Ally Bank Customers’ Debit Cards Used for Fraud

An increasing number of debit card numbers being used for fraud are not stolen in data breaches but are “brute-forced,” or “guessed” by using computer power to systematically try different number combinations until they get the right one. Researchers from NordVPN analyzed millions of card numbers available for sale on the Dark Web and found at least four million that did not come from any data breach but were sourced using brute force attacks.

During the week of August 15, 2022, a cascade of fraudulent charges was reported by Ally Bank debit card owners. Ben Langhofer, a financial planner in Wichita, Kansas, launched MyFamilyHandbook.com as a side business two years ago. It had had only a modest response, but on Thursday of that week, it garnered 800 transactions. On Monday, his site had attempted nearly 11,000 more transactions. Langhofer’s business appears to be a victim of a chain of fraud that affected thousands of debit card customers over that week. Most prominent among them were Ally Bank customers, who have been tweeting and posting about card charges, some they’ve never activated or used. Although card fraud is now an accepted fact of modern life, bank-specific fraud waves are uncommon. Yet Ally-related posts continue to cluster.