Well, not really. This time it was only my debit card.
I received word, last Saturday evening, from bank (National City) that my debit card had been used for a ‘card-in-hand’ transaction at a gas station in Canada (they made a physical card containing my debit card information on the back strip). The women from the bank asked if had been in Canada earlier that day. After telling her that I was at home all day she informed me that my card number had likely fallen prey to the recent rash of debit card information thefts.
From what I was able to gather from previously reading about this, is that a number of merchants illegally retained debit card PIN information and the information was subsequently stolen and used all over Canada and Europe.
The woman from the fraud department at National City informed me that the transaction had occurred about an hour earlier, that she saw no additional fraudulent transactions (I verified with my online account view), that my card had been frozen to prevent further charges and that the bank maintains no liability policy. In other words I was not responsible for the transaction in any way. She asked that I stop by a branch and fill out an ‘Affidavit of Fraud’ and that a new debit card was being mailed first thing Monday.
All and all I was very impressed with quickness of detection and the fact that they took the initiative and corrected things. They turned what could have been a disaster into only a minor inconvenience.
I am, however, unimpressed with the fact that government still has not passed any law that will hold the vendor(s) accountable for allowing the information to be compromised. I am certain that once a law of this sort passes, the frequency of these sort incidents will drop like a stone.
The number of articles about this whole debacle indicate that hundreds of thousands of others have also fallen victim. A couple from security focus are as follows: