High number of cards compromised
 

Last week both myself and a coworker had our cards cancelled by citibank and are being re-issued new cards.

None of mine or her other cards are having any issues.

Citibank told me it was a merchant that had information compromised but they are still investigating and they can't release information until the investigation is over, but it seems strange that they had me change my password if it was a merchant that lost information...

I'm frustrated because it's taking so long for the replacement cards to get and I can't earn miles right now, I missed an autopay I used that credit card for... ugh. (I can't even make an online payment on the card. How stupid is that?)

This has happened to me twice with Citi--once on a personal AA card and recently on a business card.

I didn't find any bogus charges, but that's a little disconcerting. In my case, though, I received new cards with activation instructions before the old accounts were canceled.

Happened to me about 4 months ago. Some hotel reservation confirmations had to be reconfirmed when the new card arrived.

I've not faced this account compromised situation, but every time I've time I've needed to replace a card (lost, damaged, whatever), Citi has sent it to me via Fedex. I would never be willing to wait into the following week to get my replacement card.

this just happened to me on my aa business card. the other two cards on this account however were fine.

AA World Platinum MC Compromised
 

Yes, I too received a call from Citibank telling me that my credit card was compromised and would be cancelled. Second time for this card in the last 18months. When I pushed for more information regarding the alleged compromise, especially as it related to personal information, I was told there was nothing more they could tell me. I don't feel confident that there isn't more to than they are letting on....

Citi is terrible about these security blocks/cancellations! The worst is when it happens when you are traveling overseas and won't be in any one place long enough to receive a temporary replacement card.

And when it happens, they won't talk with you about it because "it's an ongoing investigation." :rolleyes:

This happened to me once with Citibank before as well.

This situation is more likely related to the Heartland hacking incident that was recently reported. Something like 100 million cards at any of thousands of merchants. We had several (non-Citi) corporate cards canceled last week during a company meeting. My bank also sent me an email to tell me a new debit card is on the way.

As far as I know most companies are sending the new cards before canceling the old ones as there are just too many to cancel (take the financial system to a halt!).

This happened to me at least once, and it's a real big pain, since I use my Citicard to automatically pay for almost everything.

Another time they took it upon themselves to upgrade my card, but it took forever to get the card. In the meanwhile, I was trying to get a pre-authorization removed from my card but the merchant wouldn't remove it without my new expiration date.

A couple of weeks ago there was a story about a credit card payment clearing house (Heartland Payment Systems) that got breached. Big numbers of cards got potentially compromised. I bet that is the source of all this. I don't think AA per se was the issue as my two cards have not been replaced and are just fine. Rather it is probably where you used those cards and whether Heartland cleared the transaction.

http://www.2008breach.com/

I had the same thing happen too with my Citi Business MC in November. They simply cut off the card and sent me a new one.

I think you are exactly right. I got a call this morning, and the CSA mentioned that as the reason for needing to replace my card. She asked me to verify several non-swipe transactions, which I did all of them. They cancelled my card anyway, but are fedexing me a new one tomorrow.

Happened to mrs. brp in the same timeframe. New card just shows up. I have a Citi bronze, but I rarely use it, prefering my Starwood Amex. So, mine probably wasn't in the breach bunch.

Cheers.

I now know in the future I need to ask them to Fed Ex it to me...

BofA also had to reissue a large number of its cards. I received my new card last Friday. I experienced no interruption in card acceptance. Several autopays were processed after the new card was issued.

I had a bogus charge on my Citi Aadvantage World Mastercard out of OKC last summer, I believe it was.

My CitiAA VISA card was canceled with both telephone and email notification. I told them I had autopay and some recent unposted transactions. Citi said if there was a question about the validity, they would call to confirm. I was not called and all transactions were posted and/or transferred to the new card number billing, even a subsequent autopay.

I think Citi handled it well. The slight inconvenience I had was to look over the recent billings and determine the autopays and go online to change them. I'm sure I will find the old number stored with some merchants. But the good thing is that the EXP date on the card was 05/09; so any I miss will have to be updated in any case.

I was on the road using the card when notified; so it reinforces my rule to always have [at least] two cards with me. And since I have had two[sic] much experience, after the first loss of both, I make sure all my cards are not together.

Like brp mine is the SPG AmEx card (as good or better for AA miles); and I add a third CapOne card for use with foreign currency to avoid the bank surcharges.

This happened to me as well but I received new cards before being notified. We were out of the country and had notified Citi with the dates we were going to be gone and never had a problem with the card in Europe. When we returned we had a voice mail on our home phone to call the Citi security department and our new cards were waiting at the post office.

I had my Citi mastercard replaced in Nov same reason, a mechants systems was compromised and they were issuing new cards as a preventative measure. Major hassle for me changing everything, especially during a time I was travelling.

My biggest complaint, Citi would not tell me which merchant it was so I could quit giving them business. Thought about cancelling the card but didn't try playing that hand. I think they should be obliged to communicate toi us who can't protect their card data.

My Citi AA Visa was similarly compromised last month. But the new card arrived in the mail, and I had about a 3 week period to call to cancel the old and activate the new. too was frustrated that they blamed a merchant database breach, but would not divulge the merchant.

There's a thread about this in the "other credit card" forum.

In late August, both of my Citi issued AA-Visa and Citi issued AA-Amex were replaced with the three week-overlap. In the letter that accompanied the cards they plamed it on a security breach

That was probably the TJ Max breach (TJ Max, Marshalls). I got a new card on that one as Mrs. inlanikai is a frequent customer of Marshalls.

Understood, but the issue really doesn't have anything to do with AA or Citi. It would more accurately be titled "Credit Cards Comprimised"

For those of us with Citi/AA cards, this is a pretty scary header that is inaccurate.

At the time I chose/posted the title I knew of only myself and a co-worker that both had our advantage cards compromised. Our family has 10 other credit cards that are fine and the coworker is the only other person in my workgroup that has an aadvantage credit card. Hence I was attempting to ascertain if it was specific to aadvatage cards, which is why I ended the title with a ? mark instead of !!!!!!!!

It could be the merchant who provides the processing services of the transactions.

It is not necessarily a merchant you do business with.

Exactly. We have 4 AA cards in our household. None has any issue.

I understand people get nervous when they hear about security breach. And for those who have the habits of storing their cards online for all sorts of autopay or online purchases, a new card number means major pain.

However, in all reality, any autopays will automatically be transferred to the new card number as long as such are pre-authorized. Actually, even fraudulent charge, if it is coded as pre-authorized, recurrent charge, will find its way to the new replacement card even after the old card was closed due to said fraudulent charge! It sounds ridiculous, but that has been exactly what I am told by Chase.

I learn this from a REAL breach on a Chase card - the card was only used twice before a fraudulent charge showed up - since the first usage was to pay AT&T online, and the second usage was in a restaurant - I have to conclude the card info was stolen by the waiter and subsequently sold to criminals. The fraudulent charge came from California, in the form of a health club monthly due. I was lucky to catch it right when it was posted. Chase replaced the breached card with a new one. The next month SAME fraudulent charge showed up AGAIN on the new card. After talking to Chase security dept, I was told, as long as the charge was pre-authorized, and coded as recurrent charge, there is NOTHING Chase can do to prevent it to go to the new card!!! The only way to stop it, is for me to call the merchant to inform it there is a fraudulent usage from its customer on my card! I could not believe what I heard... Once Chase removed the 2nd fraudulent charge I closed the new card for good, and kept the card online for subsequent monitoring. No more fraudulent charge showed up in the next 6 months and I finally deleted it from online.

FWIW, my neighbor's AMEX was also breached. They are seniors, dont do online banking. They found out their card was breached when they received their monthly statement. Close to $20K merchandises were charged on their card. Even after they got their replacement card after reporting to AMEX, they still saw another few thousands fraudulent charges on the following statement, and received the similar answer from AMEX.

I got ticked at them as it was the 3rd time for me. I suggested I'd like to cancel and the gave me a $50 credit to offset my yearly fee.

i just checked in at sfo for a cx flight to hkg that i bought with my citi mastercard that had been canceled. i bought the ticket 2 months ago and it cost over $5000. for the first time ever, they asked to see my card. when i told them it had been canceled and reissued with a different number they said
they would need to recharge me on another card and refund the original amount. the supervisor who i asked for initially said the same thing. since i have bought dozens of tickets from cx directly in the past the same way, i was a bit indignant with them. basically i said that asking me to give them another $5000 today so that they could refund the $5000 they have already had for two months in three months was a bunch of crap. i then started calling citi on my cell and just as i was explaining the situation to the woman on the phone the agent told me it was ok. interestingly enough i asked the woman from citi if this was a common problem and she said these types of things were usually seamless.

My wife received a replacement Etrade Visa Debit card a couple of days ago.

My debit card, same account, wasn't replaced. I was told it was related to the company that processed transacations from where she shopped.

It may not have been the restaurant. I had a fraudulent charge for $1200 appear on a Chase card that had never been used even once. I had had the card for a month or two when one day I received an automated call from the Chase fraud department asking about the charge. When I talked to the Chase rep I told her that the card had never once been used and that it was not even registered for online account viewing (in other words, the card number had never ever been on the internet in any way). It was clear to me that this was either an "inside job" or the Chase system itself had been hacked. The importance of what I said was completely lost on the Chase rep and she had no interest in pursuing the matter any further.

I didn't get a call or anything but did receive in the mail yesterday a new Citigold debit card. Included was a letter talking about how a merchant might have compromised a number of credit cards just like the OP's posting. Interesting since I never use my Citigold debit for any transaction other than as an ATM card (and so far only at Citibank bank locations)