Saturday, October 8, 2011

Public service announcement: Check those old passwords!

We noticed last night that our bank account got charged for two Microsoft items (to be exact in case anyone googles this: MICROSOFT ONE MICROSOFT W 08003865550 WA ) and did a little digging to try and find an answer as to why it happened. We wanted to post the information we found out in case it can be helpful to anyone who goes through the same thing- what we found helpful and what we would suggest avoiding.

After we noticed the charges, we called Microsoft right away. This is something that we would NOT suggest doing. (The most common phone number you'll get when you search on the internet is 866-672-4551. This is the phone number for their billing department- more specifically, the department that handles subscriptions.) It seems like others have also tried this route and have had no success getting the problem solved. The first thing the representative did when we tried to explain the situation was ask for our full credit card number. Our reaction: "Wait, what? Someone just committed credit card fraud and now you want us to give you our full number?" They told us something about how the credit card information is not stored (which does not make sense, because then why would they want the full number? The rep had no explanation.). We tried another number for Microsoft and just got transferred back to this billing number, and got told the same thing. It seems like all roads when calling Microsoft about fraud lead to this department, and they don't have any answers. The second rep admitted that the credit card number would be on file, but not your security code or the expiration date of the card. We still did not feel comfortable giving the credit card number out.

Our second call was to the bank, to dispute these charges and have them send us a new card. (If this kind of fraud happens to you, it will probably not be due to a lost card. Your poor card will probably still be sitting safely in your wallet. Call the 1-800 number on the back of the card to talk to someone.) The rep was able to see the charge right away, and the full information about where the charge came from, which is not something you can always see when you're just checking your statement online. In any case, at least we have the peace of mind knowing that the random person who bought the two things can't do it again.

Our third call was just as helpful, and we think that after you call your bank, it should be your next call. We gave up on getting help through Microsoft and got more specific- we called XBOX support. (The direct number there is 1-800-469-9269.) If you call you might be a bit intimidated by the huge menu, *lol*, but just make sure you get to the part where you can speak to a real person. I think we went through the billing department, and the first (and only) person we spoke to was incredibly helpful, sympathetic and understanding, not only fixing the problem on their end but also explaining how it might have happened in our case. We each had different questions, and so this patient rep ended up talking to almost every member of our family in turn to answer them. He could see on our account exactly what the person had tried to do, and gave us reassurance that the matter was being investigated, and told us how we could keep up with that investigation (it takes 25 days to make a full investigation, but they restore your account completely and put everything back the way it was before the fraudulent charges were applied.)

Even if you don't even have an XBox, but someone does this to you, we would still suggest calling the Xbox support number. (Whenever we've had to talk to Microsoft support, we've had negative experiences- but whenever we've had to call XBox support, we have come away with glowing praise for the reps. Haven't been able to figure that one out.) At the very least, the rep can ask you questions to try to find a link between the charge and your recent activity. The rep we spoke to asked very specific questions (including the last four digits of our credit card number as confirmation, which we are completely okay with) to see if there was any way that someone could have taken our credit card number or hacked our computer. Like I said, I've noticed from research about this problem that it's even happened to people who don't even have an Xbox or Microsoft account of any kind, but calling can still, at the very least, let them know that there is a problem, and they can give you some suggestions.

I think the most valuable piece of advice we came away with today was to check and make sure that any passwords for old e-mail accounts are still secure. It happens all the time in this busy world- we get an e-mail address, then suddenly months or years pass and we haven't checked it or even thought about it because we have another one that we use more. But hackers get better all the time- and nowadays even the big companies are getting hacked (Sony, Google, Microsoft, and many more!), so if you have any old "straggler" e-mail accounts, they may not be secure either. And if any of those old e-mail accounts are linked to your online activity, you are susceptible to fraud (or at the very least, privacy invasion!). We believe that this was the link to this charge in our case- one of the "big guys" got hacked (MSN) and we were one of the "little guys" whose information is now out there somewhere. And it's just a good policy anyway to keep your passwords up-to-date and secure- can you imagine how insecure your passwords from a few years back are when we are now being encouraged to use capital letters, more numbers, and special characters? Check those old accounts or close them, and make sure that you change the passwords often (one site suggested every three months).

Okay, well, I'm sorry if that was long-winded, but I hope you can learn from our experience and prevent this from happening to you. :-)


Post a Comment