DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Veteran says financial services company USAA failed to warn her of ID theft

Posted on October 20, 2015 by Dissent

Paul Woolverton reports:

Retired Army Maj. Veronica Carter is furious with the USAA.

She says the financial services company failed to warn her when an identity thief or thieves called three times over the past month to try to persuade a customer service representative to withdraw money from her account.

On Oct. 6, someone made the third call, then a fourth one later that day, Carter said.

The thief on the fourth call knew Carter’s social security number and the make and model of her car, she said.

That was enough information to talk a customer service representative into writing a check from Carter’s account for $2,900 and sending it via FedEx to a woman in Anne Arundel County, Maryland.

Read more on FayObserver.com. I suspect most consumers might agree with Carter. What do you think of USAA’s explanation as to why they don’t call consumers to alert them or question them – that it would be “ineffective” and lead to consumers ignoring alerts? Is their anti-fraud executive’s alternative advice satisfactory:

He would like all of his customers to use a tougher security protocol.

For example, USAA has systems in which customers use verification codes – generated on the fly on their cell phones or sent via text message to their phones or by email – to help confirm that the company is not talking to an identity thief.

The company’s cell phone apps can use voice recognition, facial recognition and fingerprint recognition to confirm the customer’s identity, Swenson said.

Okay, but how many senior citizens may not have cell phones or email?  Should consumers have an option to instruct USAA, “Notify me by phone of any failed attempt to access my account?”

Related posts:

  • Would your Twitter team recognize when they’re being informed of a hack?
Category: Commentaries and AnalysesFinancial Sector

Post navigation

← UK: Online pharmacy, Pharmacy2U, fined £130,000 for selling customer details
Gowdy appears to accidentally release CIA source’s name →

1 thought on “Veteran says financial services company USAA failed to warn her of ID theft”

  1. IA Eng says:
    October 20, 2015 at 9:38 am

    Social Engineering at its finest.

    There are a couple of things wrong with this picture. One is that all people who were in the military and who have obtained a security clearance should not use the standard answers for any type of challenge and answer schemes. Make up a theme for the answers. There is no reason to think its a test you have to pass when giving answers. The only exception to this rule is your credit report questionaires.

    Speaking of credit, one should be monitoring the credit reports and have alerts sent to them should something go amuck. At least then you can call the company in question and interject that the actions they have taken is a result of identity theft and that you will seek damages accordingly. Most companies rather write off any loss than have bad press and a paying a fistful of cash for a handful of lawyers.

    For bank accounts, or any type of account for that matter, call the bank and have them make a note in your file that limits the withdrawal of cash to any third world country or other financial institution. Have them call you on any withdrawals that is over XX amount of dollars. Put a cap on how much funds can be withdrawn from your account on a daily basis, or over a weekend.

    There are literally hundreds of ways to protect yourself from fraud. Sure in the end the person has to jump through a few security hoops, but guess what – thats the way security is meant to be. Expecting security with lax measures will get you absolutely no where except broke and ticked off.

    Every business has its social engineering hits. But if there are multiple requests for cash from different phone numbers ( USAA should have caller ID on all lines – its best practice) something is terribly wrong. If there aren’t any notes in the customers account about trying to withdraw a larger than normal amount of money with a few days, the USSA process is broken. These issues should be flagged for review, and the customer should be notified about the potential identity theft activity so they can take appropriate action on their account as well as any others they may have. One can assume that the crooks have a copy of their credit report and are looking for larger sums of withholdings to tap. Those that were affected by the OPM or any other breach should take matter into their own hands to protect their valuable assets because these businesses aren’t perfect. Placing warnings on accounts will make the companies even more liable should some one successfully steal anything from the account(s).

    Become Proactive, vice knee jerk reactive.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan
  • A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades
  • Gravity Forms Breach Hits 1M WordPress Sites
  • Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The patient data appears fake. (2)
  • Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care
  • Here’s What a Reproductive Police State Looks Like
  • Meta investors, Zuckerberg to square off at $8 billion trial over alleged privacy violations
  • Australian law is now clearer about clinicians’ discretion to tell our patients’ relatives about their genetic risk
  • The ICO’s AI and biometrics strategy
  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.