dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2851
share rss forum feed

Zoder

join:2002-04-16
Miami, FL

[Rant] Chase Online Banking Security

What genius at Chase thought it would be a good idea to allow more than one user ID to be associated with the same account number at the same time? Did it ever occur to them that it's leaves a big loophole for fraud to take place in?

Despite the fact we have a very strong password and our account was not hacked, our money was stolen yesterday due to this stupid policy.

Someone setup another user account, added our checking account to the second user id then proceeded to transfer the money out. $1800 yesterday and an attempt to do another $1950 today. Chase didn't even bother to call me when they blocked the second attempt. I discovered it after logging in tonight to see if a check had cleared and the available balance was much lower than it should have been.

Now of course we aren't responsible for the fraud and will get the money back. But it's an inconvenience that was created by the bank's poor security policy and could have been easily avoided if said policy didn't exist.


Mospaw
My socks don't match.
Hawaiian Jellyfish
join:2001-01-08
Mile High
kudos:1
I don't have a problem with multiple IDs having access to an account. My wife and I have individual log ins for Chase, but both have full access to our joint checking account. Nice and convenient.

The thing that has me scratching my head is how a third party was given access (by Chase) to your account. In order to get access, you've got to prove ownership. My wife an I also have Chase credit cards and were unable to add the other person's CC to their login (at least online). So even though I know her CC account number and other particulars, I can't see her CC and vice versa.

Unless there's something I'm not seeing here, it sounds like Chase really screwed up by allowing someone else to get access to your account via their login. That doesn't necessarily point to an issue allowing two or more login IDs to access a single account.

BoulderHill1

join:2004-07-15
Montgomery, IL
Reviews:
·AT&T DSL Service
reply to Zoder
Wow that really sucks.

However I also don't quite understand this situation entirely.

Something is amiss here.

I too have some accounts with Chase. I have my own account and my daughters have accounts.

I can log in with online with my used ID and peruse not only my account but also my daugthers account. I can shift money between them and what not.

My daughters have each their own user ID and can also log in to these same accounts. So there are multiple user IDs that can log in to a single account. Never been a problem.

If I understand you correctly some unknown third party somehow gained access to your account using their own Chase User ID.

Even though you had a strong password this third party somehow gained access either by guessing the password or proving ownership by answering security questions correctly.

I don't think it is necessarily an issue with multiple user id access, but rather an unauthorized user gained access to your account.

In other words you got hacked.

You stated that you did not get hacked but yet what do you call it when someone illicitly gains access to your account and takes your money?

Zoder

join:2002-04-16
Miami, FL

2 edits
said by BoulderHill1:

If I understand you correctly some unknown third party somehow gained access to your account using their own Chase User ID.

Even though you had a strong password this third party somehow gained access either by guessing the password or proving ownership by answering security questions correctly.

I don't think it is necessarily an issue with multiple user id access, but rather an unauthorized user gained access to your account.

In other words you got hacked.

You stated that you did not get hacked but yet what do you call it when someone illicitly gains access to your account and takes your money?

That's what I originally thought last night from my conversations with the Indian reps. They told me a second User ID had been created and used. But after speaking to the US reps today, apparently it was an old ID from the WAMU days that was never deactivated properly. More details are in the post that's being held by the system. I've asked the mod to release it.

Mospaw said that post disappeared so I'll add the details here. A few months after the merger completed I tried logging in to online bank for the 1st time in several months. I got a message from the system saying that my WAMU ID expired because I hadn't logged in since the merger by a certain cutoff date and I would need to create a new ID. So I did and had been using it ever since. As far as I knew the old one was gone. Apparently it wasn't though as that's what the person used to login to the account

They actually never gained access to the user id I've been using for the past 4 years according to Chase. They got a Chase rep to change the email address associated with my WAMU ID and once they had that, they were able to get the verification code and reset the password to gain control of the old ID. It seems apparent that the person has my SS # but without getting the email changed they wouldn't have been able to enter a valid code # and access the account.

Going forward I've set it up so account changes regarding contact info can no longer be changed over the phone. Only by successfully logging into the account online or at the branch. Hopefully that will keep it from happening again.

BoulderHill1

join:2004-07-15
Montgomery, IL
Wow, see you just never know, do ya.

I never would have thought that.

I knew there had to be more to it somehow.

I hope Chase is taking care of you monetarily. I don't know about you but 1800 bucks from me would be devastating.


sivran
Seamonkey's back
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to Zoder
You should place a fraud alert with the credit reporting agencies, if you haven't already.
Expand your moderator at work

Zoder

join:2002-04-16
Miami, FL
reply to sivran

Re: [Rant] Chase Online Banking Security

said by sivran:

You should place a fraud alert with the credit reporting agencies, if you haven't already.

I did. Thanks.

Chase is reimbursing me, but it takes them up to 5 days. So it's going to end up costing them more money as they said they will also cover the fees my credit card company is going to hit me with as the payment that was due and scheduled yesterday is going to bounce.

I don't know why they don't just give it to us immediately. We've had an account for many many years with them. If they discovered there was no fraud they could take it back later. BOA did that when their ATM ate my check deposit. once They credited me while on the phone call while they conducted their search. If the search didn't find the check they would remove the money when it was complete. But hey if they want to spend extra money on this to reimburse me for the fees, they are more than welcome.

Zoder

join:2002-04-16
Miami, FL
So it seems Chase was an innocent victim in this too.

A spoke to a senior account specialist today and found out the following. When the person called and spoke to the rep on Sunday to get the email address changed they were given a high security test. This is where they look up info from your credit report and quiz you on several questions only you should know. Like which of the following vehicles have you ever owned, etc...

The person passed the test which is why the information was allowed to be changed. But that means the person has access to my credit report. Is there a way to find out from the 3 bureaus if anyone else ordered my report and what information was used to order the report? Email address, mailing address, etc...? That way I can give the information over to the police.


sivran
Seamonkey's back
Premium
join:2003-09-15
Irving, TX
kudos:1
They should be able to do that. Explore one of their websites to see. Calling them, as I recently found out, is an exercise in frustration as you end up in IVR hell with all three of them.
--
Think Outside the Fox.

Zoder

join:2002-04-16
Miami, FL
said by sivran:

They should be able to do that. Explore one of their websites to see. Calling them, as I recently found out, is an exercise in frustration as you end up in IVR hell with all three of them.

Yes it is. I'm hoping someone has a direct number to a live person.
Expand your moderator at work