Compiled from Public Data by FairShake
The US government’s Consumer Financial Protection Bureau (CFPB) collects complaints against financial companies.
In 2018, the CFPB received 1126 complaints against USAA. USAA ranked Number 32 among all financial companies for the most complaints.
Date of Complaint: January 16, 2018
Company Official Name: UNITED SERVICES AUTOMOBILE ASSOCIATION
State: VA
Product: Checking or savings account
Sub-Product: Checking account
Issue: Managing an account
Sub-Issue: Problem using a debit or ATM card
Full Complaint:
Late at night on XX/XX/XXXX, I received a text message from USAA providing a 2-factor authentication code for account access that I did not request. I contacted the bank immediately, and discovered that a fraudulent individual had spoofed my cell phone number, attempted to guess my numeric phone pin and verbal phone password incorrectly multiple times, and had been asked only for the last four digits of my debit card number ( which must have been skimmed ) and was authenticated to make changes to my phone password and pin number over the phone. This fraudster clearly also could not provide the 2-factor code I received since they were only spoofing my cell phone caller ID, but still was permitted to change my phone password and numeric phone pin without it. Prior to this, I was told that my account was set to the highest security and that if the verbal phone password was not provided, no access to my account could occur over the phone. The USAA agent ‘s failure to follow the security procedures promised to me by USAA allowed this hacker to begin changing information on my account through the bank ‘s mobile app ( which they were able to download, and which I was told could only be downloaded once per account per USAA ). I initiated a fraud investigation with USAA within minutes of receiving the fraudulent 2-factor text and had my accounts frozen. I was told they would remain frozen for 72 hours and was told to ” have a drink and relax ” by the agent, who treated me as if I was overreacting to the situation because ” my accounts are insured ”. Two days later after no follow up, I contacted USAA again and was told the fraud investigation was still in progress and my accounts would remain frozen. Thirty minutes after the call, I received an email from USAA stating that my passwords and security questions had just been reset. When I called the bank immediately, they told me the fraudulent individual spoofed my number a second time and the USAA bank agent they spoke to reactivated all the frozen accounts despite the active fraud investigation being in progress. In the time it took me to call USAA immediately after the email was sent, this fraudulent person added a phone number to my account to divert my 2-factor authentication, and accessed my driver ‘s license and auto information from my auto insurance, my life insurance information, and all of my other personal information stored by the bank ( including my place of employment, etc ). I was forced to change my personal phone number while on the line with an agent to further deter this fraudster ( USAA told me they refused to perform call backs to confirm the number their customers are calling from because ” it ‘s inconvenient ” ), and I had to change all of my other personal information because of the bank ‘s lack of security and failure to follow security features on my account. I again requested the verbal phone password be mandatory and was told it would be by multiple agents, but have literally never been asked for a password by any agent ( I have spoken to at least 20 different agents ) during any call I have made since. I attempted to follow up regarding the fraud, and was told no one could discuss the fraud attempt with me for an entire weekend ( from a Friday to a Monday ) because ” the fraud team does n’t work at that time ” and USAA had frozen my accounts ( allegedly ). The following Monday once someone would actually address the issue with me, I had to change over my account numbers for all accounts, and in doing so the bank agent made an error which caused the bill pay / transfer system to not function. The bank agent also ” advised ” me during this call that I had a great credit card offer with USAA and suggested I call back the three credit reporting agencies I had just initiated fraud alerts and credit freezes with, unfreeze my credit, and apply for a new USAA credit card ( I ca n’t make this up ). Because of the bill pay issue, I have had to call multiple times to follow up on this ( it still was not resolved as of XX/XX/XXXX). I have not been asked my phone password by one single agent at the bank. In reading community reviews of other attempted account takeovers at USAA, I have noticed many consistencies with what has happened to me which makes me concerned that bank agents are involved in these fraudulent takeovers ( or perhaps the bank was hacked and USAA has n’t informed customers ). For example, the fake password they attempted to add to my account was ” XXXX ” and dozens and dozens of reported account takeovers from other USAA members reported funds being withdrawn from XXXX, Florida ATMs. Additionally, the complete lack of security and blatant lies by the agents regarding the security of my account are appalling. I was told by dozens of agent supervisors that my account was flagged for fraud and NOT ONE single agent has confirmed my identity despite my account stating ” Mandatory phone password ” in red ( per the USAA supervisors ). The agents involved in my experience also allowed this hacker to change over all my bank information without verifying me beyond a bank card despite many red flags such as incorrect PIN, incorrect phone password attempts, and inability to provide a 2-factor authentication code. I was never even notified that an attempt to access my account over the phone had been made ( you would think if someone called in and started guessing your personal information wrong that you would notify the customer of suspicious activity ). I currently have new accounts which I can not pay bills from, and until it is resolved I am essentially locked into the account ( as I can not transfer my own money, which is suspiciously convenient for USAA ). I feel that the bank negligently broke their own security policies, lied to me as a member regarding the security features on my account multiple times and then went beyond lies and promised security features that are clearly not used or enforced, aided in the theft of my identity, and I personally think that there may be USAA agents that are complicit in the account takeovers occurring with USAA. I am very disappointed in USAA after this experience. Given the numerous customer posts on USAA community boards that are all personally addressed in comments by USAA representatives, this bank is clearly aware of the methods these hackers are using to takeover accounts and should provide appropriate security for members. For me, what could have been a simple foiled attempt to access my account turned into a breach of ALL of my personal information, which has resulted in hundreds of hours of follow up, police investigations, and money spent on credit freezes and endless inconvenience all directly caused by the agents at USAA. And ultimately all they care about is whether I unfreeze my credit long enough to apply for one of their credit cards.
Response Type: Closed with explanation
Public Response:
Company believes it acted appropriately as authorized by contract or law
FairShake accessed this complaint from the public archives of the Consumer Financial Protection Bureau (CFPB). You can file your own complaint with the CFPB here.