Credit Cards

My Friend Almost Lost More Than One MILLION Chase Ultimate Rewards Points

Google+ Pinterest LinkedIn Tumblr
Rene’s Points For Better Travel, a division of Chatterbox Entertainment, Inc. has partnered with CardRatings for our coverage of credit card products. Rene’s Points For Better Travel and CardRatings may receive a commission from card issuers. Opinions, reviews, analyses & recommendations are the author’s alone, and have not been reviewed, endorsed or approved by any of these entities. As an Amazon Associate I earn from qualifying purchases.


A friend shared a rather disturbing story yesterday.

“Someone tried to steal all of my Chase points last weekend,” he said, his eyes wide. “I have over a million [points].”

Ben (not his real name) received an alert from Chase’s fraud detection department. When he called in, the agent asked Ben if he authorized a points-to-cash redemption of his Ultimate Rewards points, which would then be transferred to a bank account.

Ben, in fact, had not.

(If my math is correct, a million Ultimate Rewards points translates to $10,000 cashback. That’s a chunk of change.)

Apparently, an identity thief called Chase and provided correct answers for Ben’s:

  • Credit card number
  • Mother’s maiden name
  • Security question answer (i.e. “What was the first school you attended?” or “What is your favorite sports team?”)
  • PIN code

The Chase rep handling the request apparently sensed something was amiss — and sent Ben an alert asking him to call.

“Chase was so good about it,” Ben said. “They caught it, stopped it, and waited until I reached out to [them]” – unlike the time Rene’s account was overnight drained of almost 200,000 Ultimate Rewards points with no notice!

In the end, Ben still has his million points. And Chase has a life-long, happy customer. And because Ben holds the Chase Sapphire Reserve card, those million points are worth $15,000 when redeemed through the Chase travel site.

He doesn’t know who tried to steal his points.

Privacy, security and identity in internet. Cyber security concept.
(©iStock.com/Arkadiusz Warguła)

What Can You Do Protect Something Like This?

Enough Internet searching can give identity thieves plenty of information about us — including our mother’s maiden names.

Whenever filling out an application, my late neighbor Chuck never gave his mother’s actual maiden name.

**RELATED: A Cautionary Tale About Privacy When Traveling – and What You Can Do to Protect Yourself**

“What, are you kiddin’ me?!” he once said when we talked about credit cards and identity theft. “I’m not using that as a way to identify me! It’s so easy to hack!”

He wasn’t wrong.

Chuck instead used a common word he’d remember (like “planes” or “spaghetti” or something).

The same goes for other questions. (Do you really think a computerized application will correct you if you say your favorite food is “Frankenstein” or “Star Wars”?)

So it’s a good idea to randomize as much as possible your answers to security questions — and not repeat them across financial institutions. Ben’s security questions were the same with his Amex cards, personal bank account, and business bank account. He’s currently resetting all of them — and ensuring there’s no overlap.

What Do You Do to Avoid These Situations?

Do you have any tips or tricks to share? Tell us in the below Comments section!
–Chris

 

Chase Ink Business Preferred Credit Card

The Chase Ink Business Preferred card

Read why we think the Chase Ink Business Preferred is a great option for small business owners.

  • 5X on Lyft purchases through March 2022.
  • 3X on the first combined $150,000 spent yearly on:
    • Travel (flights, hotel, rideshare, parking, etc)
    • Shipping purchases
    • Internet, cable and phone services
    • Advertising purchases made with social media sites and search engines
  • Trip interruption and cancellation benefits
  • No foreign transaction fees
  • $95 annual fee

Learn how to apply for the Chase Ink Business Preferred Credit Card. Or read a third-party comparison of the Chase Ink Preferred vs Chase Ink Cash

 

Featured image: ©iStock.com/romankosolapov

Rene’s Points For Better Travel, a division of Chatterbox Entertainment, Inc. has partnered with CardRatings for our coverage of credit card products. Rene’s Points For Better Travel and CardRatings may receive a commission from card issuers. Opinions, reviews, analyses & recommendations are the author’s alone, and have not been reviewed, endorsed or approved by any of these entities. As an Amazon Associate I earn from qualifying purchases.


Responses are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.

8 Comments

  1. 2 step authentication is a must. Many companies even perform 2 step authentication when you call. Call your financial institutions and ask if they can perform 2 step authentication when you call and if they can flag your account to require it everytime you call.

  2. I always end my security questions and maiden name with a pin. Smith1234 for example.

  3. The same thing happened to me this past December. It was not caught by Chase. I actually received an email notifying me that my points were converted to cash and headed to an unknown bank account. The fraudster knew the same mm everyone information. If I hadn’t received the email and called immediately I would have had a harder time getting my points reinstated. My biggest disappointment was Chase did not catch it.

  4. I also make up nonsense answers to the security questions. But to ensure I don’t forget what they are I enter them in the Notes area of my password management software.

  5. Yes, making up nonsense answers and using password management software are great, but there is another issue. The trouble is that unlike passwords, the answers to these security questions typically are visible to employees and often are not even encrypted. People on the inside can sell your security answers to accomplices and should there be a data breach your security question answers usually are visible. Chase has the technology to apply other much better identification methods and they should. Security questions really provide a false sense of security and often are worse than nothing at all.

  6. I find it concerning that all Chase credit card statements online or on paper thru the mail print the full complete credit card number. All other banks x out all but the last 4 digits of the cc number.

  7. Use your points. Having a million UR isn’t a great plan. What’s your friend doing with those points? In addition to being stolen, they can loose value. They aren’t money in the bank. They don’t earn interest. Friends don’t let friends hoard points.

Write A Comment

BoardingArea