Monday, January 14, 2008

My credit card account was compromised....

Interesting. I had just read a great post on Andy ITGuy's blog about getting a call from a credit card company regarding suspicious credit card activity. Well, today I got a similar call. Being an IT Sec worker, and trusting no one, I went and found a statement, and called the customer service number printed there. Unlike Andy, I happen to use this card with some regularity. And, I keep all receipts for month-end reconciliation. So, I'm fairly familiar with the places the card has been used.

When I got through to a CSR, I was told there is/was suspicious activity on the card and the account needed to be closed. However, the CSR asked me to verify two transactions, which were correct. I was told a new card would come in the next X number of days, to call to activate the card, yadda, yadda, yadda.

Here's what ticks me off. And I'm pretty sure Andy was in the same boat. I questioned the CSR on where the suspicious activity was from, or what merchant reported (or didn't) the breach. She wouldn't answer me. When she asked me if there was anything else she could do for me, I (politely) asked her to transfer me to someone who could answer my question. She put me on hold for about a minute, no doubt to get another cup of coffee. When she came back, she told me that she wasn't allowed to tell me anything. Was there anything else? Sure, if she can't tell me where the problem occurred, how do I know where NOT to use the card? What's to say that I use the card this week (where I normally would) and get another call from the credit card company? Doesn't the consumer have some rights here?

I've read a lot on PCI, and how the credit card companies are shifting the responsibility to the merchants (and there are two great posts here and here). Shouldn't there be some (more) accountability to the consumer?

I'm on the fence with whether or not I want to keep this credit card. I've been with the company for many years.

And, the company I have just left deals with credit card companies. They are woefully PCI non-compliant. But that's a post for another day.

No comments:

Post a Comment