Credit-card fraud doesn’t care how much you obsess about security

Once again, I have a credit card cut into pieces and dumped in a trash can, thanks to somebody trying to treat themselves to a spending spree on our account.

This time, the card was a Citi Double Cash MasterCard, and the transaction that got my attention was a $969.90 Lenovo purchase. Neither my wife nor I had any recollection of making that–and neither Citi nor Intuit’s Mint personal-finance app had flagged it as suspicious.

After spotting that in our account, I saw two other, sub-$10 transactions with “OTC Brands” that also didn’t match up with anybody’s memory. A 14-minute call later, Citi had canceled our cards and ordered up replacements–I can already shop online with the new number–and pledged to investigate these three sketchy purchases.

So overall, we got off easy. But the experience has been a useful reminder that sometimes security is entirely out of your hands. There’s nothing we could have done to stop this from happening; at best, Citi’s security would have flagged the Lenovo purchase and asked me to approve or deny it, as it did when an unknown party tried using our card in March of 2016 at a Ukrainian site.

And no, having an EMV chip on this card did not enhance its security for card-not-present transactions. Even if this card had required me to key in a PIN instead of sign for in-person purchases, that also would have likely made no difference online.

Sometimes you just have to hope that the system works–and when it doesn’t, hope that you don’t wait too long for the system to get your money back. Having gotten Equifaxed last year, I can confirm that things could be worse.

Advertisements

Weekly output: EMV cards, wearable gadgets, cable-TV apps, Apple, upload speeds

I’m halfway through an obnoxiously transatlantic fortnight: I spent four days in New York this past week for CE Week, and Tuesday I fly to Paris to moderate a handful of panels at the VivaTechnology conference. But when I step off the plane at Dulles a week from today, I’ll have more than a month before my next work trip.

6/20/2016: What Home Depot’s Chip-and-Pin Lawsuit Means to You, Consumer Reports

If you’re wondering why people get so insistent about having a PIN on their credit cards, this story may clear things up for you. (Spoiler alert: It won’t do much for the biggest source of credit-card fraud.)

CE Week wearables panel 20166/23/2016: Is that Tech You’re Wearing?, CE Week

I talked about the design, features and use of wearable gadgets with UNICEF Ventures’ Jeanette Duffy, WARE founder Pamela Kiernan, and ŌURA co-founder Kari Kivelä. Afterwards, GearDiary’s Judie Stanford interviewed the four of us, and the organizers posted that clip next week.

6/23/2016: Big cable has a plan to help you dump the cable box you’re renting, Yahoo Finance

While I was in NYC, I stopped by Yahoo’s offices to record an interview with Yahoo Finance editor-in-chief Andy Serwer about the prospect of replacing cable boxes with cable apps; it runs atop this story.

6/25/2016: Rob Pegoraro on technology, plus a presentation by MacRecycleClinic, Washington Apple Pi

I drove over to the general meeting of this Apple user group to share my thoughts on the state of Apple–and to donate the 2002-vintage iMac I used for four years before handing it off to my mom, who relied on that computer until replacing it with an iPad Air last year.

6/26/2016: How to compare Internet service providers — by upload speed, USA Today

After a reader of last week’s USAT column commented that I should have addressed upload speeds–and some quick searching revealed that many Internet providers treat them as a bit of a state secret–I realized I had a column topic on my hands.

Updated 9/6 to add a link to Stanford’s interview.

Weekly output: EMV credit cards

Last week’s flurry of work–enough for me to lose track of it when trying to inventory it here–was evened out by this week. I also didn’t have to travel any further for work than Capitol Hill and downtown D.C., although one of this week’s events did require me to dust off the tuxedo I hadn’t worn since maybe 2009. (Can we not talk about how the pants fit before the intervention of a tailor?)

Yahoo Finance EMV-update post5/6/2016: Those chip cards have a long way to go, Yahoo Finance

Watching a panel at the Rayburn Building Tuesday reminded me of two things: It’s been over six months since the “liability shift” that was supposedly going to end the tenure of old-school magnetic-stripe credit cards, and it’s been almost as long since I covered this topic. Revisiting the issue convinced me that making people enter a PIN at each purchase won’t solve the bigger security issues of paying with plastic–and that my earlier writing about “EMV” cards should have acknowledged the extra time spent with your card in a point-of-sale terminal.

(Notice the new Web address? Stay tuned for more about that.)

Weekly output: wearables and privacy, Verizon Custom TV, Tech Titans, EMV credit cards

My streak of never getting an invitation to the White House Correspondents Dinner continued, although I once again partook of Yahoo’s hospitality at their pre-dinner reception. I am okay with that streak; I look at it as one of my few remaining bits of indie cred.

4/20/2015: A Conversation on Wearables, State of the Net Wireless 2015

At the end of this half-day policy conference, I quizzed Center for Democracy and Technology president Nuala O’Connor about the privacy issues posed by wearable gadgets like the Apple Watch.

4/21/2015: Verizon’s ‘Custom TV’ Fixes Overpriced Channel Bundles — or Does It?, Yahoo Tech

I applauded Verizon for finally taking a step I’d suggested back in 2004: letting viewers buy packs of related channels instead of making them buy up to a higher tier of service. I was a lot less excited to see equipment fees and other surcharges inflate the advertised $54.99 price by over a third.

Washingtonian Tech Titans page4/23/2015: Tech Titans, Washingtonian

Every two years, the magazine puts together this list of “the most important people in digital Washington,” and this time around enough D.C.-tech types apparently spoke well of me to get me included in this list. I am honored and flattered by that. (The story’s not online yet, but I’ll add a link once it is. 5/4: Link added.)

4/26/2015: Chip-card security remains scarce in wallets, USA Today

A half-day conference I attended Thursday gave me some useful material for this update on the “EMV” chips that remain absent from all but one of our credit cards–and which have yet to see any retail use on that Amex. There’s also a tip about a new Sprint international-roaming offer with a nasty surprise in its fine print, something I first covered in an April 13 update to my Wirecutter guide to wireless carriers that was too small to mention here.