Hi everyone,

Posting this as a PSA and to see if anyone else has experienced something similar.

I’m an Alberta resident. My wallet was stolen and my iPhone, which included my PC Financial debit card. Shortly after, my entire PC Financial account was compromised and more than $14,000 was taken.

Based on what I’ve been able to piece together (and documented with screenshots and a police report), this appears to be how it happened:

•	PC Financial’s website allows a username reset using only debit card details

•	Once the username is changed, the password can be reset using username + date of birth

•	After gaining access, the thief was able to:

•	Change the account PIN

•	Make multiple high-value transactions (gift cards) within seconds

•	No additional identity verification or transaction fail-safes were triggered

—- OTP was taken via the phone call option, 33 second of call log was found.

This does not appear to involve phishing, malware, or me sharing credentials. Access was obtained through PC Financial’s own credential recovery process after the card was stolen.

I’ve:

•	Filed a police report

•	Reported the fraud to PC Financial

•	Preserved all documentation and timelines

I’m sharing this because if this flow exists as designed, it could potentially affect anyone who loses their debit card.

Questions for the community:

•	Has anyone else experienced or heard of something similar with PC Financial?

•	Are debit cards being treated as sufficient identity for full online account access?

•	Any advice from people who’ve gone through OBSI / FCAC complaints?

I’m keeping some details vague due to an active investigation, but happy to update if there’s interest or if this helps others protect themselves.

Thanks, and please keep an eye on your accounts.