It’s been a bad week for credit cards. Last Sunday I received a phone call from CitiBank Fraud Early Warning Department, informing me that they were canceling my CitiCard MasterCard because of a “merchant compromise.” They explained that someone had hacked into a merchant’s database and stolen all their stored credit card information. When I asked who the merchant was they refused to tell me, saying that the information was part of a criminal investigation and couldn’t be released. Apparently, however, my credit card information was part of the compromised database, so I asked them to confirm the recent charges on the card. Sure enough, there was a fraudulent charge from the day before, $30 from Macy’s. CitiBank overnighted me a new card, which arrived yesterday, but that started me thinking. I use my debit card more often than I use my credit card. It’s a Visa debit card, which is just like any credit card, except that charges against it come directly out of my checking account rather than being charged and billed later. If someone has stolen my credit card number from a merchant I use regularly, it’s possible they have my debit card number as well, so I’ve been monitoring my checking account for the past week to make sure there is no fraudulent activity on it. So far, so good.
Today I tried to use my debit card for a Chiropractic treatment and the transaction was denied. After the third attempt, my card was blocked. The bank says there was nothing wrong with the card; it should have been approved. They can’t explain why it was denied. All of this is happening just as I am about to leave town for the holidays. Thank goodness I am prepared; I have a backup debit card that has a different number than the one I normally use. I initially ordered the backup card because I travel so much – I always carry one card with me and leave the second in a hotel room or front desk safe. That way, if the first card is lost or stolen, I am not stuck in a foreign place with no way to pay for my hotel room or get cash from an ATM.
So far, the Macy’s charge has not shown up on my MasterCard bill. I called again yesterday and they said the merchant has not yet requested the funds. This is pretty typical when a lot of credit card numbers are stolen – the thief is in cahoots with someone who has the ability to “run” the cards through through a company’s charge system, posting a small purchase to make sure that the account is valid prior to using it for major purchases. This is posted to the card as a “hold” but is never billed because the merchant never actually requests the funds. Fortunately, in this instance, CitiCard caught the fraudulent activity before it went any further.
We live in high tech times and there are increased risks that go along with high technology. But there are things we can do for added security. First, everyone who has a credit card and access to a computer should activate their online account in order to actively monitor charge activity on a regular basis. As an additional protection, through CitiBank I have signed up for “virtual account numbers.” Whenever I make an online purchase, I first sign onto my CitiCard account online, generate a “virtual account number,” and use it for that specific purchase. This way, no online merchants ever get my REAL account number. If someone steals the virtual number it is useless, since it is only good for 30 days for that one merchant. Ironically, this most recent compromise was from a traditional merchant rather than an online merchant. Too bad there’s no way to generate virtual account numbers for face-to-face purchases. Maybe someday….