BestestBoy
Contributor
I have a USAA Visa that I only use for overdraft protection on my checking account. The physical card has been in a drawer since I received it and I don't think I have ever had a transaction on the account of any kind since opening my accounts. Last week there was a charge for a Hulu subscription for someone other than me. I disputed it and canceled the card. A new one is on the way. But since I have never used the account nor lost the card, it seems like the only way someone could have gotten my account number and security code is from USAA. Are you aware of a data breach that would expose account information? When I called about it I was told I was not the only person to experience this. Is there a problem you are not yet aware of?

14 REPLIES

Hello @BestestBoy, We have not been made aware of a data compromise. When there is a compromise we act immediately to notify the impacted members and issue new cards. It is not always known how your card info gets in the hands of fraudsters and it is true we get asked a lot as to how it was compromised. When you report it to us it is investigated. I regret that I don't have an answer for how it happens but your quick response to report it will hopefully help us prevent it in the future. You can visit our Security center on USAA.com. It provides a lot of information for consumer awareness and not just credit card fraud. I hope this helps. ~ Suzy

Thanks for your response. Considering the total absence of transactions on the account and the physical card still being in my possession I can't see how my information got into the wrong hands from my end, can you? And if I'm not alone in my experience that would lead one to believe that you might have a bigger problem than you are currently aware of.
The same thing happened to me yesterday, except there were a bunch of attempts on my account. I am very careful about where and when I use my card and even have a special wallet to protect from skimming. I was alerted via text and shortly after called. I called back to make sure that I was talking to USAA and not a scammer and supposedly everything is being taken care of (but I was lucky that my account balance was low and flagged the transactions immediately). One of the representatives I spoke with told me that skimmers are not as easy to spot anymore and thay they are mostly internally installed. I find it very odd and unsettling though that I have seen numerous complaints about charges ocurring in Miami Florida as that is where one of the charges was and where some activity can be traced to. I cannot stop thinking about this and what other information the scammers/hackers could have. The more I read the more it appears possible that an internal breach occurred somewhere as there are no clues to when or where my i for could have been skimmed (and I have thoroughly checked my go-to ATMs and Gas stations).

I think USAA should look further into this possibility.

 

Someone has been debiting my SAVINGS account, and the only people who have ever received that information is a bunch of lawyers setting up a trust for me. That was months ago, and they do not have my security information at all.

 

I discovered last week that someone has been debiting my savings account to pay bills (Toyota, Wells Fargo, some auto parts place for NSF fees) and reported the fraud. It's been denied saying that security was reviewed, and there is no evidence of fraud. What disturbs me even more is that I told the USAA representative that I never pay bills from my savings account, and the very next day it happened again! No monitoring of my account even after notification of fraud!! How is that?

 

Well I'm here to tell you that there is DEFINITELY FRAUD and I believe that USAA has suffered a security breach.

 

I will also be contacting the FTC if they continue to deny my legitimate claim. My funds are federally insured. There is no reason to deny this claim.

POdMember -I understand the seriousness of the situation. I have located your information and will engage a specialist to review the details. Thank you for speaking up today. - Jason
 

This happened to me today.  Very unsettling.  I received a call from USAA requesting that I verify activity on my account, as they had some questions as to whether or not the activity was from me.  I was alarmed, but verified the activity on my checking account that I only use for checks (I have another account which is my primary account connected to my debit card).  They verified my deposit from the government for my tax refund and a couple of checks which I write every week, so I was puzzled why they had called, as the deposit wouldn't be fraudulent and the checks I write every week to the same person, same amount, so they don't seem out of the ordinary.  I asked if there was any other activity to verify, as these activities seemed normal.  The lady said no, and verified that they would continue to monitor my account.  But directly after I got off the phone w/ USAA, I got a text from my USAA app saying that a request had been made to increase my daily withdrawl limit.  I immediately called USAA back and asked that my account be frozen, as I had not made this request.  After verifying my identity, the lady put a temporary hold on my account, and while we were on the phone, it turns out they withdrew $800 from the ATM.  They had called to increase my daily limit to $3800 saying they were buying a sectional couch.  So while we were on the phone they removed the temporary hold put on my account to make the $800 withdrawals.  I inquired as to how this was possible that they were able to do this, as I know they have to answer security questions.  The lady tells me that they were able to answer the security questions including my phone number and pin number correctly.  Obviously they had my account number to create a fake debit card (I still have my card) and pin number for the ATM as well.   I am puzzled why there was not additional security measures placed on my account the moment they suspected fraud and talked to me on the phone (for instance now I have to get a temporary access code texted to my phone each time I log in---The people who had my account info had my account info and phone number but did not have my phone.  Or to freeze my account immediately as I requested rather than temporary hold since we verified that I was not the one who requested the daily withdrawal limit increase.).  

 

Now I go online and read on USAA forums that strikingly similar occurrences where security questions, account and pin numbers are known have been happening since at least 9/2016 (it is now 5/6/18).  This is totally unacceptable that with at least 2 years worth of continued occurences which indicate an internal breach of security that 1) security measures have not been increased for all phone reps in all departments (not just security) to act quickly and effictavely to prevent withdrawals and 2) Proper investigations to determine how this internal breach is happening and stop it.  I am not confident in the security of my money and personal information now at USAA.  This is super disappointing to me, as I love the customer service and have been so happy to do both my banking and car insurance w/ them.      

@klipper, After reading your post, I can certainly understand your disappointment. At this time, we have no indications that your information has been breached. The security of our members' personal information is extremely important to us. We have extensive security measures in place like 24/7 fraud monitoring, security alerts, free credit monitoring and enhanced authentication options to help members protect themselves and to help us protect the information they've entrusted to us. I am engaging a business expert to review each one of your concerns. After a thorough investigation has been completed, we will conduct a follow-up with you. ~DC

I agree that there is a high likelihood of a data breach, internal or external.  Someone called USAA and could not provide six digit code because they did not have the pyhsical phone only a simulator.  They used my phone password which was only know to USAA and myself and was undecipherable in any lnaguage to withdraw a huge amount from my account by transfer.  USSA alerted me that day and restored the money to my account, but I am still freaked out that the caller knew everything about me, including this bizarre detail.

@elsa767, I'm sorry to learn that you've experienced fraud. The security of our members' information is of critical importance to us. We have extensive security measures in place like 24/7 fraud monitoring, security alerts, free credit monitoring and enhanced authentication options to help members protect themselves and to help us protect the information they've entrusted to us. We regret that we cannot prevent all fraud from occurring on our members' accounts if a member's personal information has been obtained by fraudsters elsewhere. We are constantly improving in this area, and we encourage our members to use enhanced security multifactor authentication options like one-time use codes and biometrics on our mobile app. I'll share your concerns with our fraud team. ~DC