Credit Card Identity Theft – Whose Responsiblity Is This?
April 26th, 2009 Greg CorwinAs promised here is an account of what happened last month with my credit card number being stolen and used over in the UK.
Sometime in late February or early March my bank, Huntington, sent me a new Visa debit card. Odd I thought, since my card didn’t expire for at least another year. Along with the new card was a small insert explaining that there was as security breach with a company that processes credit card transactions for them. “OK, no big deal, the bank’s on top of this.”, I thought and I activated the new card and then didn’t think twice about it after that.
About two weeks later I went to my account online to draft an international wire transfer for a staff member and I saw that my account was really low for how much I thought should be there. First thing that came to mind was that a check from a client bounced, but then I started seeing odd transactions from the UK. There were some credits and some debits that were small (~$25), but they were the same amount going in and out, essentially zeroing each other out. Interestingly, the bank called me as I was trying to figure out what was going on. The woman said that she was with the fraud division and they were noticing some “unusual activity”. Something about feces and Sherlock, right?
The missing amounts totaled nearly $2,500 including some that were scheduled to post that night.
Well, as we were going through it and identifying the bad transactions I noticed that the charges were all made against the OLD credit card number and they were all made well past the date that I activated the new card! That is when the Huntington agent told me that the old numbers are not necessarily deactivated right away and that it can take weeks before they are deactivated.
Now call me silly, but doesn’t that sound more than just wrong? I mean WTF? My account is a corporate account with very high daily limits because of the purchases that I have to make from time to time (servers, services, software, etc.). Theoretically these perps could have wiped my account out in the matter of a couple days, not only emptying my account but even digging into a overdraft line of credit, literally putting me in the red!
Why? Because the bank or credit card company doesn’t have a method of canceling/deactivating one card when another is activated? Seriously wrong!
To Huntington’s credit they did issue a provisional funds covering all the charges, but it took them five days to do it. And granted, I am including the Sat and Sun since we found this out on a Friday, but still since it was clearly their fault they should have credited me immediately (IMO).
OK, so where do I go from here? Should I report this to the SEC or some other gov’t agency? I seriously feel that this is something that was completely avoidable, and with fault being in no part my own. I am really careful with my identity, and I watch my bank account pretty carefully, knowing that something like this can happen. But I still feel that something should be done to prevent this from happening to others, and am still flabbergasted that it happened at all.
Please if you have a suggestion – other that making sure my old numbers are deactivated when I activate a new one – please share it here or email me directly (greg at corwin dot org)