bonomi@host122.r-bonomi.com (Robert Bonomi) wrote about Re:
Cardholders Kept in Dark After Breach -- Washington Post on
Fri, 24 Jun 2005 11:02:59 -0000
> In article <telecom24.287.1@telecom-digest.org>, Marcus Didius Falco
> <falco_marcus_didius@yahoo.co.uk> wrote:
>> I had been planning to call my active credit card companies to
>> determine whether any had been compromised. This article caused me to
>> start the process this morning, calling American Express, my most
>> active account.
>> After thanking me for carrying their card for 21 years, they refused
>> to tell me whether any of my three cards was among those
>> compromised.
> Well, they don't *know* which cards were actually compromised. NOBODY
> _knows_ which card numbers were actually stolen from CardSystems.
> CardSystems only knows which card numbers were _vulnerable_ to have
> being stolen -- data as to which of those _were_ stolen is simply not
> available.
Fair enough. But they can tell me whether my cards are safe or at risk.
>> and there is no way I can reliably double check an account that has
>> dozens of charges a month, many of them posted in the name of parent
>> companies located at head offices in other cities, so that many of
>> the charges are not easily verified and must usually be taken on
>> faith.
> Well, unless, _you_ keep a record of everything you charge -- date and
> amount. And match them against the statements you get. It's not
> really rocket science.
For checks, that's practical. (It helps if you get the original checks
back, something that will end in the US soon).)
Where there are dozens or hundreds of transactions as on really busy
cards, it becomes difficult. Particularly since the name and date of
the payer on the statement may differ from that on the receipt. And,
in the case of international transactions, the amount will differ,
too.
> I used to do it every month, for several corporate cards that had
> several _hundred_ charges/month. Life was _really_ fun when the
> Company President's son (away at college) used daddy's card to sign up
> for Internet access (and the fact that the initial posting was 'late',
> and was for _4_ months services). That one _jumped_ off the statement
> at me -- the company had it's own dial-up pool, and everybody used
> _that_ for home access.
Well, if you have a full time job, and can spend a day or two at it,
then you might succeed. except that you have to spot that a charge for
$5 to $10 from "Strange Parking" isn't the same as the receipt you may
have for a similar amount from "Storage Parking".
> If you choose not to do so, and 'uncritically' accept their
> accounting, that _is_ your choice.
If they want to send my a diskette of my charges. (No, I won't trust
it to the internet for reasons that have been explored very thoroughly
in this Digest in the past.)
>> When I get the new American Express cards I will call the second
>> most active card in my wallet, and so on down the list.
> Note: if you are in the UK, as your email address seems to indicate,
> it is _unlikely_ that any of your cards were exposed via the
> CardSystems 'problem'. Unless you're doing siginficant credit-card
> buying in the U.S., that is. CardSystems clears almost exclusively
> for U.S.-based merchants.
They would have processed charges in the US for foreign cards, and
charges on US-based cards for holders dwelling abroad.
> From: Steve Sobol <sjsobol@JustThe.net>
> Subject: Re: Cardholders Kept in Dark After Breach -- Washington Post
> Date: Fri, 24 Jun 2005 00:12:14 -0700
> Organization: Glorb Internet Services, http://www.glorb.com
> Marcus Didius Falco wrote:
>> After thanking me for carrying their card for 21 years, they refused
>> to tell me whether any of my three cards was among those
>> compromised.
> Amex sucks. Tear the card up and get another to replace it.
Actually, I have less trouble with Amex than with most of my other cards.
>> When I get the new American Express cards I will call the second most
>> active card in my wallet, and so on down the list.
> Why not do all of them at once? If the data is at risk, you're best off
> doing it sooner rather than later.
I could do this, because I have several credit cards that are almost
NEVER used for retail transactions. This is because I travel, and it
can be a real hassle to have a lost or compromised in a foreign
country, particularly if you are on the move and particularly if the
country does not have a good mail system. In many countries FEDEX does
not operate very well. (I can tell stories about a shipment to Canada
that took 2 weeks, and many stories about 4 days to Europe or Canada.)