Credit cards and financial data are the currency of the realm today. 50 years ago a measure of wealth was a large roll of cash. Today it’s credit. Most of us use our credit cards for just about everything. I use mine to buy food, gasoline, clothing, prescriptions, movies and everything I buy online. So if someone steals my credit card number, that can put me into a world of hurt.
Recently Citigroup suffered a massive data breach where 200,000 customers had their names, credit card account numbers and email addresses stolen. It’s unclear if the thieves got the expiration dates and CVC (card verification code) from each card, but the other information is still problematic. If the thieves can’t use the cards outright, they can start a spear phishing campaign to target the customers. Security experts are predicting that this type of crime will increase in the coming year as batches of credit cards stolen in the last few years begin to expire.
With the recent attacks against Citigroup, Sony and others, its very likely that you or someone you know was compromised. So imagine my surprise when last week I looked online at one of my credit cards and noticed two very large charges for merchants I never heard of.
My first action was to verify with family members that none of them made the purchases. No one made them. Then I searched for the names of the merchant online. It turns out the two transactions were made on subsequent days to a legitimate online gift company. Most of the merchandise at this company is fairly inexpensive, so the transactions must have involved large quantities. I also noticed the dollar amounts were not in round numbers. One was $580.90 and the other was $477.95. I don’t know about you, but when I see charges on my credit cards for $100, $50 or another round number, that always triggers my attention, since most purchases aren’t in round numbers. So the criminal who did this was hoping the purchases would go unnoticed.
Having verified these weren’t legitimate charges, I called my credit card company to report them. I spoke with someone in the fraud department, who suggested they close the account immediately and issue me a new card. I agreed. They removed the fraudulent charges from my credit card, apologized for any inconvenience and closed my account. They also offered to ship the new cards overnight to my house. They asked about any automatic recurring charges or any outstanding transactions. I didn’t have any so it was easy. The whole process took about 10 minutes. I was very impressed with the speed and service.
One of the scary parts of this episode is that I don’t use this credit card frequently. I use a separate credit card for online transactions and a different one for other purchases. I think it’s better to keep these separate so I can track my different purchases. The physical credit cards were not stolen, since my wife and I still had them in our possession. That means that either the card number was caught in one of the many data breaches or someone at a local store stole it some time ago and only recently used it. Neither is very comforting.
Whatever happened, I am more vigilant now about my credit card numbers. I’m doing what I can to keep my information safe, but I’m not sure about the merchants I use. I find it fascinating that the small companies I buy from online don’t keep my credit card information. They use services like PayPal which don’t send the numbers to the merchants. Big companies like Sony keep this information in an unencrypted format. Maybe the little guy is the smarter one. I’m not sure about local merchants and if they keep that information.
If your credit card number is hacked or stolen, do what I did. Don’t panic. Call your credit card company and cancel the account. It’s a bit unnerving, but is quick and painless. Now if we can get the companies that handle our credit cards to be a little smarter about how they store our information, maybe these stories will go away.
Photo credit jelene