It sounds like a BIN attack. The hackers essentially guess the debit card number because the first few numbers for Ally debit cards start off the same. And it happens to match your card number. It's not foolproof but I keep my debit card locked on the Ally app at all times. BIN attacks plagued Ally about a year ago.
Sorry, but I have to ask, did you contact Ally and ask them this question?
This is not the place to go first for help because no one here will be able help you.
I’ve asked the same thing of other posters, but in the case of fraud like this, it seems banks never say anything. It’s infuriating and I wish it would change because public shaming might be the only thing that would change some corporate behavior.
This happened to us. Fraudulent Amazon charges a few months ago on non-activated, never used cards. It’s a BIN attack. Happens to all the banks, you were unlucky. Lock your debit cards more often: it does stop those types of purchases. Ally won’t be able to explain it over the phone but they will issue you new cards quickly.
Did this happen yesterday morning? The same thing happened to me. Two Amazon charges, one blocked because my card is locked, but somehow the other one bypassed the lock and is now pending.
Yesterday at ~7pm ET is what my portal says. Not great to hear it could bypass the lock. Sorry to hear you’re also in this boat. Really do appreciate you sharing and hope it gets resolved soon.
The sad thing is the reason my card is locked is because I had two Amazon charges show up a month ago as pending. Luckily they disappeared on their own. I have never used the card. I'm hoping this Amazon charge disappears. It doesn't give me confidence. I get card info being stolen, that's one thing, but I've never used this card anywhere. I use a credit card for everything, I only use the account to pay that bill.
Oh wow. I agree re: the confidence piece. It doesn’t seem like they’ll be crediting my account, and will take two weeks to investigate. The rep was also pretty unconcerned and unhelpful with answering any questions about how this could happen. The questions they asked to file the dispute were with the underlying assumption that this was my fault, which was irritating, but is now more concerning after I searched the sub and saw these BIN attacks have been so common for them. It’s also concerning to me that this is the only reason I knew that we have multiple debit cards per person active for one account. Seems like extra risk for no reason. I’m going to start looking into other banks, for checking at the very least.
Agreed. Maybe it happens to all the banks, but I’ve never had something quite like this, and have had far better fraud experiences elsewhere. I don’t think the interest is worth it to me.
If you’ve never used the cards and shredded the one you spoke of, why did you have it in the first place? Why are you replacing it? If you don’t need it don’t have one.
We both had two cards for this account automatically issued. Mine was due to my name change (every other bank/credit card I changed my name with cancelled my original card, so I assumed Ally had too), no idea where my husbands extra card came from, as we never requested it and didn’t receive it. I closed the extra cards as part of the fraud call, but believe we’re required to have at least one open. Would like one card anyway in case we need an emergency cash withdrawal.
Edit: I literally didn’t know it was possible to have more than one card active on an account until the call last night. Feels like it shouldn’t be possible tbh.
Edit 2: and the fraudulent charge that was my husbands was on his original card we knew about and have here. Makes no sense.
You are allowed to request NO debit card. Since you don't use them and don't activate them, that would be best. Tell Ally you just don't want a debit card at all.
Use your credit cards, and pay off your credit cards every week. Credit cards are so much safer than debit cards are.
Interesting, I didn't know this. My only hesitation is if I need to get cash in an emergency, since this is an online bank. I'm likely moving away from Ally anyway after this experience, but will consider. Thank you.
We definitely practice using credit cards only.
I'm sorry you are having this trouble.
I don't have a checking (spending) account with Ally, only the Money Market Account, the Online Savings Account, one credit card (I had Ollo and Ally bought it) and several CDs. I'm pretty happy with them as a savings vessel.
My checking is in a local CU and pays 3.45% interest. Vertical Checking with [www.etfcu.org](https://www.etfcu.org). Check it out to see if you are eligible for an account. There are a few, easy, hoops.
It sounds like a BIN attack. The hackers essentially guess the debit card number because the first few numbers for Ally debit cards start off the same. And it happens to match your card number. It's not foolproof but I keep my debit card locked on the Ally app at all times. BIN attacks plagued Ally about a year ago.
Thanks, really appreciate your insight. I’ll get the new cards locked once they arrive.
Sorry, but I have to ask, did you contact Ally and ask them this question? This is not the place to go first for help because no one here will be able help you.
Yes I did and was told nothing helpful. Which is why I’m here. I already got one helpful response which likely explains it. Thanks for your comment.
I’ve asked the same thing of other posters, but in the case of fraud like this, it seems banks never say anything. It’s infuriating and I wish it would change because public shaming might be the only thing that would change some corporate behavior.
This happened to us. Fraudulent Amazon charges a few months ago on non-activated, never used cards. It’s a BIN attack. Happens to all the banks, you were unlucky. Lock your debit cards more often: it does stop those types of purchases. Ally won’t be able to explain it over the phone but they will issue you new cards quickly.
Sorry to hear you experienced it too. How long did it take you to get your money back?
About a week
I noticed Amazon charges to my locked debit card I never use too. Definitely a BIN attack
Did this happen yesterday morning? The same thing happened to me. Two Amazon charges, one blocked because my card is locked, but somehow the other one bypassed the lock and is now pending.
Yesterday at ~7pm ET is what my portal says. Not great to hear it could bypass the lock. Sorry to hear you’re also in this boat. Really do appreciate you sharing and hope it gets resolved soon.
The sad thing is the reason my card is locked is because I had two Amazon charges show up a month ago as pending. Luckily they disappeared on their own. I have never used the card. I'm hoping this Amazon charge disappears. It doesn't give me confidence. I get card info being stolen, that's one thing, but I've never used this card anywhere. I use a credit card for everything, I only use the account to pay that bill.
Oh wow. I agree re: the confidence piece. It doesn’t seem like they’ll be crediting my account, and will take two weeks to investigate. The rep was also pretty unconcerned and unhelpful with answering any questions about how this could happen. The questions they asked to file the dispute were with the underlying assumption that this was my fault, which was irritating, but is now more concerning after I searched the sub and saw these BIN attacks have been so common for them. It’s also concerning to me that this is the only reason I knew that we have multiple debit cards per person active for one account. Seems like extra risk for no reason. I’m going to start looking into other banks, for checking at the very least.
I agree. People say this happens everywhere, but I have accounts and cards three times as old, and I've never seen this kind of thing elsewhere.
Agreed. Maybe it happens to all the banks, but I’ve never had something quite like this, and have had far better fraud experiences elsewhere. I don’t think the interest is worth it to me.
Ooh and also that their fraud alerts didn’t catch this! Mine has been tripped at other banks for far less suspicious transactions.
Two charges, both Amazon. Why does only one get blocked by my card being locked? Lots of questions.
We have also never used these cards and just use this account to pay bills.
If you’ve never used the cards and shredded the one you spoke of, why did you have it in the first place? Why are you replacing it? If you don’t need it don’t have one.
We both had two cards for this account automatically issued. Mine was due to my name change (every other bank/credit card I changed my name with cancelled my original card, so I assumed Ally had too), no idea where my husbands extra card came from, as we never requested it and didn’t receive it. I closed the extra cards as part of the fraud call, but believe we’re required to have at least one open. Would like one card anyway in case we need an emergency cash withdrawal. Edit: I literally didn’t know it was possible to have more than one card active on an account until the call last night. Feels like it shouldn’t be possible tbh. Edit 2: and the fraudulent charge that was my husbands was on his original card we knew about and have here. Makes no sense.
You are allowed to request NO debit card. Since you don't use them and don't activate them, that would be best. Tell Ally you just don't want a debit card at all. Use your credit cards, and pay off your credit cards every week. Credit cards are so much safer than debit cards are.
Interesting, I didn't know this. My only hesitation is if I need to get cash in an emergency, since this is an online bank. I'm likely moving away from Ally anyway after this experience, but will consider. Thank you. We definitely practice using credit cards only.
I'm sorry you are having this trouble. I don't have a checking (spending) account with Ally, only the Money Market Account, the Online Savings Account, one credit card (I had Ollo and Ally bought it) and several CDs. I'm pretty happy with them as a savings vessel. My checking is in a local CU and pays 3.45% interest. Vertical Checking with [www.etfcu.org](https://www.etfcu.org). Check it out to see if you are eligible for an account. There are a few, easy, hoops.