notquiteaff

yes, I refered to CA state law and the notification requirement in my msg to Citi requesting info about the merchant.

notquiteaff

Well, I never got the promised written response from whatever department the online customer support directed my question about the merchant name to. I sent them a follow-up today indicating that I will close my account if I don't hear back. The response, basically, was "we can't tell you due to possible pending legal action against the merchant."

I'll close my account and send a little note to the CA AG's office to see if they feel this disclosure is required under CA law. Might as well get something for my taxes

kair528

another similar thread that I started on fatwallet

http://www.fatwallet.com/forums/finance/867613/

skofarrell

Why do you guys care?

You can't have your identity stolen by having a card stolen. You need to have your SSN lifted for that to happen.

For credit cards, the issuer (Citi) and ultimately the merchant accepting the stolen card is on the hook for any fraud, not you. That's why so many of them are asking for ID at purchase time.

Debit cards don't offer as much protection. I never use them.

Keep an eye on your statements (which you probably do anyway), if you see anything hinky, call the card issuer.

There are better things to worry about. Like the economy.

cpx

According to FTC, you could still be on the hook for $50 in case of a fraud.
(Most banks even waive this amount.. but you are at the bank's mercy)
Provided that you notify the issuing company as soon as you find out about it.

In this case, the issuer found out about it before you did so the bank would be
on the hook. Merchants might not be on the hook in many cases.

notquiteaff

(a) I don't like to be lied to. ("you'll get a reply within 15 days...")

(b) Changing the credit card number causes me and everyone else affected all kinds of hassle.

(c) It appears only Citibank cards were recalled, so how can this be a merchant breach? The whole thing seems fishy

(d) if companies are not being held responsible for breaches of confidential data, they are not going to take their responsibilities seriously.

There are indeed other things to worry about as well, like the economy. But it's not an either/or situation. Sending a request to the Cal AG's office won't take me much effort, and I don't have much use for the Citibank card anymore as I had to switch all automatic debits anyway. Besides, what I can actually do about the economy, other than worry.

skofarrell

I've had number lifted 3 times in 10 years (2 Amex, One First USA, now Chase).

Never paid a dime out of pocket.

skofarrell

I think you're wasting the AG's time. A company or government agency losing an SSN (or other personal data) is one thing. A CC is quite another. You're not at any risk in the latter.

You're also making a false assumption that a merchant CC breach is equivalent of a personal data breach. The two are entirely different.

notquiteaff

How do you know what merchant it was and what data was in their database? There are certainly companies out there that have both my credit card and my social security number (phone company, for example). Since Citi is apparently not willing to tell me what merchant was affected, I have no way of even knowing what data was lost. And I doubt you know more.

So I'll leave it to the Cal AG's office to make the determination of whether they have violated CA state law.

skofarrell

okey-dokey. G/L.

icurhere2

Mine was labeled "Russian Card Compromise". I received an authenticated E-mail message yesterday saying to log into my account urgently - I tried but my information wasn't recognized. Today, I received a new ATM card saying the old one was to be deactivated in mid November. Anyway, here's the message that was waiting in my online account; it was for a checking / saving combination that has three of my credit cards directly linked.

**********************************

Dear Citibank Customer,

Citibank recently discovered that your Citibank Banking Card may have been compromised. To protect you and your account, certain precautionary measures have been taken, which include reducing your daily ATM limit and issuing a new Citibank Banking Card to replace your existing card.

We ask that you assist in this effort by taking the actions noted below:

1. Activate your new card immediately.

- Your ATM limit will be increased to the original amount on the next business day following activation.
- Activating your new card will immediately deactivate your current card.
- Your current card will be deactivated on November XX, 2008.

2. Change your Personal Identification Number (PIN) immediately.

- As a general practice, we recommend you change your PIN periodically to prevent risk of unauthorized access to your account.
- You can change your PIN on www.citibankonline.com, at any Citibank ATM or at any Citibank Financial Center in the United States.

3. Review your account activity, if there are any transactions you do not recognize.

- Please contact us at any of the following numbers and our representatives will assist you:

1-888-248-4226 CitiPhone
1-800-360-2484 Spanish language calls
1-800-945-0258 Text Telephone Service


If you are traveling outside of the United States and need to contact us for other options, please use the international collect telephone number on the back of your Citibank Banking Card. Citibank will pay for the call.

The security and protection of our customers is our most important priority. We sincerely apologize for any inconvenience that the protective steps we have taken may cause you, and appreciate your attention to this important matter.

Sincerely,

XXXXXXXXXXXXXXXXXXX
Executive Vice President
Director, Citibank Client Services

rminky

I too have had 3 cards "hijacked "and it didnt cost me a dime. One was lost, One the card co. reported to us, and one we found being used in Europe(Finland)

biggestbopper

I am amazed at the number of FTers in this thread who believe that they are not on the hook for defective credit card security. Yeah, that's sort of what the law says, but the reality ...

Over the years I have dealt with many, many cases where the bank or merchant screwed up or was just plain crooked--and held or tried to hold the card user responsible. Otherwise, the bank or merchant has to eat the charge and they don't want to do it.

As a cursory reading of the newspaper these days indicates, anyone who relies on a bank to do the right thing is likely to be disapointed.

kair528

I still have not received my replacement cards. It's been almost a month since I saw the message on the citicards.com. Is there a huge backlog or should I worry about card went missing in the mail system.

cpx

Call them! Once I didn't receive my new cards.. and it turned out they
had shipped them to a wrong address... in some remote part of the country.
Yes.. this was Citibank.