I'm shocked to be writing this considering any time I try to do anything via AmEx chat I have to answer 10 security questions, but here's my story summarized:
- Brand new BBP card arrived in the mailbox Saturday while out of town
- Sunday afternoon, received email that PIN had been changed
- Immediately freeze card, and shortly after see multiple large declined charges at Home Depot
- Call AmEx and tell them the situation, card is stolen, block all charges, send a replacement
- 10 minutes later I got an email that account has been unfrozen, log in and see pending charge at Home Depot, call AmEx back in a panic
- AmEx escalates to fraud department. They say the thieves called 2 minutes after I did the first time and simply used the 3 digit CVC code via phone call to unfreeze (!!!) DESPITE the account being flagged as stolen
- I am told not to worry, they will decline the pending charge, everything is frozen, card being replaced, etc
- Today (Monday morning) I see ANOTHER new charge is now pending. The thieves somehow called back and "opted account out of voice ID" and "tried to change the name on the account" (both these statements are a bit unclear). Again, I tell them the full theft story. The CSR thinks they added the card to Apple/Google Pay before the card was deactivated, and when a new card was issued the card number auto-updated in the mobile pay app
I mostly just wanted to vent I guess. I held AmEx in such high regard before this and I'm in disbelief that their security via phone is so much more lax than online where they make me answer 10 security questions, 2FA texts, etc. Are they really this easy to fool? The account should have been plastered with "WARNING, FRAUD, STOLEN" yet the common thieves have fooled them twice into allowing the card to accept additional charges. I know I'm not financially liable at the end of the day but it's still a headache.