Maybe I was tempting fate when I listed the virtual account number on my post about one time use credit card numbers or perhaps my credit card was caught up in the Global Payments breach (which prompted that post) but my Citi mtvU Card, which is slated to be replaced anyway, was compromised this week. I received a text message from Citi about a $10 charge late Tuesday night from nimbuzz.com, a mobile company. If I authorized the charge, I was to text back 1. If I didn’t, text back 2.
I texted back 2 and within seconds (it really was within seconds, I was kind of amazed) I got a phone call. Now, I’m not one to be suckered into a phishing scam but the representative identified themselves as being part of the fraud department, tried to confirm other transactions, and ultimately reissued a card with next day shipping (for free, waiving their usual $15 charge). Normally, I will call the credit card company but in this case they didn’t ask for any identifying information, so I figured I’d save myself some time.
Who knows if this is part of the Global Payments breach, but it seem unlikely since “only” 1.5 million numbers were stolen, but ultimately you can’t really do much. Liability for unauthorized purchases is capped at $50 by federal law and most credit card companies offer zero liability, so no sense losing sleep over it.