Michelle Singletary welcomes comments and column ideas. Reach her in care of The Washington Post, 1150 15th St. N.W., Washington, DC 20071; or singletarym@washpost.com.
I was in church recently taking notes on the sermon with my smartphone when the first alert popped up.
The notification claimed I had just spent $50 at Stamps.com. I had not. I immediately turned to my husband and whispered, “Did you just buy something online?”
He was taking notes as well, and no, he hadn’t.
A few seconds later, there was another pop up signaling that an additional $50 had been spent at the same online retailer. I acted as fast as I could to freeze my credit card through my credit union’s mobile app. But I wasn’t quick enough. The criminals managed to slip in two more $50 charges.
Immediately after the church service, I called my credit card company to report the fraudulent activity. The customer representative said it was a good thing I froze my card as soon as I did, because it prevented other charges that the fraudsters attempted to make. They were denied.
Here’s where I made a mistake. I had placed an alert on my card to notify me when a charge was more than $25. And it worked. I was alerted to the fraud in real time.
My intention was to catch large unauthorized charges. Plus, I didn’t want to get bombarded with alerts every time I made relatively small purchases on my credit or debit card. But I didn’t count on rapid-fire fraudulent activity.
Following the breach of my card, I went online to review my credit card account to look for any other unauthorized charges. I found a $7.40 charge at a restaurant in New York. It came through the day before the Stamp.com charges. I check my accounts regularly, but not every day. And the alert system didn’t work because the charge was under $25.
“You should set your security alerts on your bank and credit card accounts as low as they’ll allow,” says Jeni Rogers, author of “200+ Ways to Protect Your Privacy.” “What a lot of fraudsters do is try small charges — sometimes no more than a few cents — with the stolen credit card data first. They do this to validate the card works before going on to make bigger purchases, and the amount is often so low that it will not trigger account alerts or even be noticeable in your day-to-day balance on your account. They can do a lot of financial damage really quickly if they know that charges on that stolen card are working.”
Lesson learned.
I reset my alerts to a penny for any single transaction on as many of my accounts as I can. For those that have a higher minimum for an alert, I’ll have to make it a point to regularly check the accounts, going line-by-line and questioning every single charge or debit no matter how small.
Under the Fair Credit Billing Act, federal law limits your responsibility for unauthorized credit card charges to $50. Most credit card companies go even further and offer zero liability in the case of fraud on your personal card.
Under the FCBA, if you report that your credit card has been lost before it’s used, you are not responsible for charges you didn’t authorize. Similarly, if your credit card number is stolen, but not the card, you are not liable for fraudulent charges. However, you need to act fast to ensure you aren’t held liable. You have 60 days to report the unauthorized charges after receiving your billing statement.
I contacted my lender the same day of the bogus charges and filed an official complaint. Within a few days, the charges were removed from my account. I was issued a new card, and I immediately placed alerts on that card.
I’ve now set up my accounts to get push notifications of any activity that is made online, over the phone or through mail order.
Yes, the frequent notification pings can be annoying. But you’re better off safe than sorry. To catch a thief, you have to be vigilant.