Credit-card fraud doesn’t care how much you obsess about security

Once again, I have a credit card cut into pieces and dumped in a trash can, thanks to somebody trying to treat themselves to a spending spree on our account.

This time, the card was a Citi Double Cash MasterCard, and the transaction that got my attention was a $969.90 Lenovo purchase. Neither my wife nor I had any recollection of making that–and neither Citi nor Intuit’s Mint personal-finance app had flagged it as suspicious.

After spotting that in our account, I saw two other, sub-$10 transactions with “OTC Brands” that also didn’t match up with anybody’s memory. A 14-minute call later, Citi had canceled our cards and ordered up replacements–I can already shop online with the new number–and pledged to investigate these three sketchy purchases.

So overall, we got off easy. But the experience has been a useful reminder that sometimes security is entirely out of your hands. There’s nothing we could have done to stop this from happening; at best, Citi’s security would have flagged the Lenovo purchase and asked me to approve or deny it, as it did when an unknown party tried using our card in March of 2016 at a Ukrainian site.

And no, having an EMV chip on this card did not enhance its security for card-not-present transactions. Even if this card had required me to key in a PIN instead of sign for in-person purchases, that also would have likely made no difference online.

Sometimes you just have to hope that the system works–and when it doesn’t, hope that you don’t wait too long for the system to get your money back. Having gotten Equifaxed last year, I can confirm that things could be worse.

Advertisements

Weekly output: EMV credit cards

Last week’s flurry of work–enough for me to lose track of it when trying to inventory it here–was evened out by this week. I also didn’t have to travel any further for work than Capitol Hill and downtown D.C., although one of this week’s events did require me to dust off the tuxedo I hadn’t worn since maybe 2009. (Can we not talk about how the pants fit before the intervention of a tailor?)

Yahoo Finance EMV-update post5/6/2016: Those chip cards have a long way to go, Yahoo Finance

Watching a panel at the Rayburn Building Tuesday reminded me of two things: It’s been over six months since the “liability shift” that was supposedly going to end the tenure of old-school magnetic-stripe credit cards, and it’s been almost as long since I covered this topic. Revisiting the issue convinced me that making people enter a PIN at each purchase won’t solve the bigger security issues of paying with plastic–and that my earlier writing about “EMV” cards should have acknowledged the extra time spent with your card in a point-of-sale terminal.

(Notice the new Web address? Stay tuned for more about that.)