Wednesday, February 5, 2014

Dangers of Having Cards Open

We live within walking distance to one of New York's touristy destination eats, The Shake Shack in Madison Square Park. We like to go when the line is only 3-4 people long during off peak times or cold weather. However, on warm weather days, you'll find a line with over 100 people waiting in it for a signature Shackburger.

Because they serve so many different customers each day, it makes it all the more difficult to find the thieving culprit who used our credit card to make a $21.39 purchase yesterday!

As you may know, my father has a lot of open credit cards. While he usually uses only 3 cards for everyday purchases (Citi Thank You for groceries/gas, Chase Sapphire Preferred for transportation/dining, and American Express SPG for everything else; collectively known as "the Starters"), he keeps the rest of his credit cards in a plastic bag hidden somewhere in our apartment (known as "The Bench").

But having so many active accounts (with many out of sight, out of mind) can mean all the more chances of someone getting a hold of your information and using it without you noticing. Thankfully, my father is a huge fan of, a trustworthy (and free) website that accesses all your online bank and credit card accounts to consolidate all your financial information into an single web-based interface.

Now while many people will shudder at the thought of loading up their bank account ID and passwords, there are over 10 million users who are comfortable with the fact that uses the same level of data protection and security that banks and financial institutions are using. I won't go into all the details defending Mint or arguing that you should use it, because last I checked, they're not sponsoring Baby Songer's mega 3rd birthday party coming up later this year. But my parents trust it, and it paid off for them.

Yesterday, my father logged into his account, which he checks daily to (a) manage our family's spending, (b) confirm his transactions went through and (c) make sure there is no unusual account activity. And as it turned out, he saw a pending transaction for Shake Shack the same day. At first, it didn't strike him as odd, because we actually went there on Monday. But he saw the Monday transaction down below for February 3. Odd.

Perhaps it was my grandmother who was given an authorized user credit card by my father to use for groceries and gas. Grandma loves Shake Shack too. But upon clicking the item, my father noticed it was on a different Citi credit card than the one she had. In fact, it was on my mother's Citi Thank You Premer credit card (which we don't use!).

Well, my father started to understand that it was a fraudulent transaction. My mother and he logged into her online Citi account and saw the pending transaction there as well. Normally, when they clicked on the pending transaction, it will identify which cardholder made the transaction. In this case, however, it had "Not Available" stated under the cardholder.

We immediately went to our secret stash of Benched credit cards and found the Citi Thank You Premier cards safe and sound in the plastic bag.

Somehow, despite them being hidden in our apartment for the past month, this card managed to swipe itself at the Shake Shack by remotely teleporting itself several Manhattan blocks away.

My father then calmly called Citi and notified the representative that there may be fraudulent activity on the account. She asked the typical "Are you sure you didn't...?" questions and then read through the standard disclaimer warnings that the police may get involved in the investigation (perhaps to ward off accidental or manipulative cardholders trying to avoid paying for something). My father agreed to move forward. She immediately tried calling the Shack Shack, but was unable to find a number. Probably because it was literally a box in the middle of a park and not a real restaurant.

As you'd expect, my parents would not be responsible for the transaction in question while they investigated it. Citi then cancelled the card number and confirmed that it would be unable to be used again. She then re-issued a new card with a new number which would be sent via FedEx to our home address in just 1-2 business days (faster than the typical 5-7 business days, because we were apparently "top tier Citi customers"). UPDATE: At 1:40PM the next day, FedEx dropped off our new Citi credit cards. Pretty impressive turnaround time.

When my father asked how something like this could happen, the Citi representative explained that some criminals have devices that will remotely swipe your magnetic credit card information without your knowledge. The more likely scenario, however, would appear to be a data breach at Macy' or where we last used this particular card. After all, Target did get breached a few weeks ago.

Key Take Away Lesson
This game is fun and rewarding, but it's not free to play and it's not without significant personal risk. Thankfully, using a way to stay updated on our credit card activity (like allowed my parents to quickly catch a fraudulent transaction before it turned into a bigger issue.

But it's important to note that did not flag this transaction as suspicious. Nor did Citi. The transaction was very standard and fell within the typical spending patterns of my family. Furthermore, the fraud happened at a restaurant that we actually frequented somewhat regularly. The only reason it was caught at all was because my father was so anal and OCD detail oriented. Nice job, dad!

No comments:

Post a Comment