How to avoid unnecessary fraud freezes in the wake of Equifax breach

Banks are tightening account security; here's what you can do to keep your cards from being frozen

Fred O. Williams
Senior Reporter
Expert on consumer credit laws and regulations

alt text

Having a transaction blocked at a credit card swipe reader or ATM is a frustrating experience – and it’s more likely to happen following the data breach at Equifax and a spate of lesser intrusions.

At least some banks and credit card issuers are tightening their security measures for blocking potential fraud, leading to more frozen accounts when fraud is suspected.  New account openings and changes in accounts will get closer scrutiny as well.

“It definitely is going to make their job harder,” said Shirley Inscoe, former bank executive now senior analyst at industry consultant Aite Group. “I am hearing they are declining more transactions in 2017 than they have in the past because fraud losses are up.”

HOW TO AVOID
A MISTAKEN FRAUD FREEZE
With banks setting their anti-fraud measures on high, here are things you can do to keep your card from being frozen unnecessarily:
  • Enable two-way communication. Sign up for calls or text alerts on your mobile phone so banks and card issuers can confirm transactions. Some cards have automated text systems that will let you stop an account freeze via a text from the mobile phone number on record with the bank.
  • Notify issuers about travel plans in advance. Use of the card in unexpected locations could trigger red flags for fraud-watchers.
  • Set a spoken word password to use in phone calls with customer service for verification, to authorize transactions or account changes such as a new address.
HOW TO AVOID A MISTAKEN FRAUD FREEZE
With banks setting their anti-fraud measures on high, here are things you can do to keep your card from being frozen unnecessarily:
  • Enable two-way communication. Sign up for calls or text alerts on your mobile phone so banks and card issuers can confirm transactions. Some cards have automated text systems that will let you stop an account freeze via a text from the mobile phone number on record with the bank.
  • Notify issuers about travel plans in advance. Use of the card in unexpected locations could trigger red flags for fraud-watchers.
  • Set a spoken word password to use in phone calls with customer service for verification, to authorize transactions or account changes such as a new address.

Equifax announced Sept. 7 that hackers obtained Social Security numbers and other identifying details of 143 million U.S. consumers, plus about 209,000 credit card numbers. Since then the figure has been updated to 145.5 million, and there has been news of other hacks that collected credit and debit card numbers at Sonic drive-in restaurants and Whole Foods in-store dining locations.

“We’re working with the banks we supervise to make sure they take appropriate actions with their business processes,” Federal Reserve Chair Janet Yellen told reporters Sept. 20, “in light of the fact there could be fraudulent transactions,” as well as false account applications.

Bank industry sources said existing security measures are designed to combat use of the data that was exposed to hackers.

“This is not our first breach rodeo, by any stretch of the imagination,” said Doug Johnson, senior vice president for payments and cybersecurity at the American Bankers Association. Systems for monitoring transactions “are fairly mature and robust,” he said.

That said, “There may be institutions that are instituting additional security controls,” he added.

Time to review security protocols
The magnitude of the Equifax breach means companies will be reminding customer service workers internally of security protocols, while suggesting that customers carefully monitor their transactions to help spot fraud.

Though hackers would need more than addresses, birthdates and Social Security numbers alone to set up new, fraudulent accounts, they can use that ID information to try to get access to accounts with a “pretext” call claiming an emergency, he said. Banks and cards are likely reviewing procedures with workers for using extra verification techniques to screen out the fraudsters from legitimate emergencies, he said.

Banks aren’t keen to discuss the patterns of card use that point to fraud, but security experts say the broad outlines are well-known. Among the red flags are swipes in unusual stores or far-flung areas, multiple purchases of electronics or other things that are easily fenced, or online “card-not-present” purchases with a suspicious delivery address.

“This is the second time my bank froze my account because of ‘suspicious activity,’” Jillian Rhodes wrote on Twitter. “I’m a flight attendant. I’m in 5 different states in one day.”

Heightened security
Credit card issuers weren’t specific about their heightened anti-fraud measures, emphasizing that they already have security measures in place. In email responses to questions, major card issuers said they try to contact customers when a transaction looks suspicious.

“We have multilayered defenses with enhanced fraud monitoring in place,” Capital One Managing Vice President of U.S. Cards Sarah Strauss said in an email statement.  Suspicious transactions may result in contacting the customer for confirmation of the transaction.

Bank of America said while it monitors accounts for fraud around the clock, “We don’t talk about the measures we have in place for reasons of security.”

Anecdotes from consumers suggest that heightened security is already being felt.

“This morning I received a call from JP Morgan's Fraud Department,” wrote one applicant for a credit card on an internet message board for card users. “A very pleasant CSR [customer service representative] asked a few verification questions; she said they're being extra careful in the wake of the Equifax hack.”

Encounters with bank anti-fraud procedures are not always so pleasant

“I am tired of Citibank putting freezes on my account for ‘fraud alerts’ without contacting me,” Michelle @Elleon_Sound wrote on Twitter Sept. 22. “I only always find out when I go to make a purchase using my debit card or when a bill comes back as unable to be paid.”

Some users seem aware of behavior that is likely to trigger a freeze from experience..

“It’s that time of the night I order dumb **** off eBay and get my account frozen for suspicious activity,” Twitter user @PIACID_ wrote Sept. 17.

One Maryland resident had a Citi Double Cash card briefly suspended after entering the wrong PIN number at a convenience store ATM. The suspicious activity triggered an automated text message seeking confirmation – via return text – that the card use was legitimate.

A new (biometric) normal
Recognizing that identifiers such as Social Security numbers and addresses are becoming useless as a verification tool, banks are moving to adopt new security technology such as biometrics, Inscoe at Aite Group said.

Voice and fingerprint recognition, customers’ typing patterns and other physical characteristics have the advantage of not being vulnerable to data hacks that can collect huge troves of account numbers or Social Security numbers, she said. Technology solutions will take longer to implement, she added.

“Really there is no personally identifying information anymore,” Inscoe said. “Privacy is an illusion.”

See related7 reasons your credit card gets blockedQ&A: What to know, what to do about Equifax data breach


Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.




Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.


Updated: 11-20-2017