As featured in The Wall Street Journal, Money Magazine, and more!

Cash Back Rewards Stolen

This article was written by in Credit. 34 comments.

Using cash back credit cards is rewarding in two specific ways. First, you’re earning money when you spend. That’s the obvious part. But when you know that you’re getting a rebate when you use your credit card, you also feel better about spending than you would otherwise. Feeling good can be dangerous, as you might make mistakes like spending more than you should while chasing that good feeling.

That’s why I’ve identified ten traps for using cash back credit cards. The issuers know that many people will fail to handle their credit cards properly, and the resulting profit from customers’ mistakes helps pay for those cash back rebates.

Credit card users are generally aware of these traps and can avoiding them, but sometimes other problem occur, beyond the spenders’ control. Consumerism Commentary reader SteveDH recent encountered a problem with his cash back credit card.

Here’s his story:

Burglar alarmWhen I received my last VISA statement it showed that I had redeemed $275 in Cashback awards — I hadn’t. I got in touch with my bank and also started looking at all of the web pages and we found the someone had added a “Transfer Account” from GE Capital Retail Bank in Draper Utah to the redemption page and apparently requested the redeemtion. The information that they had to enter was the ABA number and account number. That’s how I know which bank it is even though only the last four digits of the account number were there. How they got to the redeemtion page without going through my login (which my bank says wasn’t compromised) is a mystery.

Although my bank killed the credit card and promised to apply the missing money to the new VISA card, I’m stilling waiting for final resolution. I download into Quicken almost everyday but I hadn’t even thought of checking rewards balances. In fact I’m amazed I noticed it on the statement this month. Yet another example of the crooks out there — some are pretty darn creative.

This is insanity. Cash back rewards should be something consumers should be able to forget about; they should be able to trust that each purchase earns the correct cash back amount (it occasionally doesn’t) and that the cash back will be there when you retrieve it. It’s a mystery how this redemption bank account was added to the cash back rewards page without SteveDH’s account being compromised. Perhaps it was an inside job.

I confess that I rarely look at my accrued rewards balances. As I primarily use airline miles rewards cards now, I generally see my rewards only when I visit Continental’s and United’s websites. The miles I earn from spending are deposited monthly, and I’ve not yet noticed any discrepancies. Cards that earn cash back, however, can be less organized.

Since cash back information is not downloaded into Quicken or reported in other software like, it takes extra effort to verify your cash back is accruing correctly and is available according to the rules of your agreement. Don’t forget to check once in a while. You won’t be able to prevent every problem, but you’ll be able to report it to your issuer promptly, and hopefully have the problem resolved without difficulty.

Thanks for staring the story, SteveDH. If any other readers have stories to share, please contact me.

Published or updated January 27, 2012.

Email Email Print Print
About the author

Luke Landes is the founder of Consumerism Commentary. He has been blogging and writing for the internet since 1995 and has been building online communities since 1991. Find out more about Luke Landes and follow him on Twitter. View all articles by .

Comment Policy: We love comments! However, the comments below are not provided or commissioned by this site or its advertisers. Comments have not been reviewed, approved or otherwise endorsed by this site or its advertisers. It is not this site or its advertisers' responsibility to ensure all comments and/or questions are answered.

{ 34 comments… read them below or add one }

avatar 1 lynn

When times are tough, the criminal mind get working. Now we have one more thing to track and protect.

Reply to this comment

avatar 2 Anonymous

I wouldn’t be surprised if more stories like this crop up. Either the bank was lying and the account was compromised, or some hackers found a way to exploit this particular card’s cashback system.

Reply to this comment

avatar 3 Ceecee

Sometimes my card offers extra points if you call in and register. It never seems that I get all the extras that they promise. And it is hard to keep track of, since they add the extra points about a month after the end of the quarter. I’m doubtful.

Reply to this comment

avatar 4 wylerassociate

I don’t trust cash back reward cards so I don’t have any but if I did I would be keeping an eye on that balance everyday to make sure there are no issues. About 3 years ago, I was the victim of fraud where someone bought $1,000 of sprint cell phones in my name. I had to file a police report, contact the collection agency and talk to Sprint customer service to get the issue resolved. Since then, I have been so careful about my personal finances and credit reports.

Reply to this comment

avatar 5 Anonymous

Update: In dealing with my bank’s customer services for well over three hours, I’m satisfied that their concern and actions were appropriate. However, I did discover that the various representatives are somewhat crippled by their own organization and security measures. I first called Card Services and they promptly cancelled the one card and started the re-issue action but they didn’t have any access into transactions on the rewards “side-of-the-house”. When transferred to the Rewards customer service they also responded appropriately as but had very limited access to any other information. The bank’s “Profile” customer service said my login account hadn’t been compromised, even though they recommended changing login credentials (which I had already done). The next day a quick look at Quicken and my Bank’s webpage revealed a new account with all previous transactions carried over so my statement would be coherent. BUT, and it’s a big BUT; The information transferred to the new account INCLUDED the redemption transfer account the bogus redemption request was sent to. Another call quickly deleted the transfer account but once again the representative transferring the account information couldn’t see everything that was being carried over. Compartmentalization is an security tool but it does leave behind vulnerabilities that can remain undetected and possibly exploited.

Reply to this comment

avatar 6 Anonymous

What do they mean by saying your login information wasn’t compromised? There has to be some account history record somewhere showing how, when, and from where your information was compromised or settings changed.

Reply to this comment

avatar 7 Anonymous

My account only showed access from my computer therefore there was no compromise of my login credentials. Those representatives can’t see transactions on the cashback pages because it is a different “system”. Only the Fraud Department within the rewards system can trace the access and execution of the transaction within their system. As you might imagine, Fraud Departments don’t share a lot of information.

Reply to this comment

avatar 8 eric

What a mess! Thanks for sharing your story. Reminds me to be more vigilant now.

Reply to this comment

avatar 9 Anonymous

Sorry; last sentence should read … is an important security tool…

Reply to this comment

avatar 10 Anonymous

Its sad that you now have to worry about whether or not your cash back rewards will be stolen. I know I have to be more careful as I really only check my credit cards to make sure the payments have come out and what is due. I dont really care about rewards as they seem to help too many people justify spending more because they are saving.

Reply to this comment

avatar 11 Anonymous

My big beef with the cash-back rewards program is the tracking. How do you know for sure you’re getting credit for the sale, especially when there’s bonus points on the table? I’ve had 2 different rewards cards, neither gives an accounting. I wish it was more transparent, my guess is it would be too much of an extra cost to the program.

Reply to this comment

avatar 12 Anonymous

The best cash back rewards card is Target because they apply the reward on the same purchase. Years ago, I received my annual cash back reward from Costco and misplaced it. When I did find it, it had already expired. Luckily, it was only for a few dollars. Since then I use it immediately so I can not lose it.

Reply to this comment

avatar 13 Anonymous

The more convoluted, the less I like it.
I’ve written how I love my Fidelity 529 card. 2% cash, transferred each month to a 529 account. My daughter is in 7th grade, so I have 9 years to find the replacement card, although I consider letting it ride, and using it to fund college for he grandkids.

For stores that don’t take this mastercard, my Amex is 5% office supplies 3% gas, 1% elsewhere, a credit to the account each month.

Neither has a requirement that I do anything to collect. It just happens.

Reply to this comment

avatar 14 Anonymous

It may appear the account was not compromised. that doesn’t guarantee the account wasn’t compromised. Its also possible this was just a clerical error or glitch in their system.

This doesn’t seem like something that is likely to happen much and I can’t see worrying about it.
Theres always a risk we could lose money via some sort of hacking or identity theft and rewards cards are no more vulnerable to that than any other computerized financial system.

Reply to this comment

avatar 15 Anonymous

I use and they have a nice feature that does track rewards programs. I’ve considered looking into Mint as an alternative. I’d be curious if you have reviewed each, which would you recommend.

Reply to this comment

avatar 16 Anonymous

I had the exact same experience as SteveDH this weekend. I discovered that my CashbackReawards had been syphoned off to some account at GE Capital Retail Bank in Draper UT. It was also showing up on the rewards page in a transfer account that I had never set up. The CashRewards people confirmed for me that that was the account the rewards money went to, apparently at the end of January. Just today, the bank has finally instituted a requirement that you must use your online banking sign in to access your cash rewards. But prior to 2/20/2012, anyone with your credit card number, last name, and billing zip code could get in to the rewards site and access your reward dollars and set up transfer accounts. This is the same information you give out for online/phone/mail purchases. The bank’s fraud department is working the issue for me, but I also requested a new credit card number as well since it seems obvious that my information may be out on the loose somewhere. I’d love to compare notes with SteveDH to see if we used any of the same online merchants in the last couple months.

Reply to this comment

avatar 17 Anonymous

Rob: Did you get your Cashback Rewards back? Someone got into my account in Oct. 2012 and used them. Not sure how that happened. Discover issued a new card but has not returned my Cashback dollars.

Reply to this comment

avatar 18 Anonymous

Hi Barb. I did get my Cashback rewards back after a month or so. However, I wasn’t dealing with Discover, I was dealing with a Visa account. I got them to issue me a new card number right away too, although being a step or two ahead of the credit card company resulted in them shutting off the new credit card about a month later when their internal procedures finally kicked in. Fortunately they now require you to log in with you online credentials to get you rewards paid out. Back when this happened it only required your credit card number and zip code. So maybe they were quick to reimburse me because they knew there security system was lacking. If Discover had a similar problem, they may be quicker to credit you back if you point out the flaws in it. One complication in dealing with all this is that the Cash Rewards seemed to be handled by a completely different part of BoA than the credit card account, and one department had no idea what the other one was up to.

Reply to this comment

avatar 19 Anonymous

Thank you, Rob. I called Discover Customer Service (as you found in your case, a different dept than fraud), and rep said I would get Cashback dollars credited to my account in one or two billing cycles. Both fraud and customer service reps said they were investigating how my Cashback rewards got stolen and were working on ways to prevent such thefts in the future. I wonder if Discover still allows redemption through only a card number and zip code (and perhaps the security code on the back of the card). The theft occurred a month after a business trip, after airline and hotel employees had access to my address, phone number, email, etc., in addition to Discover card info. Thanks again.

Reply to this comment

avatar 20 Anonymous

I think we may have helped the card company/bank discover a flaw in their system, which I’m glad to see was fixed. As I looked back over my purchases I didn’t anything unusual, as many of the uses were local merchants or large companies, until you mentioned the billing address Zip code. Then I looked back into December and realized we had used the card for gas on a recent road trip. We bought gas in many states including Kentucky, West Virginia, South Carolina, Florida, Mississippi, Arkansas, and Missouri but as I remember, MOST of the equipment in Florida and a few of the others asked for the mailing address Zip code before authorizing the purchase. That could be a BINGO if you’ve made similar gas purchases where they want that information. Everything has worked out for us as the Cashback dollars were credited back and new cards issued. I hope them same goes for you!

Reply to this comment

avatar 21 Anonymous

Thanks for the quick info SteveDH. I’m glad to hear they restored your Cashback dollars. In the couple months prior to when my CashRewards were raided, I did have to enter my zipcode at some gas stations, possibly in Rhode Island, New Hampshire and Vermont on a couple trips, so it could have come from there. Looking at my online purchases in the couple months prior to the theft, I bought from,, Online Shoes,, and VacPartsWarehouse. It could have been an employee of one of those sites, or careless disposal of records from one of those sites. Although it is also possible that the information was taken prior to that time period and not used until recently. Hopefully the bank can track down the individual responsible given they have their account information at GE Capital, but I don’t know if they would ever release that information to me. It’s also possible that they opened the account at GE with a stolen identity. To be careful, I checked my credit report this weekend, and don’t see anything on my credit record showing an account at GE Capital in my name, at least not associated with my credit history. My bank allows you to generate one time credit card numbers linked to your account for online purchases (ShopSafe). I tried it a few times years ago, and I think I may start using this feature regularly now.

Reply to this comment

avatar 22 qixx is doing its part to help people track their rewards. Besides the Amazon card they have added Discover and are working on deals with other cards. Once you register and link a card that supports it you can shop with your rewards points. Each time you go to buy something on Amazon it will show you available rewards you can spend with.

Reply to this comment

avatar 23 Anonymous

I just found out that the same thing happened to me. My BofA world points rewards were converted to cash and deposited into a GE Capital Retail Bank account. BofA gave me the routing number and the acct number. It happened in late January. BofA called my husband back then and asked if we had changed our login info. We said we hadn’t and they said that there must’ve been a glitch that caused them to call us. We verified that everything was the same and didn’t think much of it….well $1350 later, we found out different. The “bank” side didn’t have any idea that the rewards points had been deducted and sent to this account in Utah. This is a nightmare! I filed a reort with consumer protection and as advised by them, I put an alert on my credit reports with the 3 reporting agencies. As convenient as modern technology is, I spent half my day being inconvenienced by this mess! I DID use my zip code at a few gas stations in Missouri. I sure hope they find a way to stop this. I’m tired of the fraud and I’m tired of people getting something for nothing!

Reply to this comment

avatar 24 Luke Landes

Another reader commented to me today:

In regards to your January 2012 article on stolen CashBack Rewards, this has now happened to be not once but TWICE! Both times, Discover refunded the rewards but utterly refused to help me sort out where the money was going. I am terrified that someone has such easy access to my accounts when I carefully guard creative passwords. Wonder if pressing charges could get me access to the information Discover is hiding… ??

Reply to this comment

avatar 25 Anonymous

Flexo: In Oct 2012, the entire amount of my Discover Cashback dollars–$200–was stolen from my account and used to purchase Lands End e-certificates. Discover issued a new card, conducted a fraud investigation, and sent a letter stating “It has been determined that no fraud occurred on your account.” I did not make the purchases and no one has access to my account. How can I get my Cashback dollars back like you did?

Reply to this comment

avatar 26 Anonymous

In Oct 2012, the entire amount of my Discover Cashback dollars–$200–was stolen from my account and used to purchase Lands End e-certificates. Discover issued a new card, conducted a fraud investigation, and sent a letter stating “It has been determined that no fraud occurred on your account.” I did not make the purchases and no one has access to my account. How can I get my Cashback dollars back?

Reply to this comment

avatar 27 Anonymous

Barb: I just had the same thing happen to me today (11/24/2012). I received 4 emails saying my rewards were redeemed for Lands End certificates. I called discover and they cancelled the card and all, but said I would be refunded the reward dollars (about $300) in 1 or 2 billing cycles. Are you saying they may come back and say it wasn’t fraud and not give back the money? There was no other charges or anything of the account that i noticed, it looks like they just went after the rewards points.

Reply to this comment

avatar 28 Anonymous

Got my discover bill today- 2/27/13- 100 dollars in rewards used for 2 $50 Lands End gift cards.I don’t usually check my rewards; usually check only transactions. Discover will send new card and say they will reimburse me for $100. this seems to be a pattern.

Reply to this comment

avatar 29 Anonymous

Got my discover bill- 2/27/13- 1175 dollars in rewards used for 26 $50 Barnes and Noble e-certificates. I don’t usually check my rewards; usually check only transactions. Discover will send new card and say they will reimburse me for $1175. Have to see what will happen. Sorry, Gary copied your response and made changes. I am tired of this fiasco right now. Something is going on with Discover. Class action suit?

Reply to this comment

avatar 30 Anonymous

Flexo and Barb. I too just had my Discover cashback rewards stolen and redeemed for Land’s End e-gift cards. I am very diligent about computer and password security. I have alerts set up on all my online accounts that offer the option. I received an email stating that my Discover email had been changed. I contacted Discover and found that someone had changed my email address on file with Discover and redeemed my Cashback reward. Discover shut the card and online access down but have yet to advise me how this happened. It’s very unnerving not knowing how they got access as my userid and password were both randomly generated 16 and 10 character alpha/numeric sequences. Multiple scans of my computer with different security software have not revealed any virus’s or keyloggers. Discover cs reps were not surprised that this happened and that the rewards were used for Lands End gift cards. One rep commented that they have been seeing quite a bit of this exact same scenario. Anybody know what’s going on with Discover or have recent similar stories?

Reply to this comment

avatar 31 Anonymous

Today (May 13 2013), I received an email from Discover saying my email address was updated. I called up Discover and after 2.5 hours on the phone I got the following information:

1) Someone placed a small charge (<$1) on the account at an odd sounding website.
2) Twenty minutes later, Someone (presumably the same person) "re-registered" the account changing my email address. The new email address was the same as the old one but with some seemingly random digits added to the end. (The new email address is not valid)
3) Someone cashed out my Cashback for Land's End E-Certificates — it also occurred today, but she could not provide a time.

The last person I spoke with (who seemed the most knowledgeable) admitted that they failed to correctly answer the security questions and should not have been able to re-register without answering them. She also said there is no record of the person logging in to redeem the cashback, even though there is a record of them redeeming it. She also admitted she had seen this exact modus operandi a few times in the last few weeks.

She had no explanation for any of this. I'm very disturbed particularly by the fact that they apparently have no records or explanation as to how this could happen after they failed to answer my security questions. I think Discover owes people some answers as to what is going on.

Reply to this comment

avatar 32 Anonymous

I just discovered yesterday that my points had been stolen also. I Have a Business Discover account- had not cashed in my points since 2011 (a Discover gift card and some merchandise all mailed to me). I went to redeem my points- had discovered I only had about $50.00 worth. When I looked at redemeetion hx that’s when I discovered multiple redeems on March 27 2013 all at Lands End E certificates ( $750 worth). I called Discover and they assured me they would return my points and cancel that card ans reissue a new one.I could hardly sleep last night thinking maybe one of my employees did this, but after reading these posts I feel better that it has happened to so many diff people that it prob. is an issue with Discover not my people. Discover also told me my email address had been off by 1 letter. You would think that they would mail you a notice or call on the phone to tell you.

Reply to this comment

avatar 33 Anonymous

I first wrote about this in January of 2012 and today (August 12th ,2013) I received a letter from Bank of America stating that rewards dollars can no longer be redeemed into a non-Bank of America account, used to pay a mortgage or donated to a charity. I guess this is the final fix and will allow them more control when they disburse rewards. I don’t have any problem with the new requirements as they will still credit your VISA account or send you a check, but it was a long time coming. Hopefully there is an array of “other” protections in-place as well as I really hope I don’t have to write about this again.

Reply to this comment

avatar 34 Anonymous

I working with my credit union now on a suspiciously similar problem. At the end of the year, my account showed $159.15 in my Cash Rewards balance, then in January, it showed $0.00 as the starting balance, and a credit of $4.17. I’ve been told that they work with a 3rd party company to do the cash rewards, and the company is “working on it”, but the communications are very poor between them. After nearly two weeks, I requested that the credit union put the proper amount in my account and they can work out the issue with the “3rd party”. Frankly, it’s not my problem.

Reply to this comment

Leave a Comment

Note: Use your name or a unique handle, not the name of a website or business. No deep links or business URLs are allowed. Spam, including promotional linking to a company website, will be deleted. By submitting your comment you are agreeing to these terms and conditions.