A few days ago, I got a call from my girlfriend, Olivia. I was so deep in working on my startup, Parse.ly, that I hadn’t checked my bank account statements in several weeks. We just went into private beta last Thursday, after DreamIt Demo Day. She noticed some suspicious charges, and so I looked into them. Indeed, it looked like I had been a victim of fraud: there were three charges that clearly was not me.
I immediately called Chase Customer Service. In order to confirm the details about my account, the representative needed me to identify the fraudulent charges, but also identify charges that were actually valid. For this latter bit, I needed to identify the time/place of a specific transaction. This card was mostly used for online auto bill payments, so this turned out to be impossible for any of my last 20 valid payments. Yet the customer service rep insisted that I name a time and place. I told her, “The time and place was whenever the server for this system decided to automatically bill my account. I don’t know where their server is, I don’t know what time their cron jobs run.”
“Cron jobs?” she said.
Right, I had been hanging around techies at DreamIt Ventures for too long. “Listen, the transaction didn’t take place physically, it took place digitally. I can identify one transaction, which is about a month old, where I actually used the card in-person to buy something.” She finally understood and let me move on.
Burak from Trendsta said he felt bad for me, for how patient I had to be with this person. But that was the least of it. This little technical misunderstanding was nothing compared to what followed.
I was told that in order to get a credit back from my account, they had to collect from me a signed affidavit indicating the charges were fraudulent. This affadavit would be “securely shared” with me via e-mail. OK, “sounds good” I said. I waited around for the e-mail to come in.
Finally, two e-mails arrived in my inbox. The important bits are in red. First:
Message from Chase Customer Claims Secure Document Exchange
From: [email protected]
Welcome to the Chase Customer Claims Secure Document Exchange. You recently contacted Chase regarding your claim number XXXX. Your documents are available for your review.
Per our telephone conversation, you will need to register to our secure website.
Your initial password is: passwordYour initial user name has been sent to you in a separate email.
On your first log in, you will be required to select a new password.
Thank you for using Chase Customer Claims Secure Document Exchange.
To contact Chase for claim related questions or to withdraw your claim, please call 1-866-564-2262.
Any geek reading this will immediately identify some key things wrong with this e-mail that make it look like a total phishing expedition. Namely:
- The e-mail address, rather than being from a chase.com domain, was from a strange domain named “secure-dx.com”.
- Rather than sending a cryptographically secure, expiring activation link, a default password was sent in plain text.
- To make matters worse, the password is the same for all users, and thus anyone who can guess my e-mail address can easily impersonate me on this “secure document” website.
- The default password is “password”. WTF?! I mean, c’mon?
I didn’t quite understand why I needed a “second e-mail” now, but I opened it up. Here it is, excerpted:
Your Chase Customer Claims Secure Document Exchange Electronic Package is available online
From: [email protected]
ANDREW MONTALENTI,
Welcome to the Chase Customer Claims Secure Document Exchange.You recently contacted Chase regarding your claim number XXXX. Your documents are available for your review.
Per our telephone conversation, you will need to register to our secure website by clicking on the link below or copy and paste the link into your browser’s address bar.
https://chase.secure-dx.com/consumerdcx-chase_atm
Your user name is [email protected]
Your initial password has been sent to you in a separate email
On your first log in, you will be required to select a new password. NOTE: This site is different from Chase.com and passwords are not related. Updating your password on Chase Customer Claims Secure Document Exchange will have no impact on established Chase.com passwords.
Once registered, you will be able to access your customer correspondence on our secure website. You may be offered the option to complete and sign the form online if you wish to do so. […]
To say I was confused would be a major understatement. I was downright depressed.
My guess is that the engineers at Chase thought that by separating the “password e-mail” from the “user e-mail”, that somehow made the whole communication more secure. Two e-mails are better than one, right?
The most important thing to point to is the link. The link where this secure communication will happen is not at the chase.com domain Instead, it is at https://chase.secure-dx.com/consumerdcx-chase_atm. There is no way, NO WAY this is a real Chase site, I think.
I click on the link and in Firefox, I see this:
At this point, my paranoid self turns on. Curious, I click through the link anyway. And I see this:
Now I’m really paranoid. Links off secure-dx.com pointing back to chase.com’s privacy policy. A username and password box and a sort of hokey imitation of the Chase.com web design. I realize, holy shit, I’m being duped! Not just small-time credit card fraud, but someone has managed to really take over my life!
Why am I freaking out? The customer service person I talked to, I realize what must have happened. That wasn’t Chase. Someone stole my credit card information and then set up a call forwarding on my cell phone, somehow, to point Chase’s customer service number to some fraudulent interceptor. This person then diligently took my claim only to send me an e-mail that would get yet more information out of me and take me for even more money. I freaked!
Immediately, I double-checked my call logs and compared them to Chase.com customer service numbers. I made sure to change my DNS server to OpenDNS to make sure no one was somehow intercepting that. Finally, I realized I could look at the number written on the back of my Chase credit cards. It all checked out — the number was good. So I switched phone. I called Chase customer service on both my phone and Olivia’s. I made sure the messages were exactly the same. From Olivia’s phone, I called back Chase again to speak to someone there about this. But then I got even more paranoid — how big could this be? — so I decided to hang up. Instead, I called my local Chase branch in my neighborhood.
With my local branch’s help, I got transferred via a branch office line to the actual Chase customer service. Finally on a secure line, I thought to myself. When they picked up, I was expecting to uncover the scam of the century. I felt like an investigative journalist right on the tail of something truly big.
But then I spoke to the Chase representative, on the secure line, and she explained to me that this is just the normal procedure. secure-dx.com is the website they use for “securely” sharing documents.
I was livid. I explained everything wrong with this setup. I demanded to speak to a supervisor. I spoke to a supervisor. He said he did not know why the system was the way it was. He wasn’t a software guy. He just knew that “with the way the business is changing lately, a lot of systems are in flux.” I said this flux was unacceptable. “I’m a software engineer,” I said. “How can I possibly trust Chase to manage my financial accounts if something as simple as sharing a PDF document is done in the least secure way possible?” What other skeletons might they have in the closet?
I wanted to be forwarded to the department responsible for that. After my explanation to him of what was wrong, he fully understood the problem. To his credit, he admitted it was wrong the way it was set up. He actually tried to track down a supervisor. But there was none that could field IT and software requests.
They promised to call me once they could track someone down to talk about this. No call yet.
My excitement came down a couple of notches. I was not the investigative journalist undercovering an elaborate scam any longer. Instead, I was a software engineer. And some members of my profession have let me down. Big time.
In the meanwhile, I did the research and found the vendor who provided this service to Chase. They are Wolters Kluwer, a “financial services and banking compliance solutions provider”. The product page for “SDX”, Secure Document Exchange, is completely ludicrous. They claim this product includes “industry-leading security, including PKI encryption and multi-level user authentication, to keep communications safe at every step of the process.”
Right, so the password was sent in plain text. The default password is “password”. And, rather than having a chase.com subdomain which points at Wolters Kluwer’s server (e.g. secure-dx.chase.com) and sharing a secure chase.com certificate with them, they decide to host the whole thing outside of the chase.com domain, so that as a user, I have no way of confirming this actually is an e-mail or system originating from Chase. Users are so confused by this that they have already reported it as a phishing scam, even though it is not one.
That’s industry-leading? That’s “safe communication”?
No, that’s a joke. Chase should be ashamed.
Jan 5, 2013 Update: Hi, unexpected /r/programming visitors! Yes, this article is over three years old. Yes, this process has not changed much in the past three years. No, I did not expect a customer support representative to really know what a cron job was.
Many reddit commenters took the position that I was being “overly paranoid” and that I took this whole thing way too seriously. Well, I strongly disagree. As many other commenters rightly pointed out, many individuals share usernames / passwords across systems. It was not paranoid for me to think this was actually a phishing scheme. Why would a phishing scheme send me a password, only to have me reset it when I log in? Answer: out of the hope that some percentage of users would “reset” their password with their actual bank password, of course. Phishing schemes are most effective when they spoon feed users a little trust, and then betray it. I admit that thinking that my cell phone had been hacked was perhaps a leap of true paranoia, but I tried to convey how I actually felt.
Chase did finally introduce their own domain (https://sdx.chase.com) for their “secure” document exchange service, the lack of which which was, by far, the major sore spot in this whole setup. The rest of the silly process remains. For me, the greatest damage this process does is in conditioning novice Internet users that systems like this are trustworthy. In other words, I’m not upset about the hundreds of people who, like me, questioned the legitimacy of this system. I’m upset about the thousands, or possibly millions, who used it without questioning it at all.
For those of you who enjoyed the article and feel as a programmer you would never make the same mistakes, you can take a look at the job opportunities available over at my startup, Parse.ly. A tad opportunistic, but hey, it’s not every day thousands of programmers flock to my blog.
Thanks for your blog!!! I am going through the exact same thing you describe.
All this happened to me just recently
I raised my eyebrow when I saw the secure-dx.com domain I thought “Unreal! Can they be that incompetent?” “They really thought their customers weren’t going to know better?” or “Is there is some coordination going on between the bank and criminals?” hence the timing of the email…
Eventually, proceeded to feel like this was some huge scam, just like you describe and it didn’t help that the Chase Rep sounded Under-Intelligent and pompous. My instincts went crazy.
I was going to call chase to verify this email but all the lines “were busier than usual”
So I googled: chase secure dx, and found this blog. Even so, I still felt this was part of a scam for a second. Sweet Jesus! I’m paranoid!
After Reading this relatively recent story and reading the blogs I calmed down a little bit.
I’m a Wamu-Chase customer, Perhaps Chase is trying to cover something up in relation to California customers. I would not be surprised.
Instinctively, I’ve Felt there is something off putting about Chase even before all this happened. “Feel the Force That Surrounds You” Like Yoda said …I’m serious
I too miss sweet, friendly Wamu… RIP Wamu
I am grateful you put this up thanks again
I finally got a hold of the claims department the day after the fraudulent charges and they could “do nothing until the transactions posted”. They also suggested that I call the stores the transactions were done at and the number they gave me was for another unrelated store when i finally tracked those numbers down, the merchants said they could do nothing and to call my bank (to be fair I think if the store is an online store you might be able to do this), but if someone has cloned your card and uses it at a physical store that store isn;t going to say ok let me reverse the transaction and I’ll be out the inventory…yeah right. Anyway once the transactions posted, I went to the website discussed here and was able to do everything online (with a temporary password) took about 5 minutes and then about 2 hours later they “temporarily” credited the money back to my account until they could “further research” the incident. Just means no true finality to this, but at least I have my money back for groceries (a la Kate Goeslin hahaha). They also asked my if I still had my card…yes..and if I let anyone use it…uh no…btw i am not a california customer, so conspiracy theorists can take a rest. I think there are just a bunch of sophisticated people out there taking CC numbers with “blink” technology or that have hacked into computers to steal the CC info. be interesting to know if everyone here has blink/speedpay, or the last couple of dozen stores you were at.
Dear Sir;
I have been recently contacted chase customers claims secure department, and also I have gotten my claim number . now I want to review my documents for me to getting claims on my account.
Thank you very much for your helping!
Faithfully
Kaiman Leung
I found this site after getting my emails from Chase – I needed proof of payment since Chase seems to have screwed up a couple of my auto payments (I was a Wamu customer). Got really worried about that phishing warning. Why can’t they just make these documents available on the Chase website? Isn’t that site secure enough to handle copies of checks? I’m no techie, but that seems weird to me.
And can I just say that the Chase customer service rep really annoyed me when she said it was MY responsibility to make sure all address and account numbers for my automatic payments were correct after the Wamu changeover. I mean, isn’t that THEIR job? Maybe it’s time to go back to Wells Fargo.
I have been a victim of the new Chase dsyfunctional business model. In fact the latest was 2 days ago with five charges 2 of which was to purchase anti-virus and fruad protection software (ironic). The only reason the account is still open is transitioning automatic payments into my new account. The initial contact with Chase involved being told that I should attempt to contact the companies submitting the charges and have them reversed, and the rep would give me the contact numbers. With WAMU the company name and phone number was listed on the statement. After several attempts to contact one company (Microsoft Xbox, a whole different nightmare) I called Chase back. Got the same rep as the day before who promptly asked if I had tried to contact the company. Then her next question was why is this an, illegal charge. The rep should have said it would be much more efficient and easier if you can resolve this with the company that is charging you, our policies make it difficult at best and frustrating at worst. So here I sit trying to figure out if I even care to pursue this endeavor or call it a loss and move on with my life. Chase makes a great case for why monopolies where broken up and it is my opion banking should be locally controlled. If you are standing across the counter from your neighbor or person who will see you in the grocery store maybe you will not be made to feel like a crook!
This may be the information age but some companies are still getting it all wrong. Taking my business someplace else. BTW I was a WAMU to WAMU-Chase customer.
Same problem here. How can i trust banks any more… 5th institution i bank with and the 4th to fuck up…(also a Wamu to Chase customer and never had problems until the switch fuck Chase).
Same problem as above. Think I’ll pack up and head for a smaller Credit Union.
I cannot believe this has happened to so many people. Seems we all have the same story! I went from wamu-> chase and I had gotten a fraudulent charge of about 400 dollars and filled out a claim and everything. Now I get these emails from them and follow the link and warnings start popping up SUSPECTED PHISHING SITE!!. So I’m thinking oh myyyy gooodness what have I gotten myself into? Freaking out so I search google like everyone else for secure dx chase and that led me here. Glad to know now it’s a real site. Thanks
Thanks, dude. You’re the man.
i just ran in to this problem today i just had a bunch of viruses attack my computer so i am really cautious of what i open, but i tried to go on the link and the same message popped up either way the installed software on the computer wont let me open it thank goodness. knowing my luck i would have probably done something real bad for myself i think I’ll go to my branch and fill out a form in person thanks for the advice and help.
Just opened a Chase account, never received my debit card– it was apparently stolen out of the mail by somebody who bought gas and a burrito.
My spider-sense was tingling with the weird emails and addresses, then I got a fraud warning in Chrome which sealed the deal for me. So I went to the branch and was amazed to find out that this is actually how Chase does business.
Since I haven’t ordered checks yet, I’m going to close this account and find somebody else. Lotsa fish in the sea and I’m not going to trust my money to these ass clowns
Same thing just happened to me and I’m SHOCKED at Chase’s stupidity. I just sent an email to David Pogue, a tech writer with the NY Times. I’m hoping he’ll pick up on this and cast the shame on Chase that they deserve for this.
There ARE phishing versions. When I got the first Warning screen for the secure dx site – I called Chase and Rep said yes, we heard of that, ignore and enter the site. I did, entering user and Chase generated password. Next page was supposed to be changing password to private one. Instead another Warning screen came up. Rep said proceed anyway and the next page required real name (not user name) and phone number. Chase Rep said Stop! It’s a phishing site. Go to your local branch and we’ll fax fraud affidavit there, or we can mail to you.
You cannot be too careful.
This happen to me last week. Bad charges on my debit card. After talking to customer service I got the two emails with the username and password. I called chase about the emails but they transfered me around until they hung up on me. I am fucking done with chase, I am cancelling my accounts and moving my money to another bank.
FUCK CHASE
@carl, can you tell us what the URL was for the phishing version of this site?
Overall, I discourage anyone who reads my article to use the insecure secure-dx system. Instead, file a complaint with your Chase branch/rep, and even point them to this article.
The last thing I want to have happen is someone uses it because my article confirms it is Chase’s actual procedure, and then it ends up there is a real phish that is masquerading as their real procedure, anyway! Agh…
ditto, ditto, ditto. same thing happened to me. What a joke of a bank. Great way to get blog traffic though Pixelmonkey!
Christmas Eve some one started using my account. I called immediately freaking out, I still had some shopping to do. They also deposited fake deposits into my account. And Chase let them continue to use my account.
I am so pissed that I didn’t pull as much money as I could out, I have no credit cards and all my money is tied up in this account. Everyone I spoke to was not concerned and I was getting no where. Until I finally got the right person and now this stupid email shit is happening. My computer will not let me go through. What a joke. This statement they emailed me is the only way to get my account credited.
My branch manager told me they found scanners on the atms that morning. This all happened after I made a deposit a few nights before to deposit my bonus check. They finally upgraded their atms and I was so excited to use it. I will never ever use my atm card as a debit and expose my pin #.
The women on the phone had the nerve to ask me like 4 times how this could of happened?
I am so disappointed!!!
Someone got my debit card number (not actual card or pin) last week and cleaned my account out this weekend at grocery stores and gas stations here in town. After filing my claim with Chase I got this same email with the secure-dx link. Firefox and Chrome gave the warnings and that’s when I did a search and found this site. At least now, though, the password is an actual number instead of just the word “password”.
I called Chase claims again and had the representative read the entire link back to me to ensure that it was legitimate and it was. I voiced my concerns about security but you know these kids that man customer service lines either don’t care or are too scared to say anything.
If you have concerns then call Chase claims and MAKE them read this link to you. Also, tell them how this weird link makes a worried customer even more worried.
PS, in the end I had to use Internet Explorer because Firefox wouldn’t let me complete the form even though I told it the site was ok.
@Kimberly, this issue has certainly sent a lot of traffic to my blog, but I honestly would prefer if Chase didn’t utterly fail at this and actually resolved the issue.
It is unbelievable that this has gone on for over 3 months and the situation sucks. Based on the loss reports I am seeing, it seems unsafe to have much balance on a Chase account that has debit-card access.
I really miss WaMu checking and how well everything worked. While the JP Morgan Chase take-over solved a problem WaMu had, but I didn’t, I feel like I have been teleported into some sort of parallel green-eyeshade universe with 19th-century steam-powered ATMs and banking computers that shuttle transactions and cash on conveyors. My first clue was ATM deposit envelopes that ask for more information than if I’d walked in and used the teller and that don’t fit the ATM hopper for fresh envelopes. My second was bank statements that list check clearances in two places so I can’t reconcile in Money so easily any more.
This now makes what prompted me to defect from Wells Fargo to WaMu a few years back seem like trivialities compared with the cluelessness I am now experiencing.
same here!!!! not sure whether to sign in to the website or not……
REPEAT POST!
Secure-dx.com is a VALID system. It is used by hundreds of thousands of people every month for a whole variety of document delivery reasons by well over 100 institutions around the world. Do you question a delivery from FedEX even though the content inside the package was sent by a bank!
Some Firefox (and Chrome) browsers may fire off a phishing alert but that is because the people running their anti-phishing systems never follow up on false alarms even when told about them. Microsoft, AOL, Yahoo and the rest know secure-dx.com is legit because they bother to verify anti-phishing alerts.
The “false positives” on the anti-phishing are Firefox/Chrome related, try telling them they are wrong and see what you get as a response….in the meantime use a different browser, like IE!
@Not phishing,
It may be a “valid” system, but as I explained in my article, it’s also utterly broken and insecure. Not because of the false positive phishing messages, but because of the fundamental design of the system.
Just because thousands of people are using a broken, insecure system every month does not make it any less broken or any more secure. It just makes it a bigger disaster than if no one used it.
You wrote, “The ‘false positives’ on the anti-phishing are Firefox/Chrome related, try telling them they are wrong and see what you get as a responseā¦.in the meantime use a different browser, like IE!”
LOL — are you honestly suggesting that informed web users who have chosen the better browsers in this world should switch over to IE, which has myriad documented — but unfixed — security bugs? Wow!
Just got an e-mail like this. This is the second time today Chase disappointed me. I usually deposit money in $100 bundles, and was depositing money at an ATM, which failed and “stole” my money. I filed a claim, which passed. Then, I deposited another $100 at a different branch, but it was a check. A few days later, I get a notice saying my claim, which passed, was reversed! Apparently someone at Chase misread my account statements and saw the check entry as the missing cash entry, and reversed the ACTUAL cash entry. First that, now this. Chase never fails to disappoint.
Look how many of us have had charges against our accounts.
Anyone else think they might need a MORE SECURE BANK ?
So funny, you post very paranoid articles (about loads of things) and yet refuse to read the content of the responses. Most of the moaning on this thread is about bankdand fraud, all banks suffer from this. At least this one is trying to speed things up!! And hundreds of thousands of people have had this bank (and many others) sort their fraud through this system.
And you IGNORE the fact that IE and YAHOO and AOL and most others know about secure-dx.com, as do literally millions of people in the USA who have used it succesfully.
Heres a suggestion, why don’t you try and call Google/Firefox/Mozilla and ask them about the site….would love to know if you get a reply.
@Not phishing,
In what way is my article (or others) “paranoid”?
You say I “refuse to read the content of the responses” — no, I have read every single response on this thread. I have even followed up with some by e-mail.
“And you IGNORE the fact that IE and YAHOO and AOL and most others know about secure-dx.com, as do literally millions of people in the USA who have used it succesfully.”
Wrong. Read my post and comment again. The fact that the site was marked as a phishing site by Firefox is nothing more than a symptom of the fact that the site has a completely insecure design. I outlined numerous things that this system could have done better. From being hosted at a chase.com subdomain, to using a secure certificate with a proper signature, to not sending plain text passwords via e-mail, to not choosing a default password of “password”.
Nothing I wrote relies upon that phishing message as proof of my case that secure-dx.com’s design for handling “secure documents” is a complete joke. It’s just the thing that made my ears perk up, and those of many others.
I’ll repeat what I wrote above:
Just because thousands of people are using a broken, insecure system every month does not make it any less broken or any more secure. It just makes it a bigger disaster than if no one used it.
The damage caused by the insecurity of this system may be minimal, since it is just used to push PDFs around. I would have been fine being e-mailed the PDF I had to “securely sign”. But, the pomposity and pretense that goes along with this “secure document exchange” system is what makes it open for ridicule. It purports to be this super-secure, ultra-convenient website for Chase customers; in reality, it is designed in an amateurish, security-ignorant way, and as a result, Chase’s customers (many of whom are much brighter than the engineers who implemented this system) are left confused and annoyed. For those who end up using the system despite the warning indicators, its insecure design simply reinforces bad habits that cause phishing and other crimes in other corners of the web.
Here’s a good habit many informed Chase customers have: if ANY website gives me a login screen that looks like Chase, but is hosted off the chase.com domain, I should NOT USE THAT SITE. It’s probably a phishing attack.
That good habit is just destroyed by secure-dx.com.
That people are confused by the phishing message is just a small problem. The MUCH BIGGER PROBLEM is that secure-dx.com is totally insecure in every single way, as described in my post. If there were no phishing message, I would have written the same post, minus one screenshot.
Okā¦something is going on with Walmart. Last week I got hit with, yes, about $900 in charges at a Walmart in PA. Chase blocked my card and didn’t process the charges. They issues me a new card. But, I had noticed an errant charge, also in PA, and went through the same secure-dx nonsense as everyone else above.
I am nervous about all this enough to totally change my accounts.
I’ll glad I found your site – I went down the exact same path and even had the Chrome phishing warning that I ignored and then search the secure-dx.com domain to find your article. Then I logged into it – just to see a PDF. Ridiculous.
On Jan. 8, 2010 I was also hit with a fraudulent purchase at a K-Mart for $ 325.00 and then a subsequent attempt at a Wall-mart the same day for $700 in Riverside, CA. Fortunately, Chase did put a stop on the second attempt and I have since cancelled my debit card- but for Chase to credit back my account on the first purchase, I had to go through the same process all of you have been subject to. The result is- my web browser blocks access to the site. Now I am greatly disturbed and concerned by what I have discovered about Chase and secure dx.com reading the testimonials on this site.
We are in deep trouble if we as a country can’t create an online banking system that solves problems safely and efficiently- this is fundamental !
Add me to the list. I contacted Chase about a charge on my debit card. They said I would get a temporary credit, which I did. Then a few hours later these emails arrived from [email protected]. I work at company that is very security conscious, so this email address immediately raised red flags. It’s not from Chase.com and it directs me to a non-Chase website that triggers a security alert for phishing in firefox. Then it asks you to create an account on that site. I called Chase expecting them to tell me this was not legit. I was surprised when the rep told me this was a 3rd party they use for this service. She was not very nice and seemed annoyed with my questions. I got the feeling they are asked about this all the time. I forwarded the email to [email protected] and told them I refuse to go to this site. I asked for something to be sent from Chase.com or for them to mail whatever it is they want to send. If the person who I talked to when I called in the dispute told me to expect this email and told me it would come from this non-Chase address I may have gone along. I would expect a bank of all places to be more concerned with security and avoiding the appearance of a scam!
Exactly Jim- when one’s credit card account number has been lifted from the card without the cardholder ever losing possession of the card itself, it creates increased worry that additional privileged information beyond the card number may have been compromised to a higher level of thievery. As if that isn’t unsettling enough, the Chase customer gets further unhinged by the shock of being directed to a site that is denied access by a “phishing scam” block. Why are the Chase customer phone reps failing to forewarn customers that the online customer resolution process has been outsourced to a 3rd party website which isn’t accessible from certain browsers such as Firefox ?
Although [email protected]. is a legit site accessible from the IE browser, it has been explained(on this site) that it is definitely not the best or safest way to achieve customer security. By the time the cardholder finds out what is going on, and is relieved that the ‘phishing scam’ was of no consequence – he or she may be ready to drop Chase altogether. It is really poor planning and decision making on the part of Chase. Furthermore, why after 6 months of continued customer confusion over this, has Chase not taken steps to inform its customers properly ?
Currently, the public’s perception of customer service in banks in general is at an all time low. It is common to hear (or even see) unprofessional behavior by incompetent tellers, and an overwhelmed staff which often gives limited responses to issues beyond the scope of simple withdraws/ deposits. If bank customers further discover that their bank is not handling identity theft problems with foresight using measures modeled around a well-built security system, they are sure to go elsewhere- if there is an elsewhere. At present, I believe that Chase has dropped the ball on this one, and unless policy changes occur in the next two months, I’ll be looking for a more competently run bank. This letter will be sent to [email protected].
Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase Fuck Chase
One last Fuck Chase
I also came across this post after having a fraudulent charge on my Chase Debit card and getting an email with a link to a page that Safari warned me was reported to be a phishing site. I forwarded the message to [email protected] asking if it was legitimate. When I didn’t hear back from them after a day I called Chase, and a rep told me that they did indeed use this company, secure-dx.com and the email should be OK as long as the site did not ask me for acct numbers, passwords etc… So I went on the site and “electronically signed” the document related to my claim.
The funny thing is finally four days later I got a reply from [email protected], and they said it is in fact a scam! The message said “Although the e-mail appears to be from Chase, it is not. It has been designed by fraudsters with the intent to trick you into providing private information about yourself and your accounts.”
It sounds like Chase really don’t know what they are doing. I just hope I get my money back that was stolen from me.
I hate Chase as much as anybody, they can go to hell, but you are being paranoid. The forms they send are blank. Once you fill any information on them you have already changed the password.
Big banks SUCK!! They don’t care about you unless you are a multi-millionaire. Join a local credit union.
Thanks for the information. I just had two Wal-Mart charges to my account for $100 each in Urbana, IL. I called Chase to make a claim and had the same problems as everyone above. I too was a WAMU customer for many years and never had any problems. As soon as Chase took over, I have had nothing but problems. I was disappointed with Chase before this happened and now I am really upset. How can this have been going on for so long. I am closing my account as soon as I get my money back. I don’t feel that anything with Chase is secure.
Thanks for the information. I wasn’t going to sign in, but I’m glad I did.
Everything is OK with this site, not really it should be linked to chase.com.
WOOOOOOOO disputed a charge, and got the 87 dollar charge back and 3 over draft fees.
Total of 186.00 added to my account, oh yeah.
Same story here!… I’m in Cali and a former WaMu clinet. Called chase from the 800 number on the back of my debit card after my debit card was coming up declined. Found out some yahoo in IL charge 600 bucks at the local Pilot gas station. Called and talked with chase they said I had to wait for the transaction to post to my account and they would cancel my card and send me a new one. I called back after the charge posted to my account and now I was faced with the untrusted sited thanks to firefox. I googled the 800 number in the email and this site came up. After reading up on the issue I went ahead and logged into the chase.secure-dx.com. (I got my two emails form chase, however they no longer use password”) I went ahead and logged in and I did not used my real phone number when prompted for my for it. I got my form with my disputed transaction already on it, printed it out finish filling it out and faxed it in.
I got to say I am REALLY unhappy about this and I will be switching back over to my credit union. I miss WAMU and do not trust chase one bit.
I wanted to add… I did have Pay Pass on my card and it never leaves my pocket and is really only used at my local gas station and grocery stores. However I did use my card at the local pumpkin patch this year when (I am wondering if that is when they got my number?) I needed a few extra bucks for the kiddie rides for my kid…. hum???
I have tto be very careful because these days people will get a hold to your credit cards debit cards ues it without a care in the world so now im aware that your id can get stolen at anygivin time so now im careful about were im using my card and were im keeping my card
Wow/wow. this chase really stink,I’m going through the damn idiotic scam of chase bank.
I previously had my runs down with chase,but this the ultimate of a consumate and fool
thieves they are.not way thats why banks are going through these hard times.it is an
institution create to rob your money legally and with not much to do abour it.lets hope this
gives them an awareness of they jointly scam with the other company involved.
THANKS CHASE
CHASE
FF wouldn’t let me to the site.
IE let me right it.
Whaddya know…
It actually is a scam.
I got these emails as well, but I went into a branch just to tell them I hadn’t received any money from an ATM. No suspicious charges. In fact, the $20 I never got is already in my account hours later. But Firefox wanting to block this site is a little strange and led me here. I guess it’s legit, but I sure as hell searched for it before logging in. They didn’t tell me I had to do anything, so I’m just going to delete the emails.
Oh, and my password did seem to be a random character generation, so at least they “fixed” that.