Wanted to issue a warning this morning. It sounds like a pretty large data breach happened within Bank of America. My HSA debit card was charged almost $2,000 at PrizePicks (online sports betting). I called in and faced a long wait time before being told this is happening to many of their customers. Same merchant.
I’m sure most customers haven’t seen this yet, because the charges are just pending now. Run and check your cards!
Bank of America HSA Debit Card Fraud
byu/Detroitideas inpersonalfinance
Posted by Detroitideas
2 Comments
Oof just checked mine and seeing the same PrizePicks charge for $1,800 – thanks for the heads up OP, calling them now
It’s probably not a data breach, just carding activity. Credit card numbers have a fixed prefix for the issuer and card type, plus a check digit at the end, so there aren’t as many unique card numbers as you’d expect.
With small banks it’s possible to leave large gaps, where a bad actor wouldn’t know if a card’s details weren’t all correct, or if the card just didn’t exist, but with larger issuers like BofA they have enough cards in circulation that basically all the possible combinations are in circulation, a problem that’s only going to get worse as we transition to 8 digit BINs. All someone needs to do is figure out the expiration date and locate a merchant that doesn’t hard decline on CVV2 failures or care about AVS matching.