Compiled from Public Data by FairShake
The US government’s Consumer Financial Protection Bureau (CFPB) collects complaints against financial companies.
In 2021, the CFPB received 1368 complaints against USAA. USAA ranked Number 35 among all financial companies for the most complaints.
Date of Complaint: July 9, 2021
Company Official Name: UNITED SERVICES AUTOMOBILE ASSOCIATION
State: CO
Product: Checking or savings account
Sub-Product: Checking account
Issue: Managing an account
Sub-Issue: Funds not handled or disbursed as instructed
Full Complaint:
Between XXXX XXXX XXXX XXXX, USAA ‘s mobile app security failed to flag fraudulent/identity theft logins to our ( mine, spouse ‘s, adult child ‘s ) USAA profiles, despite such activity occurring on devices we do not own/never used, and despite other suspicious activities that preceded the fraudulent electronic bank transfers ( e.g., the hackers changed our phone numbers & USAA never tried to contact our old numbers on file for several years ; hackers turned off all security notifications in our profiles ; hackers set up several internal and external bank accounts and scheduled numerous electronic bank transfers in the exact amount of {00.00} ( behavior we NEVER engaged in during the 15+ years as USAA members ), etc. ) I’m a professor of Information Systems, and we teach our undergrads some of these basic red flags in our cybersecurity courses. I never would have fathomed that USAA doesn’t even have these basic fraud detection protocols in place.
XX/XX/XXXX – XX/XX/2021 : Hackers/cybercriminals stole approximately {000.00} from our bank accounts through fraudulent electronic bank transfers.
XX/XX/2021 : My spouse and I notified USAA of the fraudulent bank transfers and hacked accounts. USAA opened a fraud investigation and said it would take around three business days to complete the investigation. We pleaded with USAA to close or lock our accounts to prevent further fraudulent activity. They informed us they could not close our accounts and to just let the fraud investigation play out.
XX/XX/2021 : USAA Collections called me and my spouse and demanded we pay {000.00} to bring our accounts positive or we would be frozen out of all of our assets and services with USAA. I explained the fraud investigation was in process, and USAA said that it didn’t matter ; their protocol was to collect debts on accounts even if they were being investigated for fraud. Because I didn’t want to lose access to the funds I still had in banking and savings accounts at USAA, I paid the debt — trusting that USAA would restore our accounts when they concluded the transactions were fraudulent.
XX/XX/2021 : USAA sent a letter to my spouse ‘s USAA profile ( even though I opened the fraud claim ) denying our claim and stating ” no further action will be taken. ” XX/XX/2021 : We contacted USAA per the instructions on the letter to find out why our claim was denied. USAA reps said they had NO way to contact the Fraud Department that made the decision, but they put in a request for someone in the department to call us and to mail us the documentation detailing their decision. At this point, USAA is still insisting that my spouse set up the external bank accounts, that these accounts actually were in his name — something USAA verified as part of their process of vetting newly added bank accounts to user profiles ; however, none of this is true. A USAA rep had to instruct us how to find the account and routing numbers of the external accounts added to one of our USAA profiles. We reached the Fraud Department at one of the banks ( XXXX XXXX ), and they confirmed that neither my spouse nor I have ever banked with them. Thus, USAA ‘s practices for adding external bank accounts is missing the step of properly identifying the bonafide account holders on external accounts. If they had this process in place adequately, our money could have remained safe instead of stolen out of the blue with USAA telling us it’s somehow our fault and there’s no way for us to recover our money ( after also demanding we pay money from our savings to bring our accounts positive, which effectively allowed the criminals to steal even more of our money, though it came with the benefit of allowing us to re-gain access to the only checking and savings accounts we rely on ).
After XX/XX/2021 : USAA ‘s Fraud Department still has not contacted us, despite our submitting two formal requests through USAA reps ( after waiting for HOURS to speak to said reps ). We finally received a letter in the mail nearly two full weeks after we requested it — and it said NOTHING. The reason our claim was denied? ” Multiple USAA system security logs/records. ” Thus, to this day, nearly a month after we reported the fraud, we have no clue why they denied our fraud claim and we’re out tens of thousands of dollars — money we worked for DECADES to save.
Quite honestly, I am CONFIDENT USAA has broken numerous consumer protection laws in our case. At best, this was just poor business processes at a fragmented company, and my family chose wrong in entrusting USAA Savings Bank with safeguarding our money. At worst, and what I’m beginning to suspect, it’s simply normal practice for USAA to enable identity theft and fraudulent bank transfers of its consumers — a way to enable criminal activity on the dime of its consumers. It wouldn’t surprise me at all if USAA insiders are involved in enabling these schemes. The XXXX XXXX Identity Theft Specialist explained that their customer ‘s bank account ( involved in the fraud with our USAA bank accounts ) was hacked, too. That likely means that where our money went — the two accounts at some fintech company named Current — belong to victims, too. Thus, hackers can just steal credentials of consumers, exploit cybersecurity weaknesses in banks ‘ technical infrastructure and business processes, set up numerous ( generally up to five ) bank transfers in the amount of {00.00}, steal approximately $ XXXX from each banking customer while getting to wash their criminal money through these accounts too, and simply GET AWAY WITH IT. USAA essentially behaves as a partner to these crimes with their current practices.
Response Type: Closed with explanation
Public Response:
Company believes it acted appropriately as authorized by contract or law
FairShake accessed this complaint from the public archives of the Consumer Financial Protection Bureau (CFPB). You can file your own complaint with the CFPB here.