A few weeks ago, I posted twice about how the checking account of our small business was, without authorization, debited by NDC credit card processors. I explained that we use EDS National Bank for our credit card processing and had never even heard of NDC. I also explained that our bank ran this debit through without any authorization from us because "all the routing codes" were right.

Well, I appear to finally have tracked down how NDC got our business checking account number.

SIA, Inc. (apparently a division of Select Insurance Services--SIS, Inc.) is an outside sales firm for various credit card processing companies, including NDC and EDS. In 1995, we filled out an application with SIA, Inc. for our credit card processing to be done by EDS National Bank. Naturally, our checking account number was provided to SIA, Inc. at that time.

Somehow, due to a y2k glitch, SIA, Inc. gave our information to NDC as part of a larger "mailing list" or something. This resulted in NDC's computer processing this file as active accounts and debiting our account.

QUESTION FOR THE COMPUTER TECHNICAL PEOPLE: Tomorrow I plan to call NDC for the (hopefully) final time. Please tell me -- what kind of documentation can I ask for from NDC so that I can be SURE they have purged our checking account number from their records? I realize there is probably no way we can be absolutely sure they will do so, but there must be something I can demand of them.

Also, should I contact SIA, Inc. and demand any documentation from them? Note that SIA is only the middle man between the Point of Sale customer and the credit card processor.

A couple of interesting things to think about:

1. The only reason this y2k glitch was discovered so quickly (the first week of January) is because NDC mailed statements notifying these "new accounts" that their checking account had been debited for fees. These statements were dated 12/31/99 and were generated January 3, 2000. Had these statements not been sent, folks like us would not have known until February, when we received our bank statements, that an unauthorized debit had occurred.

2. As of my last phone call with NDC, they still could not tell me how this glitch happened. I figured it out myself after reviewing old contracts on our credit card processing. (I realize I was dealing with Customer Service personnel and they may be the last to know -- however, in a megaglitch like this, one would think the Manager of Customer Service would be well-informed to calm down people like me!)

3. Finally, I am still very angry with our bank for running this debit through without authorization. However, it is my understanding that this is the way it is done at all banks throughout the country. If an AWD comes in with "all the right codes," no one verifies whether there is an authorization on file. They would have to double their DP personnel to check so carefully.

Any suggestions will be appreciated. (And yes, I am mindful of the earlier suggestions about protecting our credit rating. Thanks!)

Just an Indiana housewife,

-- J Wheel (motherof5@wellprepared.noregrets), January 26, 2000

Answers

One thing to consider is that even if purged from a client server or other enterprise relational database, your info could be in back ups. So if they had to restore, bob's your uncle and there you would be agains. SO get them to purge backups. Doubtful anyone will do it though, huge amount of work.

Also should consider that the info has had wider circulation. May want to make the intermediary pay the charges for your bank to get you a new account number and swap everything over. That would be one layer of surety.
This way, any requests for funds would abend and you're safe.

I would also wonder who else had the info from these info brokers, and how would it come back to haunt me?

bona fortuna.

-- pliney the younger (pliney@puget.sound.), January 26, 2000.

Get confirmation of whatever resolution is arrived at in writing. Phone assurances mean nothing.

Change banks...not just accounts.

-- shelia (shelia@now.com), January 26, 2000.

J Wheel, Too many hands in the cking acct # pie. You must change your cking acct # -- and perhaps bank. It now appears to be public information.

-- NoJo (RSKeiper@aol.com), January 27, 2000.

Seems like Indiana housewives are much too nice a folk to think of starting a class action suit aganst this company. There are thousands of other folks who this has happened to as well as you. Typically these corporations think of you as 'merchandise' and so will say whatever you want them to say in order to get you off of their back.

The fact is they gave your account numbers to people you did not authorize. This is a serious, serious breach of confidentiality. They would like you to not think about that. The fact is they would also not like you to think about who else now has your numbers, and frankly could not assure you that those numbers were NOT passed on to others.

Please understand that these huge corporations do not 'learn' except by significant financial and pr pain. You can sweep this under the rug or you can help them learn a lesson and at the same time help to keep others in the future from being abused by their 'machine'.

Does that make any sense?

-- ..- (dit@dot.dash), January 27, 2000.