Saturday, September 09, 2006

Identity Theft Risk for 2.6 Million Circuit City Credit Card Holders

A unit of JP Morgan Chase & company has lost
millions of consumers data again - 2.6 million to
be exact.

In this latest self inflicted wound, the Circuit City
branded credit card holder's personal information
was mistakenly discarded as trash and is believed
to be buried in a landfill.

Identity-Theft-Risk-for-2.6-Million-Circuit-City-Credit-Card- Holders-audio post - click to play

A Chase, the 2nd largest card issuer in America
with over 91 million accounts, company spokesman
blamed the problem on “human error and said
the bank wished to apologize to its customers."

Excuse me, but this latest incident is not some measly
excusable offense. Chase Bank had a computer stolen
from their Dallas office in Nov. 2005 which contained
the personal and financial information of their clients.

Also, last year when Mastercard International let
hackers expose nearly 40 million consumers account
information to identity theft, Chase officials elected
to not even inform those customers they knew
been the victims of the data breach.

And now, in 2006, over 2,500,000 million people's
most sensitive financial information has been quite
literally tossed into the trash like it's totally worthless.

Tell that to all those potential identity theft credit
fraud victims or identity thieves who are quite
willing to pay as much as $200 for a credit
containing a complete set of the
following confidential

  • Names
  • Addresses
  • Phone numbers
  • Account numbers
  • Social security numbers (ssn)

For the lucky identity theft ring, the opportunity to recover
even a small percentage of those 2.6 million account holders
information is a veritable gold mine.

Here's why.

Identity thieves typically use stolen personal information to
either run up charges on existing credit accounts or open up
completely new charge accounts. In both instances, the identity
thieves have favored taking advantage of greedy retailers
who push "instant credit" as an incentive to immediately purchase
lots of expensive consumer electronics such as HDTV, laptops, &
cell phones which can quickly be sold for cash on the street.

Let's say even a miniscule percentage of those 2.6 million
Circuit City account holder's information can be recovered by
identity theft "collectors". Assuming only 10,000 names
combined with social security numbers could
be recovered
from this latest Chase security breach -
what would the damage
estimate be?

It would easily translate into a potentially $21,000,000 opportunity
for identity thieves and a huge bad debt write off for the merchants
and consumers to settle the damages from the fraudulent purchases.
($2,100 average loss to consumers for established accounts - FTC, 2003)

This latest consumer data security lapse by Chase just points
what many believe is the real reason behind identity theft data
exposures continuing to grow out of control with seemingly no
end in sight. These big companies like Chase evidently
don't see enough enough money to be made from

securing sensitive customer information like it was
their very own.

Further, there's not enough money to be lost in privacy
for those same company executives to care about.
Thanks to organizations like Chase & others, since 2005, the
number of Americans who've needlessly had their personal
information exposed to identity theft is now over 93 million.

With the very real prospects that number will climb over 100
by Christmas just points out the now widely
held suspicion that
many companies are woefully
inept at protecting consumer privacy.

Here's what you can do today to fight back.

Our tip for today is for all of those 2.6 million Chase card holders of
the Circuit City brand. Contact Chase for more information on how
to qualify for your "free" credit monitoring.

Also, contact any of the three major credit bureaus
(Experian, Equifax, & TransUnion) to place your "free" fraud alert
on your credit report as an added prevention step against would be
identity thieves ruining your good credit.

The toll free number to contact Chase is 877-284-7840.

Finally, make sure to tell a friend or family about this Chase data
security breach - especially if there are or were Circuit City card
holders - so they too may avoid the pain and agony of
identity theft.


At 1:09 AM, Anonymous Anonymous said...

No apologies - just secure my data!!

Is that asking for too much the way these credit card companies gouge you on the fees and interest charged?

I read somewhere the average credit card account is worth something like $300 in annual profit to large banks like Chase.

You'd think for $300 they could afford to get reliable data destruction services.

But, as your article pointed out Agent99, they probably could care less as long as they continue making big money on our fears, lack of insider knowledge, & continued consumption of their services.

At 2:48 AM, Blogger agent99 said...

You seem to have the pulse of what we've ready across many forums.

There's, however, another option you are always well within your rights to pursue.

Don't do business with organizations you are made aware of as having slopping consumer data security standards (are lack of enforcement)!

Ultimately, your credit safety is up to you to demand and practice denial and detection strategies to minimize your overall identity theft risk.

To augment those, we will continue to expose the known hazards.

At 10:20 AM, Anonymous Anonymous said...

Three years ago, I was a victim of identity theft when someone used my credit card number without my permission to run up a $1,436 balance in only 10 days - while my credit card was in my wallet the entire time.

I'm not sure how the identity thief got my account information, but what saved me from having an even bigger debt from this unknown criminal was the email message and phone call to my place of work by my credit card company.

I guess the identity thief was trying to make one last big purchase on my credit account to max out the $2,500 card limit and this triggered fraud alarms at the credit card company.

While I was fortunate to have been saved from the nightmare of having to explain and pay off all of that bogus debt, I can only guess how bad it would have been had there been no automatic monitoring of my account by my card issuer.

But, in this podcast/article you just provided, I can see we need to have our own credit monitoring in place if Chase just threw away our account information in the trash that must mean they no longer are watching out for those poor account holders.

At 4:03 PM, Blogger agent99 said...

Anonymous said " longer are watching out for those poor account holders".

We'd submit they never really have:

"Companies such as J.P. Morgan Chase & Co., Citigroup
Inc., American Express Co. and MBNA Corp. indicated
that they are not automatically alerting their
customers that their information may have
been exposed according to a June report by the
Washington Post."

Cardholders Kept in Dark After Breach

At 4:49 AM, Blogger Ed Dickson said...

Thanks for the comment - and I like your blog.



At 10:14 PM, Blogger chango said...

Helloooooo! THINK!!!!

Its Saturday morning 8:00-8:30 a.m. (waking you up) or anyday dinner time:

You get a phone call...Hello MUM or Sir this is Punjavi from Chase and since you are a valued Chase credit card customer, we want to offer you a credit protection plan,
its free, yes free the first month and then you pay only $$$.
You know this protection prevents identity fraud, etc. Yes, we protect your account for unathorized use...

Subscribe, one and all and we make lots of money for this service.


At 10:25 PM, Blogger chango said...

Identity theft tip:

If you have numerous credit cards keep them all maxed out. Its the only way to save your identity.
They try to buy something and card or number is declined for insufficient credit limit.

And when you sign up for new credit cards always request denial of card when card reaches credit limit. That way they will decline use and notify you immediately when that happens.

That happened to a friend of mine twice on two different cards and what saved her was all her cards were up to the limit. So credit card company called her and she told them it was not hers. They immediately closed account and sent new card.

But if you have sufficient credit on cards, they'll think its a legitimate charge and you won't notice till its too late. Some cards take off the charge and don't hold you liable but some are nasty and do make you pay.

At 10:32 PM, Blogger chango said...

Shame on Chase!!!!

They charge you 32% interest and they cannot spend a few dollars to properly shred and dispose of information properly. Shame, shame, shame.

And on top of that they are saving bigger bucks by having the bulk of their employees in India paying them 10 cents on the dollar salary.

Shame, shame, shame.

Bottom line, pay off and close all your Chase card accounts and put the cards thru the shredder.

And just "SAY NO", to Chase.

At 12:22 PM, Blogger agent99 said...

Chango said:

"If you have numerous credit cards keep them all maxed out. Its the only way to save your identity.
They try to buy something and card or number is declined for insufficient credit limit."

Our response, as a reformed credit marketer, is that by "maxing out" your available credit limit, you ultimately may very well hurt your credit rating as well as signal to credit card issuers you need even more credit.

So, if you have been paying the minimum monthly payment each month, thus signaling you are a decent credit risk, these actions combined may very well "trigger" pre-approved credit offers to come to you via the USPS mail.

However, besides credit monitoring and shredding, your suggestion of
"close all your XXXXX card accounts"
will help.

Just realize that ultimately you can not gain full control ever on all of the entities which are intrusted with your personal data.

You can, however, take full advantage of your rights in protecting your data where possible.

At 2:09 AM, Anonymous Anonymous said...

I am sorry for your experience with Chase, I work in a small call center in Dubuque Iowa and have the extreme misfortune of answering phones for Chase ID Protection and Chase Fraud Detector. I talk to at least 80 to 90 people per day who all swear they told the customer service They didn't want the service. I believe them because it is statistically impossible that they are all telling the exact same story. Unfortunately when customers call to cancel we are required to try and save them with chases scripting if we don't then we will lose our jobs, that is that. Chase ID Protection scripting goes like this

I am sorry you wish to cancel today may I ask why?

customer states reason:

I would just like to let you know that the reason we created Chase ID protection is because ID theft is one of the fastest growing crimes in the nation and anyone can become a victim at any time.......

It goes on and on and basically it is a scare tactic, as a phone rep I get yelled at daily, and realistically the best way to handle these Bullshit programs is to interrupt the operator after they hit their main script, then tell them you want to cancel and explain to them that you don't want the service.

at this point the operator is going to pause and look at how you were enrolled in the program (if they haven't already that is)

customers are enrolled In ID protection and Fraud Detector the one following ways

OBTM; Out bound telemarketing
STS: Sales to service
DM: Direct Mail
BT: Bang Tail
VRU: Voice Response Unit

OBTM means that they were contacted by a telemarketer and enrolled willingly (and most of the time unwillingly) If you honestly said no then what you do is ask for a supervisor and ask to have them pull the recording so you can here it too, once the recording is pulled and the find out you did say no they will issue all credits back to you

STS means the customer called customer service for something unrelated and given the sales pitch and enrolled willingly (and again most of the time unwillingly) If you honestly said no then what you do is ask for a supervisor and ask to have them pull the recording so you can here it too, once the recording is pulled and the find out you did say no they will issue all credits back to you

DM: is direct mail this one means they either sent a check or a gift card and the customer either used it or cashed it depending on the case. We are only allowed to issue one credit back for this type of enrollment so if you get a check by all means cash it then call in 14 days later and cancel then you get the money back for the charge and are ahead whatever the check or gift card was for.

BT: means that it was an extra piece at the bottom of the bill that offered you a chance to receive materials about the program (the catch is the only way to get the materials is to be enrolled in the program. (it is right there in very tiny tiny print)

VRU is when you call in and are talking to that stupid electronic voice and pushing the appropriate buttons, if it asks you if you want to hear about something say no or you will end up enrolled in the program

Don't be intimidated by their scare tactics, just stay calm because if you lose your cool it is easier for them to take the high ground and make you feel bad or win the argument. Here are questions that should be asked

1.) when was my service enrolled?

2.) How was I enrolled ? (we are not supposed to tell customers how they were enrolled unless the customer insists on the answer otherwise it will result in written documentation and eventually termination.)

3) What is your Name and operator number? (if asked we are required to give it out and IT SHOULD ALWAYS BE ASKED FOR AND WRITTEN DOWN FOR FUTURE REFERENCE)

Lets say your bill is showing a 7.99 charge for Chase Fraud detector (CFD) and an 11.99 charge for Chase ID Protection (CHIPS) and you call the 800 number for CFD and want to cancel both. The operator will tell you that they only work with CFD (A lie required by Chase, although they do not work with Payment Protector or Chases other Programs) and that you have to call the 800 number for CHIPS to get that canceled. Tell them you know they take both and you want both charges canceled (The operator will most likely pause but comeback with the same story, which they will do if they value their jobs) At this point remain calm and ask for a supervisor, explain to the supervisor everything you know and tell them you want both accounts canceled because you don’t want to wait on hold all day, they should oblige you at this point.

I hope this info can help you and others you know, and if it does please try to be civil with the operator who answers if for no other reason than it may be me on the other end and I was nice enough to give you all you need to fight these charges successfully

At 2:38 PM, Anonymous Anonymous said...

Very interesting about Chase Fraud Detectors. I just got hit with the $7.99 charge for this bogus service that I did not order. Luckily, I check my credit card activity once a week. I called to cancel and say "what the hell?" and it was just like you said - scripted apology and bullshit explanation of how I got enrolled. I just interrupted and said "this has got to be illegal; get me out of this now" and they did - but I will have to follow up and make sure they did.

At 8:52 PM, Anonymous Anonymous said...

I happen to know (from being a chase bank employee) that there is a fraud dept. monitoring the cards at all times and when a charge is declined for suspected fraud by this dept weather it be b/c the charge is out of normal spending for that client, or out for their normal location ext. I get to handle the irate unappreciative cardholders; mad because there was a security lock placed on the account for their protection b/c of how inconvenient it is call call and verify the charge. It is very few on far between when someone says thank you for watching and questioning. We are a large company, and errors happen so I love how you fail to mention that jpmorgan chase is a 0% fraud liability company. Theres my two cents.

At 5:45 PM, Blogger Dan said...

I think that banks make you get identity theft, but if one opts out of their "offer" then the bank takes this to mean that it is OK to sell your private information to a buyer, i.e. it is the banks who are doing the indentity theft. So you are stuck either way, you either pay them the money to get the identity theft protection that they are pushing on you, or they take your opting out of it to mean that it is OK for them to sell your private information!



Post a Comment

<< Home