On Monday afternoon, the phone rang. I picked up and heard two seconds of static, often a telltale sign of telemarketing. I’m not sure why I didn’t hang up the phone. I usually do—we get a lot of telemarketing calls, and I have no patience for a sales pitch at 2 p.m.
I braced myself for the “How are you today?” (another telltale sign of the beginning of a telemarketing script). But instead, a pre-recorded message started to play, saying that my bank account might have been compromised. I was invited to check my account activity and call my bank if I noted any unauthorized transactions.
I suddenly remembered that Feng, who uses a different bank, told me he had received a similar message the previous day.
Since I was already online and not doing anything special, I logged into my bank account to make sure everything was okay.
It wasn’t. My checking account had been emptied.
I reviewed the transactions, a straightforward task considering I don’t have much in my checking account and rarely use Interac. I had made a withdrawal from downtown Ottawa a few days earlier, that was right. However, the five subsequent withdrawals made just a few hours earlier that day weren’t mine. They were all strange amounts: $204.51, $108.32… not the kind of amounts you can withdraw at the ATM. And I definitely hadn’t used my card that day.
I called Scotiabank to sort this out and was told to go to my branch in person.
Half an hour later, I showed up at the customer service counter. “I received a message from you saying my account had been compromised…” I started to say. “That’s fine, you can just change your PIN to be on the safe side.” “No, but my account was compromised,” I explained. “The latest transactions on the account aren’t mine.”
This changed everything. After I swore that I was in possession of my debit card (yep, in my wallet) and that the PIN wasn’t written on a Post-it stuck on the card (this is apparently more common than you’d think), I was given a brand new debit card. “The transactions will be investigated,” explained the employee, “but don’t worry, the money will be returned to you in a week or two.”
While this is a pain, I’m glad that the bank took me seriously and that getting the money back shouldn’t be a problem.
However, it bugged me that the employee wouldn’t tell me what had happened. I have no idea how my account was compromised, and I wish I knew. I barely use debit and I usually monitor my account closely. For Scotiabank to send recorded messages to customers, the problem must be widespread, right? Otherwise, an actual employee would have called directly if there was some suspicious activity on my account only. Funny too that Feng, who banks with CIBC, had received a similar message the day before (no issue on his account, though). The bank told me the withdrawals made with my card had probably been made at the counter, and that they’d check the security cameras. But they couldn’t disclose more “for security reasons.”
The morale of the story? Sometimes it pays off to listen to pre-recorded messages. And to check your bank account often. I’m not sure it would have been that easy to dispute the transactions a week or two after they were made if I hadn’t noticed immediately.
Has your bank account ever been compromised?