“We apologize for cancelling your cards. The cards were ‘flagged’ due to a ‘breach.’ No, we can’t tell you Who – When – or How.  Have a nice day and thank you for banking with us.”

This is an update to multiple posts listed at the bottom of this article, about banks that cancel your credit and or debit cards, send replacements and won’t tell you why.

In our case the bank canceled debit cards without telling us, we learned while trying to get gas. They canceled cards that were associated with the two checking accounts we had with this particular bank, named below.

After asking the bank to tell us how our accounts were breached and being told they wouldn’t tell us, I filed a complaint with the Consumer Financial Protection Bureau (CFPB) as this is national bank regulated by federal authority. I was hoping to get the information I needed to understand what happened so I could take measures to protect myself in the future.

The bank requested a time extension from the CFPB to research the issue. When we did receive a notice from the bank we expected to understand what happened, how our information was compromised.  Nope.

Turns out the reason the bank needed additional time was not to research what happened, but to research whether they HAD TO TELL ME WHAT HAPPENED.

Guess what.  They didn’t have to tell me.  The response, recorded by the CFPB, is copied and pasted below.

Unfortunately as the bank – CITIZENS BANK NA – discovered, there is, as of yet, no policy or law that requires them to disclose who, what, where, when, why or HOW our bank accounts were both “breached.”

The most interesting part of this letter is the sentence:

While we understand this may not be the outcome that you may have hoped for, please know that your concerns have been taken seriously.

The letter was signed by someone who has responded to previous complaints I made about fees for overdrafts – overdrafts that never actually happened. I later learned the overdrafts weren’t actually overdrafts but were a rather contrived practice of ordering  deposits and withdrawals in a formula used – not just by this bank but others – that would make it appear an overdraft occurred, despite never showing a zero balance. The practice was eventually declared illegal and resulted in a class action suit that required the bank to refund millions of dollars to customers. The person signing the letter below identifies as from the bank’s “office of the chairman” and has basically been assigned to me, to address my complaints. It’s not the first letter of response I’ve received from her.

I don’t think they like me very much.  But my complaints are how I exercise my rights as a consumer and are never filed without first contacting the bank, merchant, service provider etc.

The lesson here is that we need to insist lawmakers create legislation that requires a financial institution tell us who or how an account was breached in a way that requires our cards be replaced.

The letter below declares they want to protect me. If that is the case, tell me what happened!  If the breach happened with a merchant, give me the opportunity to decide whether to trust them with my information in the future.

Who are they really protecting? Is this secrecy a way to protect themselves? Perhaps, and of course I don’t know this for a fact, they are simply trying to prevent publicity from a breach of their own institution.

Please, if this happens to you, ask the bank who or how your account was breached.  If they refuse to tell you, let them know you are filing a complaint in an effort to compel them to provide that information.

Letter in response to CFPB complaint with personal information redacted:

We are in receipt of your complaint which has been forwarded to our office by the Consumer Financial Protection Bureau (“CFPB”) for review and response.

We understand that you have expressed concern with the above referenced debit cards being compromised.

We, as a bank, are obligated and committed to protecting our customer and their information from fraudsters. We recently received notification that your debit cards may have been potentially compromised. To prevent any possible fraudulent activity from occurring we decided to issue you new debit cards. Unfortunately, we are unable to provide you with further information regarding this matter.

A review of our records confirms the debit cards ending XXXX and *XXXX were closed on xxxxx. Two new cards with different card numbers were ordered and sent to you via overnight delivery on xxxx.  The new debit cards ending in XXXX and XXXX were activated by you on xxxx.

While we understand this may not be the outcome that you may have hoped for, please know that your concerns have been taken seriously.

Should you have any additional inquiries, please contact me directly at XXX-XXX-XXXX during my office hours of Monday through Friday from 9:00am until 4:30pm Eastern Standard Time (EST).

* this number was actually one of the new cards, not the cards cancelled.

And the “breaches” continue.  Last week a well-known popular credit card, the card with all kinds of clever commercials, contacted me via email to tell me my account had been breached and they were sending me a new card.  According to the message, the card had been breached somewhere where I used it recently. I actually hadn’t used the card for six months. It had a low balance because we’d been told it is not good to keep a no-balance card. There was no activity on the card except payments made – via Citizen’s bill-pay program.

So, I will send them a letter and we will start this process all over.

The bottom line is, if there is no policy in place, no law to enforce, there is nothing any regulatory board can do to force a bank to disclose who, what, where, when, why or how a card or account was breached to the extent they have to replace the card and change the card numbers.

It’s up to us to file complaints with the CFBP to show there is a need for a new law that compels banks to disclose abuse and fraud perpetrated on us via a credit card or bank account.

FILE A COMPLAINT.    IT’S YOUR MONEY, IT’S YOUR RIGHT!

Previous articles in this series:

1. The Bank Cancelled My Credit Card, Why?
2. The Bank Cancelled My Credit Card, Why? Part II
3. Bank Cancelled Cards but Won’t Explain Why: Update