PenFed credit card woes

[braumeister]

It's just routine for me to download the monthly statement from every place I have an account. I print it as a pdf and save them to folders on my desktop computer, with backups made to a cd every year.

I, too, have had numerous fraudulent charges on my PenFed Visa card. Probably 10 or 12 in the last 5 or 6 years.
The PenFed fraud squad catches them, calls me at home to check on them, then re-issues me a new card with a new number. It's a hassle, but not a huge one.

The most amazing one happened two years ago. Someone used my card number to buy a first-class airline ticket from Phoenix to Little Rock, then went back a few hours later and somehow (who knows?) managed to get the airline to refund the tickets in cash. Really hard to believe, but that's what the fraud squad person told me.

Incidentally, I also do the print to pdf routine on my brokerage statements as well. It's a great system, and I would never go back to paper statements, as that's just asking for one more potential problem. Mailbox thefts are more common than you would think.

 

[dex]

It's just routine for me to download the monthly statement from every place I have an account. I print it as a pdf and save them to folders on my desktop computer, with backups made to a cd every year.

I'd suggest you save them in google mail instead of the computer or CD.

 

[jebmke]

Even though we're opting for paper statements at PenFed, each card transaction is still available online for review prior to the statement closing date. So switching to paper statements will have no impact on our ability to watch for fraudulent charges.

Like you, I check activity online at least once a week and noticed the bogus charge a couple of days after it took place.

Makes sense now that I think of it. I keep reverting in my mind to business practices from my working days. Businesses don't pay off statements so they are rarely used for anything but reconciliation. Even auditors won't look at statements except to make sure sub-accounts are reconciled.

I forgot that most individuals do pay off statements. I keep an electronic copy of the statement on hard disk.

 

[harley]

I'd suggest you save them in google mail instead of the computer or CD.

But then you're right back in the situation of counting on someone else's systems and processes. I know Google has great systems, but if at some time they decide you aren't who you say you are your stuff is gone. I have no problem with online storage, but I think you should have a local backup. If nothing else, you can still look things up even when your internet access is down.

 

[REWahoo]

PenFed responded:

Thank you for contacting Pentagon Federal Credit Union.

I have requesting that the 2010 statements from the closed card be mailed to you
at no cost. Unfortunately, there is not any way to make them available online.

If you need further assistance, please contact us.

Sincerely,

Xxx Xxxxxx
Pentagon Federal Credit Union

Success...at least it appears that way.

 

[Rich_by_the_Bay]

PenFed responded:..
Success...at least it appears that way.

Yes, but never should have even gotten to that level. Glad they finally did the right thing. Banks are not easy.

 

[Alan]

PenFed responded:

Success...at least it appears that way.

Well done. It shouldn't have been so difficult, but your persistence has paid off.

 

[jebmke]

But then you're right back in the situation of counting on someone else's systems and processes. I know Google has great systems, but if at some time they decide you aren't who you say you are your stuff is gone. I have no problem with online storage, but I think you should have a local backup. If nothing else, you can still look things up even when your internet access is down.

I save everything local and my system does a nightly backup to Mozy.

 

[militaryman]

I have had about one fraud issue every two years no matter what credit card I am using and they are caught by the fraud departments and "handled" without issue -- I figure it as part of the price of doing business using a CC . I t has never negatively effected me long term or caused much frustration.

As for PenFed I have had nothing bad to report and really enjoy the $40-$50 dollar cash rebates that are credited to my account each month.

 

[W2R]

REWahoo, this PenFed Visa card sounds like more trouble than it's worth.

Despite their efforts to placate you, you may still want to consider cancelling. Even though you are retired, I'm sure there are other ways you'd rather spend your time.

 

[harley]

Just out of curiosity because of this thread, I signed on to a Discovercard account that was closed due to a possible data breach a year ago. I can still get into the account and look at my old statements. I did have to call them and reactivate my access, but it was no big deal. Sounds like PenFed needs to update their practices.

 

[Dave J]

I think this problem(fraud) could have happened on any card.

I've used PenFed credit card for several years with zero problems.

Glad to hear they are sending the paper copies free, as it should be.

When I got the notice of paperless statements, I did whatever it said to keep them coming on paper for free.

 

[REWahoo]

When I got the notice of paperless statements, I did whatever it said to keep them coming on paper for free.

I believe PenFed charges for paper credit union statements (non CC) unless you opt for online. They still provide paper CC statements via mail at no charge.

BTW, I received a second email from PenFed, this in response to my reply when asked why I had reverted to paper CC statements:

If an account of yours was closed due to fraud or compromise, and the statements are no longer available online, we would be happy to provide them to you free of charge. Please indicate exactly what statements you need and we will deliver them to your place of residence. I would recommend that you return to e-statements however, if you are able to access them. The are more timely, because you don't have to wait for the statement to arrive in the mail. A paper statement, while a valuable record, can take longer to arrive and may not have as up to date information as you will find online.

If you need further assistance, please contact us.


Sincerely,

Xxxxxx Xxxxxxxx

Pentagon Federal Credit Union

Looks like they need to improve their internal communication....

 

[Dave J]

I believe PenFed charges for paper credit union statements (non CC) unless you opt for online. They still provide paper CC statements via mail at no charge.

.

This thread was started credit card specific, and that was what I was referring to.
When I got the notice 2-3 months ago about the credit card statement, I opted out of paperless and stayed with paper.

 

[free4now]

I give up on trying to store my own records. I just put my faith in the online records. The odds of me needing an unavailable record seem pretty low, and the impact to me relatively low if the record is unavailable.

 

[Dawg52]

Looks like they need to improve their internal communication....

Probably. I had a thread on this sometime ago, but a couple of years ago I decided to apply for a PF cc due to all the positive post about the company on here. When I applied, they decided they needed 3 years of tax returns and other info before they could come to a decision. I told them to forget it. Two weeks later when I logged on to take a look at the rest of my account, there was a message that I was automatically approved for various loans and a credit card. And the cc line was for 3 times for the amount I had originally applied for.

Oh well, I doubt if they are the only one's to have problems like these.

 

[smjsl]

I have had about one fraud issue every two years no matter what credit card I am using and they are caught by the fraud departments and "handled" without issue -- I figure it as part of the price of doing business using a CC . I t has never negatively effected me long term or caused much frustration.

Weird... I have never ever had fraud issues on any of my credit cards... I don't use many but normally have had 2-3-4 at any one time activated.

I am sure some of it is just luck, but maybe it's also because of some usage patterns? (E.g. I never use them on websites I have not researched or on flea markets, etc... not saying that you do, just my guesses as to the example usages that might compromise the cards)

 

[Sarah in SC]

Well there you go, REWahoo--I got my call this morning from PenFed. A 9 cent charge for a charitable contribution logged at 7:30am that flagged the fraud department.

New cards on the way and I'll be calling them to talk about my prior statements. I guess I'm glad they caught the transaction. But of course, all cards in our possession, etc.
Makes me wonder how the card number was obtained?

 

[REWahoo]

Makes me wonder how the card number was obtained?

Here's my best guess:

... I did see information on the PenFed website recently (gone now) about a 'security breach' by a third party processor.

 

[Sarah in SC]

Nice. Well, you figure no one is immune. I am glad that they tripped the fraud alarm. PITA to wait for new cards and deal with the prior statement business.
Fortunately, I seem to only buy things for the boat and concert tickets with my credit card, so not much to track.

 

[Rustward]

...
Makes me wonder how the card number was obtained?

Every time you use a card (edit to add: and it generally does not matter who the merchant is) the information travels through several networks and into and out of several computers and is stored in several different places. The network traffic is supposed to be encrypted (google "PCI"), as is most data at rest. While the information is being processed in computers it may be "in the clear", or unencrypted. Trusted individuals have access to the card information in these computers, and can collect it sell it later. Despite audits and stringent change management in data centers, theft is still possible.

Just because you can't actually see the bits and bytes in a computer, that doesn't mean that a skilled person cannot capture that information. A formal application of this is called digital forensics, although df is used in more of an investigative role.

A lot of this theft occurs in data centers where the thief has access to a lot of data.

Systems programmers are required to be able to look at only the contents of a failed computer system (more likely only a subsystem) and determine why the system failed. These are called storage dumps, and in the olden days were literally reams of paper with seemingly endless strings of hexadecimal digits representing four times as many binary digits (zeros and ones). All the zeros and ones represent computer instructions, control blocks, and data. Believe it or not it is usually possible to reach a valid conclusion with enough work -- at least very few of them beat me. I have solved probably hundreds of CICS dumps (google if you wish) , many in credit card authorization systems. All the data is in there, names, addresses, ssn's, card numbers, expiration dates, everything they have on you. But nobody is gleaning card information from storage dumps. This was an illustration that just because your data is in a computer it doesn't mean that a human can't capture and interpret it.

 

[Rustward]

Well, you figure no one is immune.

This could not be more true.

 

[Sarah in SC]

Thank you for the explanation, Rustward. I guess it is human nature to worry that I did something to expose my, er, data, to the criminals.

 

[Alan]

Thank you for the explanation, Rustward. I guess it is human nature to worry that I did something to expose my, er, data, to the criminals.

Most of us expose our data when we hand over our card in restaurants for payment although that has stopped now in the UK for the past few years, and when in Canada recently we found 2 or 3 restaurants who were doing something similar - bringing a handheld device to the table so you swipe the card and authorize the payment without the card leaving your possession.

 

[Brat]

Odds are that the small charge was a thief testing the validity of the card, s/he didn't want a rejection when it was presented for a significant charge as it would call attention to the transaction.

Here is my cc story: the Friday before my daughter's wedding she charged her reception for about 100 & wedding party accommodations at the the Sainte Claire in San Jose, a couple items at Nordstrom, then had her car washed. She no sooner returned from the car wash than the fraud folks from the cc called to ask if she had charged anything at Montgomery Ward (oh did they have her shopping profile nailed!). Ah, "No", she said. They immediately turned off the account and arranged for her to pick up a new card at a bank on the following day. They needed the card for the honeymoon and daughter is a very good customer.

Everyone concluded that an employee of the car wash was the culprit.