02:07 PM
Your Card Data MAY have been Compromised
Well, I guess there's a first time for everything. I was just informed by my very large credit card company that my card data MAY have been compromised.I received an email from them saying they were shipping me a new card. That was pretty much all they said. I found this rather peculiar since my card doesn't expire until months from now. So I decided to call. After navigating the usual IVR tangle, I got hold of a person. I explained what happened and she (quite cheerily) said that one of the merchants the card company deals with experienced a data breach and that my card data may have been compromised. She said that doesn't necessarily mean my information was truly at risk, but that the card company was issuing me a new card as a precaution--same number, different security code.
OK. I appreciate the proactive nature of what they did. But, really, should I not have been informed in that email of the true reason I was getting this new card? I guess they don't want people to panic and count on their customers not caring or being an editor on a banking publication!
Still, this was the first time I ever experienced it. I have to say, it's kind of a creepy feeling (even though the rep assured me it might not have been my own data at risk). Then again, this is the first incident I am AWARE of. Who knows what kind of characters have my data as part of some huge database they acquired through nefarious means.
Never was able to get the name of the merchant out of the CSR. I knew she wouldn't give it to me, but it was worth a shot. It makes me wonder if the mystery merchant was up to date on its PCI compliance. PCI isn't bullet proof, as recent breaches have shown, but it's a good first step.
Still, according to the Identity Theft Resource Center, 93 businesses in the U.S. were breached as of May 19, 2009 and at least 192,407 records were reported to be compromised. How much longer are consumers (and businesses) going to have to tolerate such news? What's the next step after PCI compliance? It can't come soon enough as far as I'm concerned.