---

I Didn’t Imagine Capital One’s “Service” Could Be So Wretched…

At Capital One, our mission is to change banking for good by bringing humanity, ingenuity and simplicity to banking.

Capital One mission statement seemingly not supported by their fraud department’s actual behaviour!

Nicholas and I had a rather nasty surprise that started out seemingly being another one of the many unsolicited credit offers that assault our post box on a weekly basis.

This one felt different where it seemed to have an actual plastic credit card in it rather than the usual cardboard plastered to the same “how can we royally screw you financially” offer everyone seems to send round about every other day and that’s why it actually got opened.

At a quick glance, it didn’t seem anything was out of the ordinary and was about to hit the top of the pile of shredder fodder on top of the industrial grade shredder when on a whim I took a closer look at the card itself and noticed it actually seemed to have a real number, CVV, and expiry date.

Welcome to HELL, identity theft division and instantly horrifying memories of the last time this had happened to me decades earlier which led to a three year period of misery where I was having to constantly prove my innocence rather than have it presumed in law without many of the tools available in the modern internet age. We had rudimentary websites that were barely a step up from gopher but the idea of robust e-commerce was still many years away and credible online banking/credit wouldn’t show up until well after that.

Three years of frustrating phone calls and many letters filled with affidavits and other documentation to three different but generally equally disinterested credit bureaus, I was finally able to reclaim my perfect record in spite of the best efforts of the credit bureaus to defend their mighty mountain of utterly inaccurate if not fraudulent information they felt they had on me.

When you join one of our many Customer Care teams, you’ll be empowered to provide our customers with a level of service that sets us apart from the rest.

Capital One’s theory on their call centre’s customer focus and service

The first call to Capital One’s Fraud Department (who honestly seem more interested in their sacrosanct policies that favour the scammers and fraudsters!) landed somewhere in India as far as her name, accent, and the relative time of day.

She seemed OK at first though her understanding of clearly spoken English didn’t seem quite up to snuff as we were trying to get her to understand the concept that when we’ve already established that a credit card account under fraudulent circumstances has been established in my son’s name but for some reason with my telephone number, it’s not particularly comforting to the potential victims of identity theft to give even a part of their SSN over an unsecured wireless phone line to a total stranger, especially one half a world away just to have her confirm it matches what’s in their files.

The last four digits and some information are enough to guess the other five digits of a SSN in 95% of the cases. OK, for me it won’t do much for the bad guys for…reasons…but that’s their problem, not mine.

We finally got her to supposedly send us a text code to work round that problem after she demands that we listen to a completely unnecessary (for us, at least) canned statement about mobile carriers and text charges that I have zero interest in hearing and…dial tone. Quelle surprise.

Second call and we get a different person in India who seems at least more intelligible (and I’ve got a passing familiarity with listening to Hindi-tinged English and basically understanding what’s going on) and we go through the same spiel with her and are rewarded with an additional revelation the first person never bothered to share with us in that Capital One had actually had suspicions that this request to open the account was fraudulent and had flagged the account.

That rather begs this question: if Capital One was already suspicious, why in the name of all that is holy did they still open the account and put a card that could be activated fairly easily if the scammer had gotten the process this far to issue a card into the bloody post without even trying to ring the phone number on the account to verify this was a legitimate credit application?!?

That seems a case of actual stupidity on their part as opposed to their AI algorithms being fooled!

Once again, her policy seems far more important than answering the one question I have at this point…whose SSN was used in this attempt to fraudulently open up the credit card?

Now, you’d think after the five minutes of resistance and defiance I got from the first person about her demanding I disclose the last four digits of the SSN and they think that’s such a safe practise that they might well return the favour and let us have those very same digits they have in their file so that we have a chance of heading off any further potential fraud before it has a chance to happen.

Of course not.

At this point, I’m pretty much over her quoting policy I can truly care less about and both Nicholas and I ask for a supervisor a few times before she finally goes looking for one.

After a few minutes, we get the absolute joy of a customer service supervisor named Jason.

Clearly he was based in the United States as his two predecessors clearly were not and that is the only positive thing I can say about the interaction with him.

Never mind that *HIS* financial details aren’t out there to waiting to be abused, he made it very clear from the get-go that he feels he’s completely in charge of the interaction and his attitude was alternating between condescension, contempt for the potential victims, and slavish devotion to his policy and process.

I’m certain all three will allow him to keep his job but I remember the attitudes I dealt with when Capital One was still known as Signet Bank from Richmond VA and had a credit card with them. If anything, the snotty and superior attitudes seems to have gotten far worse…it’s very clear that we were there to service him and the needs of Capital One rather than the other way round.

I already had no desire to do business with Capital One and Nicholas certainly didn’t either.

Jason’s complete lack of empathy and anything approaching understanding past “I can hear the frustration” before piling on far more of it on top of what his two previous colleagues had done certainly didn’t encourage us to want to ever do business with their company in the future if that’s the kind of “customer support” we can expect. It’s kind of hard to hold the two ladies accountable (not only because they’re in India) when their supposed US-based supervisor is far, far worse.

He didn’t seem to appreciate that time was of the essence to try to protect our credit records from further damage and that knowing which SSN was potentially compromised would be invaluable in successfully doing so. You’d think that someone in a department that’s supposedly about preventing fraud would find a way to be helpful to those actually being victimised by it!

Alas, no.

There was absolutely no getting through to him that time was of the essence. He’s rabbiting on about an “investigation” that can take 60-90 days (allowed under the law, to be fair) and that eventually they’re supposed to put a report in the post to us. But there’s no way we can wait that long for them to figure out for themselves what I’ve already deduced from the evidence and I needed to get things locked down as quickly as I could.

The condescension and arrogance from Jason was palpable throughout the conversation. No attempt to try to de-escalate or even show the faintest hint of understanding and empathy. He genuinely could care less…he puts in a report, likely some other underling has to do the “investigation” and he’s washed his hands of us. I can only hope he treats actual customers with far more respect than we received.

I was particularly moved by his humming a tune as I’m trying desperately to get him to understand our point of view only for him to cut me off and then decide to berate me (in front of my own son!) after already showing a completely insulting and disrespectful attitude.

Next time, at least have the courtesy to put yourself on mute when you’re determined to show us just how much you don’t care.

I finally end up giving in under duress after he threatened to disconnect and gave Jason the last four digits of the SSN for each of us. Actually, I biffed Nick’s with the last four digit’s of Katie’s phone number as I was so angry and just ready for the nearest black hole to swallow the whole of Capital One. In spite of that, I was able to determine that the likely vector of attack wasn’t via mine.

And Jason the complete bell-end of a supervisor and laughable excuse for a human being couldn’t disconnect that line fast enough.

Truth be told, I would have been only a few milliseconds slower.

So what’s in *MY* wallet or Nicholas’? I can guaran-damn-tee it not only isn’t Capital One, it will *NEVER* be Capital One for either of us. Not that I expect a massive bank with nearly $37B in turnover for the year will give a rat’s rear end about that but that shouldn’t be a surprise when three people in their “customer service” ranks couldn’t be bothered to show even a modicum of respect during the encounter for a fraud they largely allowed to be perpetrated against us.

Yet another of many reasons I have zero use for commercial banks and try to limit my interactions with the financial system to credit unions and USAA. They aren’t necessarily perfect but the rare times I’ve had a problem, I’ve been listened to and at usually provided at least reasonable solutions.

Every time I’ve been at the mercy of a commercial bank, it’s usually ended in tears.

Putting a Band-Aid on a Badly Broken System

Now it’s time to try to limit further attacks by freezing his credit report with the three main credit bureaus. Sadly, you have to do this with each and every one of them and the experiences are very different.

Enter the friendly legislation I wish I had when I went through this hellish journey long ago…the Fair Credit Reporting Act (FCRA) which allows you to force the credit bureaus to put a freeze on your credit report preventing it from being reported to creditors to open a new account in your name as well as a fraud alert that requires creditors to verify via phone that you indeed are attempting to open that line of credit. You’re also entitled to one copy of your credit report per year (ordinarily I’d get mine on my birthday but haven’t bothered in years as I’ve had no need for credit).

At no charge to the consumer (but watch for the up-sells)!

Fortunately, most of this can be done online and three new accounts at the credit bureaus and a permanent opt-out of pre-screened offers to go into the post later, we were able to determine that this seemed to be the only attempt to open a line of credit so far on his credit record.

• Each of the sites (Equifax, Experian, and TransUnion) generally allowed relatively easy account creation and verification, often by a code texted to the phone.
• The attackers exploited all three of the credit bureaus as they’re all showing a hard inquiry. Now, supposedly Capital One will have those hard inquiries removed once their “investigation” is complete but that’s 60-90 days away which is why it was so critical we knew which SSN was the attack vector so we could block as many other potential attacks quickly with a report freeze and fraud alert.
• Finding the widget to allow the freezing of the credit report was very painful on Equifax’s site as it’s buried under a few screens. Experian’s and TransUnion’s were much more accessible and on the main dashboard.
• Equifax also gets a “F” because of all of the three sites, theirs is the only one that does not provide a “PRINT” button to actually print a human-friendly version of the free credit report. You have to go to every section and expand it and then expand the details and print each screen to PDF. Twenty PDFs later and I was able to combine it into an ugly looking full PDF. I know that it had to be some marketing nitwit that figured it’d be a great idea to put the “PRINT” button behind a paywall but they really need to be drawn and quartered, their head mounted on a pike, and their entrails spread on the walls as a warning to others to never be so stupid again.
• Experian’s user-interface was by far the friendliest of the lot with TransUnion a close second.
• The dispute mechanism on all three sites were actually remarkably straightforward and very easy to use. Most of the inaccurate items were able to be disputed with a click of a button and for one where they’d biffed the spelling of my name, I had to upload a copy of my passport card. One can’t help but come to the conclusion that the reason all three of the bureaus made the online dispute function pretty painless is the sheer volume of garbage they’re hoovering into our credit reports in the first place.
• TransUnion worked great for Nicholas but when I created a completely separate account to go get my credit record frozen, absolutely no joy. I suspect they’re capturing the IP address and enforcing a 24-hour timeout as this also happened in another browser with the same account. I suspect it’ll work fine tomorrow near midnight but their implementation could be far more intelligent to take the difference in logged-in user into account when deciding to essentially lock out critical functions.
• The site for opting out of pre-screened offers of credit and insurance was pretty straightforward and easy to generate the form that must be mailed. I used to actually like seeing those offers to see the evolution of greed on the part of credit card issuers over the decades but now I really don’t care anymore. There doesn’t seem to be an appreciable difference except in annual percentage rates (APRs) and the penalty APRs and what may trigger them. It’s not like the good old days where you’d have the occasional bastard card try to sneak two-cycle average daily balance method of computing finance charge past you.

What pisses me off is that we have to go through all of these hoops of dealing with disinterested bank fraud departments who seem more interested in helping perpetuate the fraud than showing any empathy toward the victims of it. Now, God help us had that card been activated and we’d have had the devil’s own time with them to avoid being stuck with a massive bill we had nothing to do with other than Capital One being easily fooled by the criminals to the point where it darned near worked.

It’s not unheard of for people pulling this kind of stunt to try to intercept the card in the post and activate it themselves and have a grand old time. This is where having USPS Informed Delivery is helpful as you can bet I’ll be making sure that anything that smells like it came from a bank or credit union will spend the absolute minimum time in the post box.

FCRA has helped curb some of the worst abuses of the credit reporting industry but the “freeze” and “fraud alerts” are band-aids at best on a gaping wound to a critical artery! So much garbage goes into the credit reports that is inaccurate at best (I can’t wait to see how old TransUnion thinks I am now as they thought I was in my 50’s back when I was at university which is why I got AARP solicitations right after graduation!) and so many data sources are considered gospel when they should be treated with suspicion that it’s a miracle the credit reports are at all useful.

And that’s not even talking about the massive data breaches that banks and the credit bureaus have suffered through the years where untold amounts of very sensitive personal financial data is now floating out there for the criminals to use just like this instance.

We got lucky this time but the vectors of attack seem to be getting exponentially worse as the technology improves. When my identity was stolen, the bastard that did it had a second card reader under the counter at the petrol station and back then the magnetic strips had your SSN encoded in it. Once he had that, he had my Florida driver’s licence (which used the SSN as the ID number) and went to town.

Even after being able to walk into that station a month later and have two Flagler County deputies collar the bugger and add additional fraud charges to what was already a long list that ended up getting him sent to Starke for a very long period of time, it still took three years of fighting the credit bureaus tooth and nail in a process where I was presumed guilty until I proved my innocence. Three horrible years I wouldn’t wish on my worst enemy… 🙁

Most of us never see the people who do this to us but actually looking the crim in the eye and seeing him locked up didn’t really improve the experience markedly.

The banks and the credit bureaus have made it embarrassingly easy for the bad guys to screw the people who just want to use the financial system honestly and pay their bills on time and as agreed.

They say they are committed to security but the sheer volume of fraud says they’re hopelessly unable to effectively combat it. The fraud’s a tax write-off as well as increase in fees to the consumer because there’s no way Mr Potter won’t extract the maximum ransom from a clientele to fatten their already obscene profits.

When you add to it a massive too-big-to-fail bank’s fraud department that should care showing clearly that they don’t and are completely unaccountable and that the consumer is left to fend for themselves, it erodes the very confidence in the credit system that they were supposedly trying to achieve.

I’d say that this was right up the Consumer Protection Finance Bureau’s (CFPB) alley but even before Elon Musk and President Trump targeted it for termination to prevent them from curbing their own dodgy dealings, it was really a paper tiger at best. Sure, they had some wins to the tune of $20B for $1B invested in the agency which is great and all but when they allowed Santander to completely walk on violating notice requirements for installment loans because the company’s official reply was “we don’t feel we violated the law” when I proved conclusively they had showed CFPB was there for the flashy busts with big fines and not really interested in prosecuting the nastiness of the industry beneath the surface.

That’s why I’ll probably not even bother to send CFPB a copy of this. I can’t imagine they’ll care any more than Capital One will. 🙁