I've been a USAA member for nearly 30 years. On Monday, they sent me notification that a $5k transfer from my checking account to my 15 year-old-daughter's account took place. After confirming that no one in my house had done the transfer, I immediately called, only to learn that USAA had allowed the funds to be withdrawn from her account via an ATM the same day. This out of an account with an average daily balance of around $400 for the couple of years it has been open.
They then said I had had them rush an ATM card to 3rd party address the week before. I told them I had not and to please freeze the account. They said I should hear back from them in three biz days after they had time to investigate. I also updated all of my login and security questions that evening.
On Thursday, I checked my phone after getting off a plane only to learn there had been another $5k transferred to my daughter's account and ATM withdrawals were taking place. I immediately called and was told that I had called back on Tuesday and told them the fraud claim was a mistake.
They had lifted the freeze as a result of the fraudster calling back in! Before I could digest that, the rep told me the fraudster was on the phone at that moment claiming to be me asking to release funds.
Today, USAA emailed my daughter, not me, with a message "After a thorough investigation, we have determined that the above transaction is not fraudulent. We based our decision on the information we had available at the time of our review. This concludes our investigation, and no further action will be taken."
We'll see about that. You have choices, you may want to avoid USAA.
UPDATE (Tuesday 8/1/18): I just got off the phone with USAA, and they have made me whole (with the assistance of Fidelity Investments). I also have the rest of the story as to how the fraud occurred.
The crooks spoofed my home telephone number and called into USAA with my wife and daughter's names and DOBs. With that small amount of info plus the spoofed number, USAA allowed them to request a debit card to be sent to an alternate address. They also allowed the limit for ATM withdrawals to be increased due to the caller indicating some urgent need. One real disturbing aspect of this was that my wife isn't authorized on my daughter's account (I'm the custodian), yet they allowed the crook impersonating my wife to request the ACH transfer from Fidelity (this account was previously linked to my daughter's account).
More concerning was that USAA allowed the same caller using the same spoofed number and limited info to close my fraud claim after I had reported it. This is also why they sent me correspondence saying the claim had been investigated and had been determined to not be fraud.
A detail I previously had not mentioned is that I had contacted Fidelity Investments the evening (Monday) the initial fraud was detected, as even though USAA had credited my account there for the ACH transaction and had already allowed ATM withdrawals, the Fidelity account had not yet been debited. I asked Fido to freeze my account. Unfortunately, the manager I spoke to failed to do that. When I called them back on Thursday to inform them of the second unauthorized transfer, not only did they close my account before it could be debited a second time, they went ahead and refunded me the original $4,750 in recognition that they should have closed the account on Monday. Kudos to them.
I will say that USAA's attitude changed dramatically when I started posting this story on their own Community Forums, their Facebook page, and Twitter. I received a call from the CEO's office on Saturday morning assuring me that they had failed and that I would be made whole. I would have preferred to not have to have done all of this so publicly, but maybe there are lessons everyone can learn from my pain.
It even inspired a blog article with some tips for everyone. Be careful out there, folks.
They then said I had had them rush an ATM card to 3rd party address the week before. I told them I had not and to please freeze the account. They said I should hear back from them in three biz days after they had time to investigate. I also updated all of my login and security questions that evening.
On Thursday, I checked my phone after getting off a plane only to learn there had been another $5k transferred to my daughter's account and ATM withdrawals were taking place. I immediately called and was told that I had called back on Tuesday and told them the fraud claim was a mistake.
They had lifted the freeze as a result of the fraudster calling back in! Before I could digest that, the rep told me the fraudster was on the phone at that moment claiming to be me asking to release funds.
Today, USAA emailed my daughter, not me, with a message "After a thorough investigation, we have determined that the above transaction is not fraudulent. We based our decision on the information we had available at the time of our review. This concludes our investigation, and no further action will be taken."
We'll see about that. You have choices, you may want to avoid USAA.
UPDATE (Tuesday 8/1/18): I just got off the phone with USAA, and they have made me whole (with the assistance of Fidelity Investments). I also have the rest of the story as to how the fraud occurred.
The crooks spoofed my home telephone number and called into USAA with my wife and daughter's names and DOBs. With that small amount of info plus the spoofed number, USAA allowed them to request a debit card to be sent to an alternate address. They also allowed the limit for ATM withdrawals to be increased due to the caller indicating some urgent need. One real disturbing aspect of this was that my wife isn't authorized on my daughter's account (I'm the custodian), yet they allowed the crook impersonating my wife to request the ACH transfer from Fidelity (this account was previously linked to my daughter's account).
More concerning was that USAA allowed the same caller using the same spoofed number and limited info to close my fraud claim after I had reported it. This is also why they sent me correspondence saying the claim had been investigated and had been determined to not be fraud.
A detail I previously had not mentioned is that I had contacted Fidelity Investments the evening (Monday) the initial fraud was detected, as even though USAA had credited my account there for the ACH transaction and had already allowed ATM withdrawals, the Fidelity account had not yet been debited. I asked Fido to freeze my account. Unfortunately, the manager I spoke to failed to do that. When I called them back on Thursday to inform them of the second unauthorized transfer, not only did they close my account before it could be debited a second time, they went ahead and refunded me the original $4,750 in recognition that they should have closed the account on Monday. Kudos to them.
I will say that USAA's attitude changed dramatically when I started posting this story on their own Community Forums, their Facebook page, and Twitter. I received a call from the CEO's office on Saturday morning assuring me that they had failed and that I would be made whole. I would have preferred to not have to have done all of this so publicly, but maybe there are lessons everyone can learn from my pain.
It even inspired a blog article with some tips for everyone. Be careful out there, folks.
