Like anyone else, I never expected to be a target of identity theft. I also never expected a major Canadian bank would act so cavalierly toward a customer targeted within its own system. The lending institution in question is one of the big five; let’s just call it the “Royally Indifferent Montreal Bank of Imperial Dominion.”
My partner handles the online banking, and gets all of RIMBID’s emails. One morning she received multiple messages that I had changed my password. Knowing I wouldn’t have done this, she called the bank immediately. Customer support assured her there was nothing to worry about.
My partner explained the messages came with a legitimate phone number for the bank. At first customer support insisted the messages were fraudulent. Yet even after recognizing they were legit, several successive people diminished her concerns. The approach was “yes, those are our emails, nothing wrong, don’t worry about it.”
My partner kept asking to speak to fraud and security. Instead, she was ping-ponged around the tenth circle of helpline hell. I had arrived home at this point, and was on speakerphone with the third phone-line factotum. My mother’s maiden name and first pet’s name came up wrong.
Customer support tried to alleviate my partner’s anxieties with a patronizing approach. “It was like ‘if it makes you feel better, we’ll change your password and take off your husband’s Internet banking access,'” she recalled.
If any money went missing, the bank would cover it. Yet although we still had an account with RIMBID, our money was elsewhere. On Nov. 5 last year, my partner and I followed the global call to abandon banks and reinvest in credit unions. We parked our money at VanCity. We still had an empty line of credit and an active chequing account with RIMBID, however.
The support person insisted we had $1,015 in the chequing account. No we don’t, my partner replied; we had $15.
It turns out there was a second credit line in my name, which we had set up but had never used. In the time my wife was on the phone – in just the previous half hour – a thousand dollars was transferred from this credit line into our chequing account. The person using my name and password did it by phone. We were tracking a heist in almost real time.
“So the guy starts freaking out, ‘I’m going to get you to fraud right away,'” my partner recalled.
She let the fourth person know we had a real problem with how the bank had handled the identity theft issue. The woman on the line said the customer support people are nice and all, but “they don’t see the fraud that we see.” But how did someone get this far? It is “amazing what they can do with just a name and an address,” was the reply. It’s very possible someone may have got in touch with “someone friendly” at the bank who may have allowed him or her to reset my password. The bank would do an internal investigation and let us know.
This was Oct. 31. On Dec. 13, my partner managed to reach RIMBID and asked for clarification. A woman, who identified herself as Dragana, insisted we had spoken with her earlier. Neither of us had spoken to anyone from the bank with an accent, we said. “That’s not really nice, we’re all here from different places,” she responded.
At that point, I was starting to feel we were stuck in one of Philip K. Dick’s lesser sci-fi novels. We’re still in the dark about an identity theft and account breach that happened under the bank’s ho-hum watch.
With such bogus service and security, you might as well stuff your money into a mattress. Strike that – stuff it in a credit union.