WGPO BANK ACCOUNT HACKED

From Steve Pellinen:

Short Version

A little over a month ago I was notified that our bank account was overdrawn. Turns out someone had made a PayPal link to our account and was able to use that link to transfer our funds to their PayPal account. After more than a month of working with the bank, PayPal and the police, the situation has been resolved and we have been reimbursed for the entire amount withdrawn. The culprit has not been caught, which is disturbing.

I think we are going to change banks.

Long Version

About a month ago I received notice that WGPO’s checking account was overdrawn, and a journey began that would take me to our bank’s branch office near home to the bank’s home office in Ohio, to PayPal Security, to the local police department, back to the banks, back to PayPal, several more virtual meetings with the police, several more meetings and phone calls with our local banker, responding to information requests from all of these.

There was no legitimate way that our account could be overdrawn because during the pandemic the account activity has been negligible, with the only payments going to the attorney that was helping with our incorporation process. But over the course of a month, someone had withdrawn all of our funds (about $4,000) using an escalating withdrawal amount until the overdraft occurred, triggering the notice.

It turned out that someone had figured out how to link their PayPal account to our bank account such that they could withdraw funds via PayPal. Long story short, the case is still under investigation, with our funds being reimbursed per bank policy once they determined that we were not at fault.

But wait! No sooner had I confirmed the replacement of the stolen funds when I noticed that two more unauthorized withdrawals ($499 and $999) had been made. I immediately contacted the bank to enquire how this could be. Didn’t they put some type of block on this person’s ability to continue using their illegitimate PayPal connection? Well, it turns out that, no, the bank has no mechanism or procedure to prevent this from happening again and doesn’t work with PayPal to get them to stop this at their end. WTF? Don’t they care that they’ll have to keep reimbursing us for these unauthorized withdrawals?

After I talked with bank central, they informed our local banker that they can, in fact, block payments to PayPal when asked to do so. So I asked them to do so. Case closed, right? Not so  fast – those last two withdrawals would not be reimbursed. Again, WTF? This was exactly the same type of loss that they had previously reimbursed, so why not this time?

The explanation from bank Dispute Services: “We are unable to reimburse you for the transaction(s) in this dispute case for the following reason(s): The disputed transaction(s)looks like your normal account activity. You have previous undisputed transactions(s) for the same or similar retailers, location, frequency, and/or transaction amount(s).”

Seriously? This looks like the kind of conclusion an AI algorithm with incomplete information would reach. Surely no human investigator would have the gall to suggest that because they reimbursed us for similar amounts that these were now considered “normal account activity?” Or that those reimbursements were not made for disputed transactions just a few days previously? At this point I’m getting frustrated with the process and go back to my local bank branch for help. I find a sympathetic bank officer who takes on the task of dealing with the Dispute Services department on my behalf. Three weeks later, all is good, except that I received no explanation for why it took so long t. We have been reimbursed for all of the unauthorized withdrawals, I changed the password and we’re back in business.

But I’m pretty sure we’re going to change banks.