Today is a day off work, and like any normal day off work I took the chance to have a good sleep-in. Turning on my phone this morning I was greeted with the usual stream of notifications: Twitter mentions, Facebook updates, Metro cancellations, text messages and new emails. The four voicemails from a blocked number stood out – all had the same theme, but with an increasing sense of urgency: “Please call (bank name) as soon as you receive this message”.
Typically there’s only two things the bank will call you about: overdue mortgage payments and questionable credit card transactions. I no longer have a mortgage, so that leaves only one possible thing.
Before calling them back I had a quick browse through my recent transactions. The two that stood out were for Netflix and for a USENET provider – both of these had aroused suspicion by the bank before, and it was probably those they were asking about. The combined total of those transactions amounted to less than $20, so I wasn’t sure why there was sudden urgency to get in contact with them.
When I did speak with a representative from the bank, I got a better picture of what was going on: over the last 12 hours my card had been used to make purchases for around $1300, all of which were pre-authorisations. Another transaction for just over $1000 had been caught by Verified By Visa. At least some of the transactions were card-present – one was made at a store located in Queensland. So my card has been cloned at some point.
The compromised card has now been suspended and a replacement is on the way. The next step is to wait for the transactions to actually post and then lodge a dispute. Thankfully the money will be refunded reasonably quickly, but it’s still an inconvenience.
But the one question I do have remains unanswered: how the hell?
A similar situation happened with the same card 12 months ago, but in slightly different circumstances. I’d made a transaction over the Internet, and subsequently found that the merchant had posted a second charge a few months later for penis enhancement pills. Furthermore, the one-off purchase I had made was being charged periodically, something I had not authorised.
The card was blocked and replaced, and my money was eventually refunded following an investigation by the bank. From that point on, I was even more careful how and where I used the card. I’m careful to check ATMs for skimming devices. I never let a retail worker handle my card – or if they have to, I keep a very close eye on what they do. No one else ever handles my card, and the details aren’t recorded anywhere.
My only guess is either a skimming device or poor data protection practices. However it happened it simply means an even greater level of care in the future.