May 26, 2014 at 12:00 AM by Dr. Drang
Friday morning I got a text and an email from the bank that issues my credit card. The fraud protection division had denied a suspicious transaction a few minutes earlier and wanted to know if it was actually an authorized purchase. I didn’t like that both the text and the email asked me to reply to them—that sounded too much like phishing, although neither message asked for the credit card number or any other personal information. I called the number on the back of my card and learned that the alert was legitimate: someone had tried to use the number at a Kmart in Chicago.1 The card was cancelled and new ones for my wife and me were issued. Because of the holiday weekend, they wouldn’t arrive until Tuesday.
Great. This particular credit card was only a few months old, issued in early February as a precautionary measure after the Target security breach. Looking on the bright side, at least I still have the list of merchants that’ll need to be updated with the new number.
I called my wife right after I finished with the bank and told her what had happened. Luckily, we weren’t going anywhere this weekend and could get by with a combination of cash and debit cards. Also, she hadn’t used her card yet that day, so we wouldn’t have to worry about charges somehow being denied after the fact.
Or so I thought until this evening, when I tried to install the latest system update from Apple. You know how Apple usually doesn’t charge your credit card until a day or two after you buy something from the iTunes or App Store? I bought Castro from the App Store on Thursday, but Apple didn’t try to collect until after the credit card had been cancelled, at which time they were refused. So Apple wouldn’t let me update until the charge for Castro was taken care of.
I have another credit card that I try to keep uncontaminated by online transactions. I didn’t want to associate it with my iTunes account, but I also didn’t want to be in arrears to Apple, so I entered it into my account and erased my debt. I’ll change my iTunes account to the new card when it arrives.
While I’m happy to see my bank make a quick and correct decision on a fraudulent charge, I’m a little creeped out at how quick and correct it was. Yes, it’s true that shopping at a Kmart in Chicago wouldn’t match my normal purchasing pattern, but neither would buying lunch at a Culver’s in Clinton, Iowa, which is what I’d done just the day before with no red flags raised. I’d prefer not to know how well they know me.
With, presumably, a fake credit card. I had always assumed stolen credit card numbers were used for phone or online purchases, not in places where you had to hand over an actual piece of plastic. But I also thought Kmart was out of business, so what do I know? ↩