Take action! File a complaint! Find out who, what, where, when, and HOW your accounts were “breached.”

This post is continued from – Part I.  The following includes the actions I took and these are the actions ANYONE should take when faced with this situation.  If we don’t respond by using the tools available to us as consumers, things won’t change.  When an issue gets multiple complaints, it signals to regulatory agencies that there is a problem that needs to be addressed. That is how legislators can prove that laws or policies need to be changed – or even enacted when none exists. Filling out a complaint form takes just minutes and often the results give you a sense of accomplishment and a recognition that, as a consumer, there is a way to get to the bottom of these issues!

“We apologize for cancelling your cards. The cards were ‘flagged’ due to a ‘breach.’ No, we can’t tell you Who – When or How.”

Has this happened to you? What are your rights in this situation? Does it matter to you how your card/account was breached? Do you have the right to know which merchant allowed an account to be breached? Suppose it was the bank itself?

The following is the second part of this story – who I  contacted and what actions I took. To see the first part click here: http://wp.me/p49vDG-B

If this has happened to you, I encourage you to read his second part and file a complaint just as I did. 

HOW CAN BANK REGULATORY AGENCIES HELP?

After speaking with a supervisor at the bank (Citizens), and a customer service rep at VISA and getting no where -no one could tell me why my accounts were “flagged” and my cards were cancelled – I decided to take this to regulatory agencies who are there to protect us and enforce our rights:

I spent the next morning listening for the FedEx truck that was to deliver our new cards while reading consumer protection laws and articles.  Finding nothing to help me, I contacted the  MA AG’s office and was referred to the MA Division of Banks (DoB).

BANKS REGULATED IN MA – CONTACT THE MASS DIVISION OF BANKS

Each office along the way was sympathetic and agreed we should have access to answers to “who” is responsible and “how” it happened when our accounts are “flagged” or “breached.”  An employee at the DoB told me if the bank was a MA regulated bank, I could fill out a complaint and that complaint would be given to the bank. She explained that this often compels banks to provide the consumer with the details about how and why an account was breached.  I told her that this shouldn’t be necessary, that policy must be developed to require banks to give us this information when an account has been flagged, breached, or compromised – especially if it means cancelling cards and replacing them.

(I believe this is a policy that must be developed into legislation that will protect us. That conversation will take place after this is resolved.)

Citizen’s is an NA (national bank) and is regulated by the Feds so the helpful people at MA’s DoB couldn’t do anything for me.  If this has happened to you with a bank debit, ATM card, credit card, or a checking account and your bank does not have an NA after it’s name, use this form to file a complaint: http://www.mass.gov/ocabr/government/oca-agencies/dob-lp/file-a-complaint.html – they require you print it and send it, but please, don’t let a stamp and an envelope stop you!

CONSUMER FINANCIAL PROTECTION BUREAU COMPLAINT PROCESS IS EASY -NO EXCUSES!

Luckily, if your issue is with a credit card or a NA-National Bank we have the Consumer Financial Protection Bureau (CFPB) and their complaints are easy to file, online.  This agency is a gift and if things are to change, more of us need to use it to file complaints when we believe a bank has done something wrong. It’s our money. It’s our right!I

I contacted the CFPB and was told to fill out a complaint. They are very careful not to give out legal advice, but like the MA DoB, a consumer filed complaint gives them the tools they need to address the issue.

I filled out a complaint online and submitted it. The complaint form is here: http://www.consumerfinance.gov/complaint/  You don’t need to call first, save time and just fill this out.

MEAN TIME FEDEX DELIVERS AND THE BANK CELEBRATES OUR NEW CARDS WITH A FEE

Fed Ex came that afternoon and I signed for the cards. My husband took his card to an ATM as instructed, “activate this card anywhere a PIN number is needed.”

The next day, I noticed a $3 “foreign ATM fee” on the account. We were charged a fee for activating the card! Just a little extra slap in the face?

I immediately signed into the account online, went to the messages section of the customer service page, and sent a message requesting that fee be refunded (ALWAYS DO THIS when you feel a fee is not deserved! Always insist the fee be refunded. Banks rely on you to NOT do this! I don’t call, I simply send a message.)  That fee was refunded two days later.

THE BANK RESPONDS TO THE COMPLAINT 24 HOURS LATER

At noon the next day, someone identifying herself as from “the office of the president of Citizen’s Bank” (I’ve had discussions with employees with this title in the past, and they often sound like interns) left a phone message. This is the voice to text message I received:

Hello, this message is for XXXX My name is Larissa. I’m calling from the office of the Chairman at Citizens Bank. I’m calling because we did receive a CFPB complaint that you filed trying to find out more information about why you’re debit cards were  … how they were compromised. I’m just letting you know I’m investigating that and I’ll respond to you and the regulator in writing if you have questions you can call me on my direct line at 401-xxx-xxxx. I’m in the office Monday through Friday 9 a.m. to 4:30 p.m. Eastern standard time. Thank you.

IMPORTANT NOTE ABOUT TALKING TO BANKS ON THE PHONE:

I want to share a lesson learned here, separate from this issue but relative.  When you are in a situation where you feel a bank or any company has done something you feel is wrong, after initial calls – stop speaking with them by phone. We learned this with our mortgage company. We were told so many things over the phone that were wrong, misleading, and even insulting,  I eventually learned what many lawyers will tell you. Get it in writing. Even if it is via emails. Get it in writing. We found our mortgage company responded to many regulatory complaints saying we “wouldn’t respond to many phone calls and messages XX Bank left for them.” I produced letters written to the bank that included the sentence, “we will no longer speak to you about this issue on the phone, we need all correspondence in writing.” And most agencies understand, it’s easier for them to consider evidence in writing than recollections of phone conversations shared sometimes months later.  There are many instances were those written responses have been incredibly valuable and have proven a pattern of disorganization and deceit in the case with our mortgage company.

YOUR COMPLAINT STATUS IS UPDATED ONLINE IN A PRIVATE ACCOUNT YOU CREATE WITH THE CFPB

When I receive a response in writing from Citizen’s Bank I will share as much as I can.  I will also be sharing this story with our legislators both state and federal.  We should not have to file complaints to find out who or how our bank accounts are compromised.

The recent news about Target having to settle with customers who were victims of a breach has me wondering if there are more such breaches that aren’t reported. Are companies now dodging this reporting to keep these breaches out of the media and the public eye? This needs to change. Yes, corporations and banks want to protect their reputations, but our protection should come first. Quite frankly, I feel safer shopping at Target than most other places now because they have HAD to make protecting their customer’s information a priority.

It seems there is no legislation that compels a bank to inform customers how accounts are breached.  Telling us oh well  “there are people who hack into accounts…” is not enough. Hackers have to have a porthole into an account. It is usually a merchant or a bank. Telling us who and how should be something banks are legally responsible to do, without a complaint to a regulatory agency compelling them. That puts the onus on us, when the responsibility should be the bank’s.

Stay tuned!