If you have a credit card account with Bank of America or Chase, two of the nation’s largest banks, a major security flaw has been exposed that could make your information vulnerable to an Internet crook – or even a nosy neighbor.
Consumer advocate Edgar Dworsky of ConsumerWorld.org, who discovered the flaw, says anyone who knows your phone number and has the last four digits of your Chase or BofA credit card number might be able access your account.
Here’s the flaw Dworsky uncovered: When you call a bank’s automated credit card account information system, the computer uses caller ID to compare the number you’re calling from with the one on the account (usually your home phone).
At BofA and Chase, if the phone number is a match, the verification process is streamlined. Rather than requiring the entire credit card number to be entered, the caller can usually access the account with only the last four digits. In some cases, a zip code is also required.
“The last four digits of your credit card number are just out there so predominantly,” Dworsky says. “If you look at any sales receipt, it always has those last four digits.”
In order for someone to take advantage of this security loophole, they’d have to trick the bank’s computer to make it appear the call is coming from your home phone. Internet “spoofing” sites make this incredibly easy to do. Con artists have been using this technology for years, and it is how those British tabloid reporters were able to hack into so many voicemail systems.
- Pay By the Due Date
- Refunds, Errors, Disputes, and Unauthorized Charges
- Security Tips and More Information
Pay By the Due Date
It’s important to pay your bill on time. If you don’t, count on paying late fees and additional finance charges.
When you make a payment, your card issuer generally must credit your account the day they receive it, but there are exceptions.
- Your issuer can specify reasonable requirements for payment. For example, your issuer can set a reasonable cut-off hour for your payment to be received for crediting on that day, but generally, it can’t be before 5 p.m. on the due date at the location the issuer specifies.
- Your issuer can require that you include an account number or payment stub with your payment.
- Your issuer doesn’t have to credit your account the day your payment is received if a delay won’t result in a charge to you.
To help avoid additional charges, follow your issuer’s payment instructions. Sending your payment to the wrong address — even if the payment is received and accepted at some other office of the issuer — could delay crediting your account for up to five days. If you pay by mail and misplace your payment envelope, look for the payment address on your billing statement or call the issuer for the correct address for payments. If you pay your bill online, set up a reminder a week or so before the bill is due to be sure you pay on time and to the proper electronic address. Set up a return electronic notice showing the company received your online payment. No matter what method you use, check your billing statement to be sure you have the right due date and location for each account.
Automatic debiting to your bank account can be a convenient way to pay bills, but there are factors to consider. For example, the amount due each month could vary, and you would need sufficient funds in your bank account to pay it. Otherwise, you could overdraw your account, be charged for insufficient funds, and damage your credit rating. Under federal law, you can’t be required to use automatic debits from your bank account to repay an extension of credit.
If you decide to set up automatic debits, the creditor must:
- clearly disclose the terms of the transfers;
- get your written or electronic authorization; and
- give you a copy of the authorization disclosing the terms.