I am one of the statistics on data breaches. I found this out by chance on Oct. 30 when I phoned my card issuer with a routine inquiry. One week earlier, someone attempted to charge about $500 on my credit card at a hotel and Citi refused the transaction.
How did my card details come into a thief's hands? Search me. "You'll never know, and Citi will never inform you if they find out what happened," said one call center rep, whose honesty, at least, I appreciated.
The customer service rep with which I initially spoke, however, did not share with me that Citi had flagged my account for fraud and only let me in on the denied charge after I insisted on knowing why she kept asking me did I charge this, did I charge that? As a relatively new Citi customer I initially indulged the possibility that Citi was super security-conscious.
It was strange to think of someone using -- or attempting to use -- the credit card that was in my hand. I can only speculate on how someone might have come to possess my account numbers. My hunch is that no database was hacked; rather, someone handling my card while I was traveling likely noted relevant details. Still it might help me protect myself better in the future to know more.
Somewhat similarly, the first time my partner knew his J.P. Morgan Chase credit card had been flagged for suspicious activity was when it was inconveniently denied this summer -- without any warning. In fact the "suspicious" transactions were all his legitimate charges.
I asked Citi why it didn't tell me my account had been flagged or share details of the fraud attempt. In an ironic twist, Citi sent me several e-mails pressing me to provide them with details from my end in a customer satisfaction survey. It asked whether I was happy with how the fraud was handled and would I continue using Citi or recommend it to other prospective customers.
Citi spokeswoman Jeanette Volpi said she could not discuss my specific situation and provided a company statement that said: "For security reasons, we do not discuss details of potential compromises." The statement continued, "When we become aware of a potential compromise, we take steps -- above and beyond the prevention and detection actions we normally apply to our more than 150 million cardmember accounts. ... [W]e reissue ... cards to customers whom we believe may be subject to increased risk."
Actually the supervisor who promised to revoke the card failed to do so, which I found out when phoning back about misinformation the call center gave me on the original, routine inquiry! That could have exposed me to further fraud. Yet such human error still sits better with me than a policy that places me at a disadvantage.