On Wednesday, the 19th of December, my wife received a receipt from the Pacific Centre Apple Store in her email at approximately 6pm. The receipt indicated that she just received a brand new iPhone 5 64GB upgrade on our son’s phone number.
She called the Apple Store at the Pacific Center and spoke to a representative where she was advised that an individual named Patrick was in the store and just received the iPhone 5 upgrades. The Apple representative indicated that the phone was charged against our Rogers account.
We called Rogers immediately to understand what happened here. They advised that someone named Patrick had gained authorized access to her account. She immediately denied any knowledge of knowing any Patrick and also confirmed that the only individuals that should have authorized access to the account was herself and me. Rogers indicated that they would open a fraud investigation.
On Thursday during the day, my wife called Rogers again as she had not heard anything further from the fraud department. She was told by the agent that the case was just opened and that a representative from the fraud department would be in contact.
Today, Saturday the 22nd, both our son and my wife notice that all incoming calls to their phones are not showing ‘caller ID’ and only indicating ‘Unknown’. I called the Rogers customer support line and spent over thirty minutes sorting everything out.
Our account had been changed. We were originally setup under the umbrella of my employers rates using the ‘Friends and Family’ option that Rogers can extend to employees of a business account. Apparently, Patrick first changed our plans to a basic consumer plan. Apple Stores are unable to execute device upgrades on Rogers, Bell or TELUS unless the account is a personal account. This individual (Patrick) obviously knew that and changed the account plan so that he could execute the upgrade. The Rogers account representative I spoke to today was very helpful in getting the account sorted out. I was shocked to find out that ‘Patrick’ not only obtained a 64GB iPhone 5 upgrade on my son’s phone number but also on my wife’s and my number. That means that Rogers was defrauded of three iPhone 5′s.
This apparently is not the first time this has happened to Rogers and it seems obvious to me that there are some fundamental problems;
- How is it possible for anyone to gain access as an authorized contact on anyone else’s account without the account holders express and validated permission?
- How is it possible for the non-account holder to initiate any account changes, again without the knowledge of the account holder?
- What other private information was divulged or made available to this individual? Does he know our address?
I for one will be taking this to the highest levels in Rogers. They need to greatly increase their security protocols to prevent this from happening and to protect the privacy of their customers.
The only factor that gave us any indication that there was something afoot was the fact that my wife received an automated receipt from the Apple Store. If not for that notification, we would not have even had any knowledge of this until our bill arrived.
Hopefully this is recent enough that this individual is caught.