Target Data or Costco Data Hacked? At least Call American Express to Disable Credit Card

Around mid-night time yesterday, I prepared to go to bed after a day of work and wanted to do a quick check on our joint email account.  This email kept me up for another 30 minutes.

It is an email about a purchase made with Isa's American Express Costco credit card.

Merchant Name is: "BD Vodafone MPESA - PG"
Transaction Location: Mumbai

I thought maybe Isa made an offering online to a charity in India.  She is still in China as of today.  The purchase amount is about USD $42, which is too low to trigger our pre-set $50 spending alert.  Googling revealed that MPESA is a popular mobile payment platform in India.  Then I found her Costco credit card was still in her home purse behind my table.  In other words, there is no way she could have used the Costco credit card to make a purchase online or in-person these days, because she does not have the Costco card or know the credit card number.

I called American Express: 1-888-246-1076.  For security reason, American Express would not reveal any information of her account to a non-card holder.  (I appreciate that level of security).  However, they did allow me to request temporarily disabling the credit card and wait for Isa to call back about what to do.  Sounds great.  I made that request, even as the American Express customer care kept repeating the assurance that Isa will not be liable for damages, as I called early to alert AMEX.


I wonder if her Costco card number is one of those numbers stolen from Costco data hacked early this year, or the recent Target data hacked.  The 4-digit number of an American Express card or the 3-digit number of Visa/MasterCard is also required for online credit card transaction, but not in-person credit card transaction.  Following this thought, her AMEX Costco card is already duplicated.

I strongly recommend to setup online account alerts for all of your credit cards. (See my post about how to setup Chase/American Express fraud alerts.)  For credit cards that you no longer use, but keep to maintain good FICO score, set email/text messaging alert for spending over the minimum allowable amount, for example $1.  You should not receive any email alerts from these non-active credit card accounts.  I selected email alert, because I check email often enough.  For active credit cards, I also set mine to $1.  On an average daily basis, I at most use credit card once a day.  That translates to one false alert daily.  I am ok with this addition.

No comments:

Post a Comment