Some links to products and travel providers on this website will earn Traveling For Miles a commission that helps contribute to the running of the site. Traveling For Miles has partnered with CardRatings for our coverage of credit card products. Traveling For Miles and CardRatings may receive a commission from card issuers. Opinions, reviews, analyses & recommendations are the author’s alone and have not been reviewed, endorsed, or approved by any of these entities. For more details please see the disclosures at the bottom of every page.
Most people are probably very aware that the debit cards and credit cards that we use in our everyday lives are targets for scammers and fraudsters who would like nothing more than to get hold of our details and make off with as much of our cash (or the credit card company’s cash) as possible. But did you know that even a card that you haven’t used for years can be compromised?
Up until ten years ago, I wasn’t very good at keeping an eye on my credit card statements and checking that all was as it should be. As a result, one day as I was paying more attention to one of my monthly statements than usual, I noticed a couple of small transactions on my Starwood Amex Card that I didn’t recognize. That then led me to discover that those weren’t the only transactions that I didn’t recognize and that similar small transactions (all under $10) had been posting to my card every month for the past 7 months.
In total, the fraud came to no more than $150 and, fortunately, Amex reimbursed my account, but the embarrassment that I felt after realizing how careless I had been wasn’t something that I enjoyed.
That moment turned out to be a wake-up call for me and ever since then, I’ve kept detailed records of every transaction that I use my cards for (I have spreadsheets for every card that I hold) and I compare those records to my online credit card statements at least once a week to make sure that I’m not being hit with charges that aren’t mine.
Since then, only once (that I can recall) has a fraudulent transaction actually posted to my account (Chase and Amex have both prevented other fraudulent transactions from posting before I had to intervene) and I caught that transaction (another small one) within hours of it appearing on my online statement. I learned the lesson from a decade ago and I’m now much better at keeping an eye on my cards and the spending that goes on them.
Also, because I practice what I preach and because I know how much better it is to use a credit card rather than a debit card, I almost never use a debit card for any kind of spending. If I can get away with it, I’ll use a credit card for even the smallest transactions and when that’s not an option, I’ll use cash.
I’ve never used my Citi debit card outside of a branch, I haven’t used my Chase debit card since I met the terms of its sign-up offer, and when it comes to my HSBC debit card, I’ve used it just six times in the past five years.
All of that is why I was very surprised at something that I discovered last month.
I had logged on to HSBC online banking to check that a payment has processed correctly when I saw the following transactions on my screen.
Three identical transactions, all made on the same date, all of which, apparently, had something to do with an ATM in Madrid.
I was both surprised and furious at the same time.
I was surprised because of all the cards that I hold, this is one of the last cards that I would expect to get compromised – its details are not stored anywhere online, it almost never gets used, and even if it had been compromised the last time it was used, what kind of scammer waits almost 3 years to chance their luck?
I was furious because I cannot understand how HSBC’s systems didn’t flag these transactions as being potentially fraudulent.
What kind of system looks at three identically-sized small foreign transactions made on the same day by a card that’s been dormant for 32 months and doesn’t flag them as suspicious?
I appreciate that HSBC may not want to freeze my card in case the transactions were genuine (and I was abroad and in need of cash), but wouldn’t a system that’s fit for purpose at least trigger an alert to my phone and email account to check that all was in order?
I called up HSBC and told them exactly what I thought of their systems (in no uncertain terms) and since then, the $51.63 that was stolen has been repaid into my account…but that’s not really the point.
The point, as this article’s headline says, is to remind people that even a card that’s almost never used can be compromised.
A lot of people will probably have “sock drawer” credit cards* that they haven’t used for months (possibly years) and they’re probably under the same illusion as I was that it’s only their active cards that they need to be keeping an eye on.
Well, I’m here to tell you that that’s not the case because if a scammer can somehow get hold of the details of my rarely used debit card, there’s no knowing what other cards they can access.
The moral of the story is this: Make sure that you check the activity on all of your cards and not just the activity on the cards that you’re using – just because you haven’t been using one of your cards doesn’t always mean that no one else has either.
*These are credit cards that rarely see the light of day because they are held for the benefits that they offer rather than their earning power.