Thursday, June 9, 2011

Follow-up to My Credit Card Number Was Stolen...Again

You will recall that over Mother's Day Weekend someone got a hold of my credit card and was attempting to travel Europe on my dime. To their credit, my company caught the fraud immediately and a good number of the charges.

At the time, my credit card company, could not give me an explanation for how my credit card number got into the hands of this world traveler. In more recent conversations over wacky charges that appeared last week, the company told me that the number was randomly generated through some card generating algorithms that criminals use. Uh huh.

I've said it before and I'll repeat it now: I believe that these are not randomly generated numbers. I believe my credit card company has a serious security flaw.

And now I've been proven right.

My credit card company, Citigroup, has been hacked!
Citigroup credit card customer information hacked
Chicago Tribune, June 9, 2011 via CNN Money

Citigroup says it has discovered a security breach in which a hacker accessed personal information from hundreds of thousands of accounts.

Citigroup said the breach occurred last month and affected about 200,000 customers.

"During routine monitoring, we recently discovered unauthorized access to Citi's account online," said Citigroup, in a prepared statement. "A limited number -- roughly 1 percent - of Citi bankcard customers' accounting information (such as name, account number and contact information including email address) was viewed."

According to its annual report, Citigroup has about 21 million credit card accounts in North America, where the breach occurred.

The statement went on to say that the customers' Social Security numbers, dates of birth, card expiration dates and card security codes "were not compromised."

Citigroup said it was contacting the affected customers and had "implemented enhanced procedures to prevent a recurrence of this type of event."

This is the latest bit of bad news for Citigroup, as the company's stock has plunged a whopping 15 percent over the last month due to uncertainty about the impact of the Wall Street reform law.

Rival bank stocks have also plunged, including JPMorgan Chase, Wells Fargo, Bank of America and Goldman Sachs.
Here's the thing...I believe that the reason all these security breaches keep happening (e.g., Michaels, Aldi, Citigroup, etc.) is because companies simply aren't taking customer security seriously enough. They figure it's cheaper to pay out some damages in reversed credit card charges than it is actually beef up their security. I also believe this isn't going to change until these companies are held liable for damages to the customers. Companies need to be held liable for being complicit. They have the ability to stop all these security breaches and they aren't doing so. They need to receive huge governmental fines and also be liable for damages to customers in some multiple of the fraud that occurred, but with a minimum fine for customers who have no actual fraud, but simply have their personal information leaked.

Both times I was the victim of fraud (in 2008 and last month), Citigroup said I was not entitled to a free copy of my credit report (I've already gotten my free credit reports for the year, so additional copies are on my dime). They did not contact the credit bureaus about the fraud. I had to do that. I had to put a fraud alert on my credit, but it's just that and does not have an explanation with it. All a fraud alert means is that if anyone attempts to open a credit card in my name, I'll get a phone call.

I didn't cancel my Citigroup Mastercard last month, even though I wanted to and now I don't know what to do. Do I cancel the only credit card I've had since 1997 which will hurt my credit OR do I hang onto a card with a company that clearly can't keep my private information secure?

What are your thoughts?

No comments:

Post a Comment

Thank you for leaving a comment on Little Merry Sunshine. Due to the volume of spam comments, all comments must be approved to ensure they are not spam or spambots. Thank you for understanding.