I remember the day that my father brought me up the Bank of Montreal branch at Baie d‘Urfé Plaza to open my first bank account. I was 13 years old, flush with Bar Mitzvah checks (mostly in the amounts of $18 and $36), and in need of a safe place to keep it. Founded in 1817, the Bank of Montreal had, and still has, an enviable reputation for trust and security, and was named one of the Most Trusted Companies in North America by Forbes magazine last year. “Banks exist to keep our savings safe,” my father said on that say 49 years ago, almost to this day.
It turns out that he was wrong. Banks have nothing to do with keeping our money, our, deposits, our life-savings safe, at least not in the United States in the 21st century, and everything to do with extracting maximum value from consumers. With the disappearance of local banking and cash transactions, and the pervasive expansion of networked services and electronic commerce into every area of our lives, the bank is no longer merely a financial option, but an absolute necessity. One cannot participate in the economy today without the mediation of a bank, and the banks know that. So, they no longer see us as valuable customers whose savings they have a contractual and ethical obligation to protect, but rather solely as revenue sources from which they can wring their profits.
Patsies and suckers, as it were.
This really shouldn’t have been a surprise to me, and it really isn’t, but the reality came crashing home to me when someone cloned my debit card and drained my accounts at JP Morgan Chase of several thousand dollars over a month this winter.
This is how they did it: The fraud began the day after my spouse and I returned home from a road trip. I can’t say for sure, since I do not have the means to do a thorough investigation, although JP Morgan Chase does, but I suspect that a gas station attendant cloned my debit card when I handed it to him. You can’t pump your own gas in New Jersey, so there is always a few minutes when whatever card you use to fill-up is out of sight. Admittedly, it was an error to mistakenly hand my debit card, rather than a limited credit card, to a stranger.
According to Chase, the thieves entered my debit card info in an Apple Pay wallet, so that when I had my card replaced due to a different fraud, it automatically updated in Apple Pay. Significantly, I am not an Apple user and have not used any apple products since my I retired my 160 GB iPod Classic fifteen years ago. Nor have I accessed my Chase account, on the web or through the app, using an Apple device once in the 21 years since I opened it. (It was then a Washington Mutual account.)
The actual fraud consisted of numerous eBay transactions to what I assume were dummy accounts. I did not notice them because they were mostly smallish transactions of $50-80, and infrequent at first, and because I don’t check my account every day (that has changed), and I didn’t notice $50 to $80 disappearing from my account. I did notice that my balance was lower than it should be, and that my savings was covering an overdraft in my checking, but I just thought that I was simply profligate, buying coffee and lunch at work and groceries that I don’t really need.
But the transactions accelerated, and I received an overdraft warning on 22 February. This should not have been possible because I had just been paid the Friday before, and I was scrupulously watching my spending to pay for a large imminent expense. Besides, my savings should have covered the overdraft. When I looked, I noticed all the eBay transactions, which had been increasing over the previous week. They were not mine, especially since I always use PayPal on eBay and Etsy and because I had not bought anything on either platform in several months.
It turns out that one month of small transactions, at three-to-five transactions per day (11 on one day!), added up to a lot of money. I contacted Chase, confident that the bank would, as it is both legally and ethically required to do, reverse the transactions and return the thousands of stolen dollars to my accounts. After all, I have been their customer since I arrived in the United States and, as my father told me almost 40 years ago, “banks exist to keep our savings safe.”
But, of course, they don’t. Although JP Morgan Chase claims that, for “225 years, we’ve served our customers, shareholders and communities with integrity and respect, and that they “work diligently to uphold our core values in everything we do,” that’s just window-dressing for suckers like me. Chases “business principles,” as they call them, seem mostly focused on fleecing the rubes who are stupid enough to trust them with our money. And that became abundantly clear ten days after I reported the theft to Chase’s fraud department.
I called the fraud line as soon as I discovered the crime on 22 February; the representative, Gustavo, directed me to Hriday, and agent in a call centre in Mumbai or Kolkata. Hriday was very nice and sympathetic, and assured me that the bank would open an investigation and that the stolen funds would be recovered by 6 March or, or Chase would issue a temporary credit. I hung up, feeling confident that the situation was in good hands (this is, after all, why we place our savings in banks and agree to pay their usurious fees), and expecting that I could get on with my life.
Ten days later, my savings had not been restored and, instead, I had an update on my claim. It had been sent to my account on 24 February, only two days after I first reported the fraud, and informed me that:
- We found that the transaction(s) was processed according to the information you provided or was authorized.
- No adjustment will be made to your account at this time.
- Contact us if you would like to request the information we used for our research.
I called the number provided and spoke to a different call centre agent, this time Mia, also in Mumbai or Kolkata, and she assured me that Chase would reopen the investigation. She even called me the next day, while my spouse and I were hiking, to request additional information and confirmed that, apart from the fraudulent transactions, I have never used any Apple product to do anything in my account. She assured me that that there would be “more information in three-to-five business days.” Three business days later, I received another notification:
- We found that the transaction(s) was processed according to the information you provided or was authorized.
- No adjustment will be made to your account at this time.
- Contact us if you would like to request the information we used for our research.
My claim was denied again… On my wedding anniversary, no less. I called Chase again two days later, when I had the time to sit in IVR Hell, and insisted on speaking to someone who worked for the bank in the United States; I was skeptical about whether the information was getting from the Indian call centre to the Chase Fraud Department. I spoke to Khadijah and her supervisor Teresa – Chase representatives never provide their surnames so that, I suspect, they cannot be held accountable for anything. I can’t name someone in a lawsuit, after all, if I don’t know their names.
They assured me (again) that they would do everything possible to investigate the fraud; Khadija is even, I was told, an investigator in the Fraud Department. I was doubtful, however, and I requested, as the letters had said, “the information we used for our research.” Teresa informed me that this would require a subpoena.
I am, of course, skeptical that Chase is actually doing any research. There is certainly ample evidence that, while the transactions were “authorized,” they were fraudulently authorized using an Apple Pay Wallet into which my debit card was fraudulently entered. Moreover, that Apple Pay Wallet resides on an iPhone that connected to a mobile data network at a geographically-identifiable access point (a cell tower), and all that information should be easily accessible to Chase (which has all the data scooped from app use). And that would conclusively establish not only that I did not authorized these transactions, but who, in fact did.
But that would be too much work, I guess, and Chase is less interested in protecting my account than enacting a kind of security theatre to avoid liability. It is hard to shake the feeling that the world’s biggest bank is stonewalling me until I just give up and accept the loss. Investigations cost money, after all, and as my spouse wryly noted, banks like Chase don’t get big by admitted their mistakes and giving customers back their money. They get big by taking money. To make matters worse, by claiming that I am trying to recover funds from transactions that I authorized, Chase in implicitly accusing me of attempting perpetrate a fraud.
There is very little that I can do here. Despite Chase’s indifference to the matter, I was the victim of a crime – perhaps two crimes – and I have reported it to my local police and the County Prosecutor’s Office. I don’t know if that will make any difference, or if they will be able to penetrate the bank’s corporate opacity. I suspect that it will require a court order, in any case. I could hire a lawyer and sue, but that would almost certainly cost me more than any money I might recover, something that I am sure Chase is counting on.
The four trillion dollar bank holds all the cards, and despite the appeal to its two centuries of “core values,” “integrity,” and “business principles,” this is 21st century America when, as Gordon Gecko once said, “greed is good” and you can do anything as long as you can get away with it. Chase is getting away with it and, as it turns out, it is making a liar of my late father.
But Joe Friedman was born a century ago, in a different time, when customers were people the tellers and bank managers would see a few times a week at the window or at the loan applications desk. Greed and dishonesty were everyday realities then, as well, but when we interacted with other humans at the bank counter as humans, those base impulses were mitigated and muted. My father could say “banks exist to keep our savings safe” with a straight face and believe it because that was the social contract.
Today, we are mere datapoints in the cells of a vast, networked spreadsheet. Customers like me – like us all – are merely resources from which corporations like Chase extract value, since value is the only consideration. I am ashamed of how foolish I was to think that my bank had any interest in the security and well-being of its customers.
I have learned my lesson.