Chase Bank, The Lowest-Security Bank Ever

by Jon Davis 14. August 2010 23:44

Just filed this complaint via Chase Bank’s “Secure Message Center”:

I am writing to complain about your service. Please note that this is not a request for assistance, I only ask that you pass this complaint along to authorities in your security department.

I recently received an e-mail asking for transaction confirmation. The text of the e-mail reads (in part):

"As part of our ongoing effort to protect your account and our relationship, we monitor your account for possible fraudulent activity. We have recently attempted to contact you by phone and/or text message but we have been unsuccessful in reaching you. We need to confirm that you or someone authorized to use your account made the following transaction on your Chase Visa account ending in .....

"Please click on one of the two statements below to indicate if this transaction was authorized:

"[Transaction Authorized]"
"[Transaction NOT Authorized]"

I am sorry, but you came *extremely* close to losing me as a customer due to this e-mail. The “Transaction Authorized” link redirects to a site at host Who is You already raised an alarm, you have to now be trustworthy, Chase, authenticity is now required of YOU! Navigating directly to to validate the authenticity of this domain, Google Chrome showed me the Red Screen of Death, indicating that this site is NOT TRUSTED by Google and should NOT be trusted by me. (The reason for the mistrust by Google Chrome is that the HTTP response headers indicate that the server is

Since I had already clicked on the link, I scoured the web to see if there was any recourse. I found this:

.. and realized that this appears to be a serious security knowledge failure by my own bank (you!), in the great intention but beyond-horrible execution of attempted security.

Clean this stuff up.

You guys should also NEVER suggest to an e-mail recipient that they simply click on a link to validate a transaction. That is exactly what scammers do. Instead, instruct your customers to type in the URL to and access the Message Center.

Please don’t scare me like this anymore. Clean up your act, Chase! Or you'll be losing me as a customer.


PS I'm blogging this complaint. This is not something that will just be tucked away in an "annoying feedback" file.


UPDATE: Yeah FYI they followed up within 24 hours with "please call our fraud department at XXX-XXX-XXXX". Typical form letter response from lazy or ignorant outsourced workers who refuse to act upon my request to forward my concerns as a complaint.

Currently rated 4.3 by 9 people

  • Currently 4.333333/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5




Add comment

(Will show your Gravatar icon)  

  Country flag

  • Comment
  • Preview


Powered by BlogEngine.NET
Theme by Mads Kristensen

About the author

Jon Davis (aka "stimpy77") has been a programmer, developer, and consultant for web and Windows software solutions professionally since 1997, with experience ranging from OS and hardware support to DHTML programming to IIS/ASP web apps to Java network programming to Visual Basic applications to C# desktop apps.
Software in all forms is also his sole hobby, whether playing PC games or tinkering with programming them. "I was playing Defender on the Commodore 64," he reminisces, "when I decided at the age of 12 or so that I want to be a computer programmer when I grow up."

Jon was previously employed as a senior .NET developer at a very well-known Internet services company whom you're more likely than not to have directly done business with. However, this blog and all of have no affiliation with, and are not representative of, his former employer in any way.

Contact Me 

Tag cloud


<<  March 2021  >>

View posts in large calendar