07 6 / 2011
Credit Cards, Banks, and Idiocy (Part 9,634,809)
I have a credit card through Citibank. I know they’re not exactly a great company, but they were willing to give me my first credit card when I was an unemployed college student (with insanely high interest rates, of course), and I’ve never had any need for anything further.
In general, I’ve never been too dissatisfied with my service from them. I guess calling them is a pain, since for a certain time period they would always, always try to sign you up for some stupid service that they were offering, and it was super-high pressure and hard to opt-out of. They seemed to have cut that out lately, though.
Or there was the time where they just randomly decided to give me a new (and better) credit card. It wasn’t a big deal, but a little bit of warning would have been nice before I nearly had a heart attack while logging into my account one day after it happened. I was greeted with a big red “THIS ACCOUNT HAS BEEN CLOSED” notice, since they automatically closed my old one when they switched me over to the new plan. A phone call cleared it all up, though. It was a pain to switch everything I pay for online over to the new number, too.
Then there have been the random “fraud alert” holds that I’ve had. Sure, one time was after my trip to Japan, I guess I get that, although I don’t know why the fraud alerts didn’t happen while I was booking Japanese hotel rooms that costed in the hundreds of dollars, and instead occurred once I got back home and tried to make a purchase at Wal-mart. The other time was completely random though—I use it to buy all kinds of stuff internationally, most of it being processed through Paypal’s Singapore affiliate (which handles all of the Taiwanese Paypal transactions). But I’ve bought records and other junk from the UK as well, and never had a problem. Then I placed an order with the Apple Store here in Taiwan and again instantly had a hold on my account.
Well, I suppose I have had some grievances. But they’re pretty minor, I guess. And so is my latest gripe, although that doesn’t make the situation any less dumb.
I logged into my Citi account today to once again find my account closed, which was conveyed to me through big, red text. ”Oh joy,” I thought to myself. The message on the page was interesting, though. Here’s what it said:
A recent data compromise may have put your account at risk. A new card/account number has been issued. Continue to use your existing card until you activate the new card.
Additionally, further on down the page it added this:
Access to Account Online is limited, as a precaution. Download your statements to view payment amounts and statement balance. The Account Activity page will not reflect your most current account information.
Now, at first I thought perhaps this was just a fraud warning like the ones I had encountered earlier, although it seemed different because before I just had to authorize it and then the old account went on working like normal. This didn’t seem to be the case here. I also found the wording interesting. A “data compromise” did not sound like anything that was my fault.
So I got on the phone with them. Which, of course meant that I talked to a rather nice Indian fellow named “Jason,” whose accent was actually not that bad although his overly polite tone still made the conversation uneasy and artificial—even for a phone call with a representative of your bank.
According to him, I was right. It had nothing to do with me, the servers had been “hacked” (his terminology, not mine) and no-one knows what numbers have been exposed, but as merely a precaution they are renewing all the numbers.
Okay. I don’t have a problem with that. I asked him when I could get online access back and he told me not until I activate the new card. Which I can expect to receive in 7-10 days, except of course I am not in Hawaii, so actually my mom should receive it in 7-10 days and then she will forward it to me, and who knows when I may actually receive it.
I have a bunch of questions in that regard. My billing period ends in a few days’ time and my statement will need to be paid by the end of the month. But I only receive online statements, which I still may be able to download online, but I can’t use the online payment system. I guess I can mail them a check, or something? That’s a pain, but it’s not the main issue—yet.
My main issue is the logic. Someone explain to me how Citi’s actions make any sense. For a brief summary:
- Citi’s servers get hacked, my number may be compromised
- As a result, Citi shuts off access to my online account. The one that I can use to monitor recent purchases, i.e. possibly fraudulent ones. As of right now, I have no way of seeing what purchases (legitimate or otherwise) have been made on my credit card since this data breach occurred.
- But at the same time, Citi leaves my old number active. I admit, this is a huge convenience to me, since I still need a credit card, and if the old one was deactivated until the new one arrived, I would be screwed. However, this also leaves me vulnerable to fraudulent charges, which again, I cannot check for and monitor against online.
Why? Why would they do this? I understand Points 1 and 3, I think. 1 is what set everything in motion, nothing can be done about that. 3 makes sense because, as I said, otherwise I would have no credit card access in the interim before receiving a new card.
But 2. What is the point? It didn’t sound like the hackers received information on my Account Online credentials, and Citi has not asked me to change my password or anything like that, so I assume that was not compromised.
But even if they did, what bad things could they do that they already couldn’t do with my credit card number? Pay my bills for me? Check out how much money I waste on apps and vinyl records? What exactly is the security advantage in such a move?
On the other hand, like I said, I can see a security disadvantage—right now, I cannot check the recent charges made on my card, which I usually check every day or so just to see if anything is amiss.
In the grand scheme of things, I know it’s not a big deal. I’m sure I’ll receive the new card in a timely fashion, activate it, and get back in business. Citi claimed that it’s unlikely that my number was actually even compromised, which I’m not sure how much I believe, but still. Even if it really was stolen, and even if there were unauthorized charges on my still-active account, I know I wouldn’t be liable for them, although I’m sure that’d be a pain to clean up.
I know I will probably just have to update my credit card info to the zillions of different sites out there that I use them on, which I probably honestly won’t even notice until some subscriptions don’t automatically renew or app purchases don’t work or something. It’s not a huge deal.
I just don’t get why they cut off my Account Online access. Why, Citibank, why?
