Cardholder Fraud Education
We want to remind everyone how stolen cardholder information is used to commit fraud. Fraudsters have become increasingly adept at getting cardholders to share the information they need to commit fraud by posing as financial institution call center agents, or by sending text messages that look like they are coming from their institution, warning of suspicious transaction activities. They are also known to call in to call centers posing as cardholders requesting changes to card information and parameters.
Fraudsters use information stolen through data breaches (at health insurance providers, reward program providers, credit bureaus, merchant terminals, and social media sites, to mention just a few recent ones) as well as through malware programs deployed on personal computers and other sources. Stolen personally identifiable information (PII) is combined with stolen card information, resulting in sufficient information to create profiles that fraudsters can use to position themselves as the actual cardholders.
Here are some tips to help you keep your information safe:
- A text alert from RCB warning of suspicious activity on your card will NEVER include a link to be clicked. Cardholders should never click on a link in a text message that is supposedly from RCB. A valid notification from RCB will provide information about the suspect transaction and ask the cardholder to reply to the text message with answers such as ‘yes’, ‘no’, ‘help’, or ‘stop,’ and will never include a link.
- A text alert from RCB will always be from a 5-digit number and NOT a 10-digit number resembling a phone number. Text caller IDs will be 20733 if you use the standard call center, or 37268 if you use the premium call center.
- A phone call from RCB’s automated dialer will only include a request for a cardholder’s Zip code, and no other personal information, unless you confirm that a transaction is fraudulent. Only then will you be transferred to an agent who will ask questions to confirm their identity before going through their transactions.
- A phone call from RCB’s automated dialer will only include a request for a cardholder’s Zip code and no other personal information, unless you confirm that a transaction is fraudulent. Only then will you be transferred to an agent who will ask questions to confirm your identity before going through your transactions.
- RCB will NEVER ask for the PIN or the 3-digit security code on the back of a card.
- Posing as call center agents, fraudsters will often ask cardholders to verify fake transactions. When the cardholder says no, they did not perform those transactions, the fraudster then says that their card will be blocked, a new card will be issued, and that they need the card’s PIN to put on the new card. Many people believe this and provide their PIN.
- Regularly check your account(s) online for suspicious transactions, but especially if they are unsure about a call or text message they’ve received. If anything looks amiss, call your institution directly for assistance.
- If you have received a voice or a text message from RCB’s fraud call center and are unsure about responding to it, call your institution directly for assistance.