    ReplyDelete
  26. I am not surprised at the bad attitude of Canadian banks at all.
    I also had a recent ATM card issue and the bank would also not send a letter acknowledging resolution.
    Quite different than when I had a credit card hacking issue. I realized it is because then the bank has to deal with the defrauded merchants. If there is an ATM issue it is just you the small potato customer who is complaining. Apparently we don't count for much!

    Maybe you do need to send a stern letter to both the customer service division of your bank and the banking ombudsman. I still haven't composed my letter but I think I should get to it soon.
    https://www.obsi.ca

    LisaRR

    ReplyDelete
  27. OH MY GOSH I am so very sorry this happened to you but goodness the bank are so at fault here. Why is it that we the 'little' people end up with all the stress. It is so unfair, I do not blame you that you feel angry with the bank. so sorry about all of this xxx

    ReplyDelete
  28. HO-LY SMOKES! People worry about the Chinese and Russians hacking into databases and stealing information, but all it takes is one drug addict to set a series of misery in motion. Since a stranger had access to all of your account information, it might be worth the hassle to open new accounts...at a different bank, that hopefully has better security protocols in place. I've started checking my account balances almost everyday--especially the retirement account. If that disappears...

    ReplyDelete
  29. How awful this has been for you. Thank you for sharing this cautionary tale it could happen to any of us! Sarah x

    ReplyDelete