Why did I receive a debit card that I didn’t request?
Banks and disclosing compromised information, do they have to tell you?
We would like to take for granted that our banks are our allies in defense against credit card fraud, but the relationship seems to be far more complex. They are, after all, always courting us, putting on their best face, and this is not always to our benefit.
A few weeks ago, I received a replacement debit card in the mail from my financial institution. I thought little of it, assuming that my current card must be expiring soon, but when I pulled out my current card to cut it up, the expiration date was in 2013. The only reason I could think of for receiving a replacement card so early was that someone may have contacted the company to request one on my account and failed in their attempt to have it sent to their address or intercept it in the mail. After further comparing the two cards, I noticed that the actual card numbers were also different.
Instead of robotically activating the new card, I immediately called to ask why a replacement had been issued. Without missing a beat, the representative informed me that it was because my current card would be expiring soon. When I pointed out that the expiration date was more than two years away, the rep stammered, agreed that it did seem early for a routine replacement, and said that he wasn’t sure why the card had been issued. I confirmed with him that no request had been received and then, not ready to delve into the hassle of changing my stored information on all of the web sites and automatic payment plans I use, asked him to cancel the new card.
When I complained about this to a friend a few days later, she said that the same thing had happened to her and that it may mean my debit card number was within a batch of compromised information. Apparently, depending on the laws in your state, your bank may not be legally required to disclose that a compromise occurred, let alone how or where.
I understand why a financial institution would want to keep this information confidential. Being open about it may significantly worry some and make others feel as if the banks are lax. I certainly would not be thrilled to learn that an incident had occurred; however, informing me of the breach would have helped me to protect myself by accepting the new debit card. Knowing that my information was possibly in the hands of a ne’er-do-well would have made me more willing to take on the inconvenience of updating all of my automatic payment plans.
Armed with my new knowledge, I called back to request a new card from my bank, but I can’t help but furrow my brow over the lack of transparency regarding security breaches. It seems that what we don’t know can hurt us.