U.S. Bank FlexPerks Security Hole

Published on January 15, 2010 in daybook. 0 Comments

Way off topic, but I want to get this logged someplace public:

Two weeks ago, some fraudster with a Pasadena address added himself to our U.S. Bank FlexPerks Visa account. The card’s fraud department noticed this and froze our account without notifying us. When our card started being rejected by everyone we phoned up, closed the old cards and got new cards.

This morning, we phoned up the card’s automated system and it rejected our ZIP code and phone numbers. Ugh, fraud on the new cards as well?

After fifteen or twenty minutes on hold, this is how the U.S. Bank fraud people explained our new problem:

When we reported the previous fraud, they fixed it in the card system but not in the main back-end system. When the two systems reconciled, the main system added the fraudster back to our card account—onto our new cards!

Thanks for your honesty, U.S. Bank, but we still closed our accounts. If you like, we can recommend some security ninjas who can close those holes for you.

Image CC-BY-NC-SA by Vicky TGAW

Comment on this post.

  • Share/Bookmark
Tags: infosec

0 Responses to “U.S. Bank FlexPerks Security Hole”

Feed for this Entry Trackback Address
  • No Comments

Leave a Reply

You must login to post a comment.