A friend shared a rather disturbing story yesterday.
“Someone tried to steal all of my Chase points last weekend,” he said, his eyes wide. “I have over a million [points].”
Ben (not his real name) received an alert from Chase’s fraud detection department. When he called in, the agent asked Ben if he authorized a points-to-cash redemption of his Ultimate Rewards points, which would then be transferred to a bank account.
Ben, in fact, had not.
(If my math is correct, a million Ultimate Rewards points translates to $10,000 cashback. That’s a chunk of change.)
Apparently, an identity thief called Chase and provided correct answers for Ben’s:
- Credit card number
- Mother’s maiden name
- Security question answer (i.e. “What was the first school you attended?” or “What is your favorite sports team?”)
- PIN code
The Chase rep handling the request apparently sensed something was amiss — and sent Ben an alert asking him to call.
“Chase was so good about it,” Ben said. “They caught it, stopped it, and waited until I reached out to [them]” – unlike the time Rene’s account was overnight drained of almost 200,000 Ultimate Rewards points with no notice!
In the end, Ben still has his million points. And Chase has a life-long, happy customer. And because Ben holds the Chase Sapphire Reserve card, those million points are worth $15,000 when redeemed through the Chase travel site.
He doesn’t know who tried to steal his points.
What Can You Do Protect Something Like This?
Enough Internet searching can give identity thieves plenty of information about us — including our mother’s maiden names.
Whenever filling out an application, my late neighbor Chuck never gave his mother’s actual maiden name.
“What, are you kiddin’ me?!” he once said when we talked about credit cards and identity theft. “I’m not using that as a way to identify me! It’s so easy to hack!”
He wasn’t wrong.
Chuck instead used a common word he’d remember (like “planes” or “spaghetti” or something).
The same goes for other questions. (Do you really think a computerized application will correct you if you say your favorite food is “Frankenstein” or “Star Wars”?)
So it’s a good idea to randomize as much as possible your answers to security questions — and not repeat them across financial institutions. Ben’s security questions were the same with his Amex cards, personal bank account, and business bank account. He’s currently resetting all of them — and ensuring there’s no overlap.
What Do You Do to Avoid These Situations?
Do you have any tips or tricks to share? Tell us in the below Comments section!
- 5X on Lyft purchases through March 2022.
- 3X on the first combined $150,000 spent yearly on:
- Travel (flights, hotel, rideshare, parking, etc)
- Shipping purchases
- Internet, cable and phone services
- Advertising purchases made with social media sites and search engines
- Trip interruption and cancellation benefits
- No foreign transaction fees
- $95 annual fee
Featured image: ©iStock.com/romankosolapov
Responses are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.