Yesterday morning, I received a call from an 800-number that was only identified on my Caller ID as “Toll-Free.” I didn’t pick up, but Googled the number and found pages of reports, many of which suggested that the number, presumably for Chase Fraud Detection, was a scam. Others claimed it was for real. Not very reassuring.
An hour later, I received another call from the same number. Knowing my husband had made two atypical ATM withdrawals in the past 24 hours, this time I picked up. It was an automated system that knew my husband’s name. It asked me to verify my identity by entering my zip code. I hung up and called the number on the back of my Chase debit card and asked for security and fraud department.
It turns out that the call was for real and they were attempting to verify the charges. The person I spoke with assured me that the (800) 355-5265 number was their authorized number for such calls.
Given how many phishing scams there are and the possibility of spoofing numbers, the way Chase handles this is not particularly wise, in my opinion. At the very least, the caller ID should show Chase as the caller and not “Toll-Free.” Even better, they should have an identified number that calls the customer and says, “We are trying to reach you to verify certain unusual charges on your card. Please call the number on the back of your ATM card and ask for the fraud and security department. If you can’t locate your card, call Chase’s main number, which you can verify online, and ask for the fraud and security department.” Of course, it would help if they actually put a dedicated phone number on the back of the ATM card, too.
I related all of the above to the Chase representative. I somehow doubt it will do any good, but really, their system is not a good one in this day and age.
Update: This seems to be a long-standing problem with Chase: https://www.cs.columbia.edu/~smb/blog/2007-11/2007-11-16.html. So why haven’t they addressed these security concerns?