PenFed credit card woes

[SecondCor521]

Do you seen an effect on your credit rating?

I have four cards: two of which I routinely carry, a third with a credit limit I'll never qualify for again, and a fourth that used to be shared with my daughter before she was old enough to get her own.

Spouse has one credit card, and her credit score routinely comes in 20-30 points higher than mine.

I'm planning to get rid of the fourth card and I may even get rid of the third card. I figure a primary and a back up is "good enough". Anything beyond that may just be inviting trouble.

I have 27 credit cards and my CreditKarma score is hovering around 780. From looking at their data, that is more due to the young average age of accounts rather than the large number of accounts.

My then-wife's score was always higher than mine as well, which I thought was strange since I was the breadwinner and she was a SAHM. Whatever.

I do plan to get rid of several of the smaller lines that are no longer useful.

2Cor521

 

[braumeister]

Do you seen an effect on your credit rating?

Not at all.
I had an opportunity last year to check my score for free, and it was 808. Can't complain about that.

 

[target2019]

Short answer is:
32 years in Data Processing / Management Information Systems / Information Technology

So most places is the places you've worked?

 

[Rustward]

I worked for vendors for 20 years and had contact with more places than the average IT worker.

 

[harley]

I don't agree with the statement that "Anywhere else you could go has the same vulnerabilities." So I asked what that was based on. I don't doubt that you read daily security briefings, and all types of things were happening. I know that, since I read similar each day. I don't believe that all companies are this lax. I do know that many are, but exactly how many? In the past my wife's data has been lost a few times. Each time it was a healthcare company, and it was peculiar that the story was the same each time. An employee had a laptop, and lost it.

This penfed event is different. The letter says my personal information was improperly accessed. Notice the "was".

So the question, in this penfed topic, is whether the company has suffcient ISS layers of protection. My read on the incident is that penfed would not get high ratings on the security scale.

I'm not sure what the ISS layers of protection you mention is. But I'll stand by my statement that PenFed is no different than almost any other private company or gov't agency, as far as security is concerned. The only way to protect against a breach like they had is to do things like encrypt all data on all machines, and use single use authentication in order to access it. Also, no out-of-network access through laptops or remote computers that are not under the direct control of the corporate security organization. And while you can find these requirements in nearly every corporate or gov't security procedure list, they almost never actually get implemented. Too expensive, too complicated, and most of all, too inconvenient. It interferes with the making money aspect of business, which is job #1.

Sadly, the PenFed network was exploited by a bad guy, resulting in the need to do all the account changing, credit freezing and monitoring, and all the rest. My guess is that 99 out of 100 times a system gets compromised, nothing really bad comes of it. But that is not the result of better security, it's the result of luck. Even in the PenFed case, there have been no reports of misuse of the information. They are just reacting to the potential worst case.

I'm not trying to convice you to stick with Penfed. I'm not involved with them at all. But if you go somewhere else, be aware that most likely all the same opportunities for bad things to happen will exist there too.

 

[KM]

What do you base your statement on?

I pretty much agree with Rustward. I have been in IT for 25 years and still counting. I think his point is every company, no matter how hard they try, is likely going to have holes. Some may be worse than others. Finding the good ones is tough. I got my PenFed CC 1 month before this happen, so I am not real happy either - but I had something similar happen with another CC a few years back, so I know it happens. If it happens again within a year or two, I would probably close my account down, though.

True story - a couple years ago we sold business to a new customer. Part of the agreement was we would allow a security company to come in and audit all of our systems to ensure they were secure. They found some holes, which we ended up fixing. We were completely unaware they were there and they probably never would have never been exploited (we're talking extreme hacking here) - but they were there and needed to be fixed. A few months later, our customer made headlines for having significant security issues in the applications that their customers used...

Bottom line is anyone who doesn't check their accounts on a regular basis is putting way too much faith in the companies they do business with. I check all my accounts at least weekly. Takes less than 5 minutes while watching TV in the evening.

 

[Nords]

Not at all.
I had an opportunity last year to check my score for free, and it was 808. Can't complain about that.

I have 27 credit cards and my CreditKarma score is hovering around 780. From looking at their data, that is more due to the young average age of accounts rather than the large number of accounts.

Thanks, good to know. Looks like the sweet spot between 5 and 27 is fairly large. Maybe I'll just keep 'em all.

But 27-- yikes. "Confessions of a former stoozer?"

 

[SecondCor521]

But 27-- yikes. "Confessions of a former stoozer?"

Yup.

2Cor521

 

[Nords]

Yup.

Ah, the good ol' days.

I wonder if there'll ever be another gold rush like that.

 

[harley]

Thanks, good to know. Looks like the sweet spot between 5 and 27 is fairly large. Maybe I'll just keep 'em all.

DW has about 15, 5 of which are standard Visa, MC, and Discovers. The rest are store cards. Her score is over 800 too. It's the old percentage used of available credit, plus the fact that most of them are pretty old. I think only new cards negatively effect your score.

 

[Nova]

Been out of pocket for the holidays and just read the latest about the reissue of cc from pf. My experience is related, but a little different and almost unbelievable. I always schedule payment of my cc well in advance of its due date. I did the same before leaving for the holidays. While I was away, I checked with the bank (not pf acct) to be sure that all payments had occurred. Hmmm...too much money there.

I logged on to pf to see what happened...no payment processed. I called pf to report the error and gave them their confirmation number for reference. Initially, they told me to check with the bank to see why it didn't transfer the funds. I explained that it was pf who failed to take the money and gave them their confirmation number again. They pulled up my account and said the bulk of my charges on the pf cc were transferred to my "new" cc# (all I could see online was the old cc #, its statement, and the amount of my scheduled payment, nothing about a new cc # or any transfers from the old cc #). Placed on hold.

When they came back, I was told that my "scheduled" full balance payment didn't match the amount on either cc #, so pf didn't execute the scheduled transfer at all. That caused an interest charge on the unpaid balance and possibly a non-payment fee. BTW, it was only when a senior manager was consulted that they came back to take down the confirmation number...more waiting on hold.

They wound up giving me a credit for the interest charge and promised to credit any late payment charges. They processed my "scheduled" payment while I waited on the phone. They "took" the payment in two different transactions, one to pay off a tiny amount owing on the old cc, and the rest to be applied to the new cc. The credit (payment) will be reflected on the new cc # when they generate the FIRST statement for it.

In the meantime, charges made to the old cc# will continue to be reflected on a separate statement from the new cc#. I asked, won't those charges (already made before I found out about the problem) automatically be switched over to the new cc. Nope, they will cause another statement for the old cc#. So I will have statements for both the old and new ccs for Jan. I put the pf cc away until I get all of this straightened out.

I have not seen any charges that weren't mine, but I cannot pull up the new cc # charges online...only the old cc # charges. Gees!

Did pf offer a free ID fraud subscription? Have yet to be offered that freebie.

Sorry for the rant, but this really steamed me...never had anything like this happen before. I have only had a pf cc for a little over a year. Love the bennies and don't mind the delay in charges posting, but this was something else!

 

[REWahoo]

B
Did pf offer a free ID fraud subscription? Have yet to be offered that freebie.

I got a letter from Penfed last week explaining why I would be getting a new card and including info on how to sign up for a free two year ID fraud service.

My new card has yet to arrive even though it showed up online about two weeks ago. Transactions to both my old and new cards are visible online - although since I don't have it yet, the only transactions on the new card are what transferred from the old number.

Like you, I stopped using the old card, awaiting the new one. Unlike you, my payment in full at the end of December was credited to the old card and, after a couple of days confusion, everything appears to be correct.

 

[Nords]

My new card has yet to arrive even though it showed up online about two weeks ago. Transactions to both my old and new cards are visible online - although since I don't have it yet, the only transactions on the new card are what transferred from the old number.

Well, at least when someone else starts using your new card, you'll be able to see it happen online...

 

[REWahoo]

Well, at least when someone else starts using your new card, you'll be able to see it happen online...

Yep, just like the other two times...

 

[RunningBum]

I haven't received my new card yet either. It was ordered on the 26th. I'm checking it daily to see if new activity pops up. Meanwhile, I'm having to switch my autopay stuff to a different card.

 

[friar1610]

Just activated free 2-yr subscription to kroll's service for id protection. Now my personal information is safely stored at another company.

Does anyone have any experience with this service or, more generally, services of this type? Is it worth signing up? I assume that at the end of the free 2 years they will try to snag you as a paying customer. (Hopefully it won't be one of those deals where the responsibility is on you to opt out of continuing it.)

Back to PenFed cc's: I got one of the basic ones a while back for no other reason than foreign transaction charges are not added when they are used in foreign countries. We travel overseas from time to time and, more frequently, go across the border to Quebec. But I haven't had an opportunity to use it since I got it.

Back to the original reason for this post: I'd really appreciate any feedback on the value of Kroll or other such services.

Thanks.

 

[KM]

Does anyone have any experience with this service or, more generally, services of this type? Is it worth signing up? I assume that at the end of the free 2 years they will try to snag you as a paying customer. (Hopefully it won't be one of those deals where the responsibility is on you to opt out of continuing it.)

Back to PenFed cc's: I got one of the basic ones a while back for no other reason than foreign transaction charges are not added when they are used in foreign countries. We travel overseas from time to time and, more frequently, go across the border to Quebec. But I haven't had an opportunity to use it since I got it.

Back to the original reason for this post: I'd really appreciate any feedback on the value of Kroll or other such services.

Thanks.

Never dealt with Kroll - but we just have signed up and didnt have to give a CC# or anything, so it is not an "opt out in 2 years or we start charging you" scheme.

We exprienced something similar about 5+- years ago when DH's company had some data stolen. I believe we were offered service through Equifax. We signed up, used it for 2 years, and then our access expired. We did get an email or two telling us it was going to expire and what to do if we wanted to continue it - but that was pretty much it. No hard sell or "opt out" situation.

 

[powerplay]

Yup.

2Cor521

Holy cow, you're one of the FW App-o-rama guys. I remember reading through some of those threads and thinking no way did I want to try it, too easy to mess up on something and have it backfire. Kudos to you for making it work! The good ole days although not really that long ago.

 

[beowulf]

My experience is with credit cards, not work. Counting the PFCU experience, it made the 3rd separate credit card breaches I have had in 2010 with 3 different accounts - two credit union and one bank. Resulted in 3 new cards and numbers. There is no question in my mind that the crooks are getting better and that the card companies and banks are not keeping up.

We were in an expensive restaurant in a middle eastern country and I received a call on my cell phone from the CU (not PFCU) when the waiter ran the charge asking me if it was valid and made by me. I thanked her and assured her it was. That's what I call good security. But I doubt they can do it every time. This was even after a number of small foreign transactions - and I had notified the CU that I would be in those countries.

Getting new numbers is a minor hassle, but sure beats having to fight wrongful charges.

 

[Gearhead Jim]

FWIW, I also got the Penfed letter about issuing new cards and the credit monitoring service. Since we haven't had any trouble, and the PF breach seems to only affect PF cards, I declined the service.

Last week I called to ask when my new card would arrive. The lady said they were being sent out in batches; mine was in the final batch, supposed to be mailed out today.

On a related matter, one of our adult daughters had her wallet stolen two years ago in Chicago. Credit cards were used within minutes to ring up several thousand dollars in local stores, which she did not have to pay. Nothing after that, until November 2010 when two Chase banks in Peoria (she lives in Chicago) allowed someone to withdraw $2,500 each from her account. Allegedly, the crook used an Illinois DL for identification. We don't know whether the Peoria banks didn't really look at the DL picture, or the thief looked like our daughter, or a fake DL had been created. Chase was amazingly inefficient and inept about getting her acounts straightened out. When she reported the identity theft to Chicago PD, the Sgt said that something fishy was happening at Chase, the number of fraudlent transactions and identity theft cases related to Chase, was all out of proportion to Chase's percentage of the retail banking market.

 

[M Paquette]

Details on the PenFed incident are dribbling out:

https://threatpost.com/en_us/blogs/infected-pc-compromises-pentagon-credit-union-011211

The credit union used by members of the U.S. armed forces and their families has admitted that a laptop infected with malware was used to access a database containing the personal and financial information of customers. The Pentagon Federal Credit Union (PenFed) issued a statement to the New Hampshire Attorney General that said data, including the names, addresses, Social Security Numbers and PenFed banking and credit card account information of its members were accessed by the infected PC.

 

[Gearhead Jim]

Ref post #95, received my new card today 1-13-2011.

 

[Tadpole]

I cannot figure it out. PenFed has not notified me of a problem with my card or issued a new one. I login at least once a week, usually more, and there is no warning on the web site. If I didn't visit ER, I wouldn't even know something had happened.

 

[Rustward]

I cannot figure it out. PenFed has not notified me of a problem with my card or issued a new one. I login at least once a week, usually more, and there is no warning on the web site. If I didn't visit ER, I wouldn't even know something had happened.

It is possible your account was not affected.

 

[Nova]

RE Post #86 Talked with PF today and I got a different, more logical story. All charges to my old cc# are being charged immediately to my new cc#. Yes, they did fail to make the scheduled Dec payment (oops, excuse us...of course there will be no interest charges or late payment penalties), and my new cards were supposed to have been mailed Dec 31 (not received yet). The PF rep said to continue using the old card until the new one arrives. Think I'll just wait on the new card before charging anything else.