Credit-card fraud doesn’t care how much you obsess about security

Once again, I have a credit card cut into pieces and dumped in a trash can, thanks to somebody trying to treat themselves to a spending spree on our account.

This time, the card was a Citi Double Cash MasterCard, and the transaction that got my attention was a $969.90 Lenovo purchase. Neither my wife nor I had any recollection of making that–and neither Citi nor Intuit’s Mint personal-finance app had flagged it as suspicious.

After spotting that in our account, I saw two other, sub-$10 transactions with “OTC Brands” that also didn’t match up with anybody’s memory. A 14-minute call later, Citi had canceled our cards and ordered up replacements–I can already shop online with the new number–and pledged to investigate these three sketchy purchases.

So overall, we got off easy. But the experience has been a useful reminder that sometimes security is entirely out of your hands. There’s nothing we could have done to stop this from happening; at best, Citi’s security would have flagged the Lenovo purchase and asked me to approve or deny it, as it did when an unknown party tried using our card in March of 2016 at a Ukrainian site.

And no, having an EMV chip on this card did not enhance its security for card-not-present transactions. Even if this card had required me to key in a PIN instead of sign for in-person purchases, that also would have likely made no difference online.

Sometimes you just have to hope that the system works–and when it doesn’t, hope that you don’t wait too long for the system to get your money back. Having gotten Equifaxed last year, I can confirm that things could be worse.

Advertisements

Weekly output: Senate privacy hearings (x2), a split Internet, Chrome vs. Flash, cord cutting, D.C. tech, Chrome sync, Facebook hack

The last few days of Brett Kavanaugh drama in the Senate really took a hammer to my productivity. Yours too, I’m sure.

9/24/2018: What to expect when Apple, Amazon, and Google get grilled in Congress this week, Yahoo Finance

This was what you saw me talk about the previous Friday on Yahoo Finance’s Midday Movers show. One point I wish I’d made in this post: the absence of customer voices in this hearing.

9/24/2018: China’s Internet, Al Jazeera

I come on at about the 5:30 mark in the linked video to discuss remarks by former Google CEO Eric Schmidt that China’s increasingly-tight control of the Internet inside its borders means we’re now dealing with two Internets.

9/24/2018: Google’s latest Chrome update tightens the locks on Adobe Flash, USA Today

With Chrome now making it harder than ever to run Flash content, I checked in with two Flash holdouts: Intuit’s Mint.com, which requires it to view stock charts, and United Airlines’ “personal device entertainment” inflight service, which demands it to stream most TV shows and movies to a browser.

9/25/2018: Your wireless carrier may stop you from dumping cable TV, Yahoo Finance

I got an advance look at two studies that came out Tuesday: one looking at cord cutters’ motivations, another at how reliably wireless carriers deliver streaming video. The second provided important context to complaints cited in the first, so I wrote up both in this post.

9/26/2018: Are you ready for the spotlight?, DC Startup Week

SilverStrategy founder Tara Silver quizzed me, Technical.ly DC‘s Michelai Graham, and DC Inno’s Kieran McQuilkin about how startups try to get media attention, the state of the D.C.-tech scene, and this region’s odds of landing Amazon’s second headquarters. Update, 10/8: The organizers posted video of our panel to their Facebook page.

9/27/2018: Why now is a good time to reconsider browser-sync options on Google Chrome, USA Today

The latest Chrome release’s barely-documented switch to logging you into the browser if you log into any Google sites both upset some information-security types and gave me an opportunity to write this post, reminding readers that you can add a sync password to stop Google from monitoring and monetizing your Web activity and that Mozilla Firefox’s own Web-activity synchronization comes encrypted end-to-end.

9/27/2018: Tech execs to senators: Regulate us, but not too much, The Parallax

I wrote up Wednesday’s Senate Commerce Committee tech-privacy hearings, noting the questions the senators asked of executives with Amazon, Apple, AT&T, Charter, Google, and Twitter as well as the queries that didn’t come up.

9/29/2018: Facebook hacked, Al Jazeera

I made a second appearance on AJ’s Arabic-language channel (overdubbed live as usual) to talk about the series of bugs that could have let unknown attackers into 50 million Facebook accounts. Unlike my earlier appearance this week, this show doesn’t seem to be online.