Ironically, while preparing to moderate a BS&T webcast on data breaches this week I discovered myself to be the victim of fraud. I am one of the statistics, one of the 30 million-plus individuals whose personal data has gotten into the wrong hands this year.
I found out by chance on Oct. 30, when phoning my credit card company with a routine inquiry, that on Oct. 23 someone attempted to charge about $500 on my card and Citi refused the transaction.How my card details came into a thief's hands? Search me. "You'll never know and Citi will never inform you if they find out what happened," said one call center rep., whose honesty, at least, I appreciated.
The original rep. did not share with me that Citi had flagged my account for fraud and only let me in on the denied charge after I insisted on knowing why she kept asking me did I charge this, did I charge that? As a relatively new Citi customer I initially indulged the possibility that Citi was super security conscious.
It was strange to think of someone using-or attempting to-the credit card that was in my hand. I can only speculate on how someone might have come to possess my account numbers. My hunch is that no database was hacked; rather that someone handling my card while I was traveling noted relevant details. Still, it might help me protect myself better in the future to know more.
Somewhat similarly, the first my partner knew his J.P. Morgan Chase credit card had been flagged for suspicious activity was when it was inconveniently denied this summer-without any warning. In fact, the "suspicious" transactions were all his.
I asked Citi why it didn't tell me my account had been flagged or share details of the fraud attempt. This was made more ironic by Citi sending me several emails pressing me to provide them with more detail in a customer satisfaction survey. It asked was I happy with how the fraud was handled and would I continue using Citi or recommend it to other prospective customers.
Spokeswoman Jeanette Volpi said she could not discuss my specific situation and provided a company statement that said: "For security reasons, we do not discuss details of potential compromises." It added: "When we become aware of a potential compromise, we take steps-above and beyond the prevention and detection actions we normally apply to our more than 150 million cardmember accounts... (W)e reissue... cards to customers whom we believe may be subject to increased risk."
Actually, the supervisor who promised to revoke the card failed to do so, I found out when phoning back about misinformation the call center gave me on the original, routine inquiry! That could have exposed me to further fraud. Yet, such human error still sits better with me than a policy that places me at a disadvantage.
Read more from BS&T's
Special Report: Data Security
Protecting Customer Data Is Small Banks' Top Tech Concern
Best Practices on Data Breaches
Fighting Fraud With Texts