post

Are You Still Using Your Real Credit Card Online? You Shouldn’t.

So iTunes got hacked and some users saw unauthorized purchases up to $600 in their accounts.

itunes hacked

I’m shocked.  Not at the fact that iTunes got hacked, but that users exposed their credit accounts to such extent.  Websites do get hacked, it’s a fact of life.  Users need to change their passwords, consider what other sites may get compromised, and generally think of getting more secure password management schemes – but it’s all too late.  Why not protect your credit card in the first place?

You don’t ever have to submit  your credit card number online.

No, I’m not saying give up the convenience of online purchases – just don’t use your real credit card number.  I haven’t, for at least a decade.  Instead I’ve always used Citbank’s Virtual Credit Card Numbers.  It allows me to generate an ad-hoc credit card number for a specific vendor, either for one-time use or for a period of time with a dollar limit.

There are many other use cases, not just theft / hacking: think of all those subscriptions you just can’t cancel… they keep on billing, and you can’t just shut down the offending vendor, your only choice is canceling the credit card itself.  A major pain.  With a virtual number you go online and remove the particular vendor’s instance.

I’ve been living in the secure world of virtual credit cards for a long time, and simply took it for granted it’s the norm by now – I’m really shocked to see now how few providers offer it.  All I could find (at least in the US) was Citi, Bank of America, Discover, and there was a half-cooked attempt by PayPal, first called virtual debit card, then secure card, but I believe it is now discontinued.

Shame on the Financial Services industry, throw-away credit cards should be the online standard in 2010.  I’m not advocating any particular service (Citi’s implementation – the software side – is outright shabby, but the safety is worth it) but it might be worth signing up for one of these services just for the sake of safe online purchases.

(Cross-posted @ CloudAve)

post

The Citi Never Sleeps. (Really?)

citi

Dear …,

As the Citibank Branch Manager in Los Altos, I want to thank you for being a customer, and to let you know we are more committed than ever to improve our service for you…

 

Dear…,

Thanks for the "personal" attention.  I’ve also received voicemail messages from your branch. 
Too bad Citi has been unable to discover that I moved to Pleasanton a good 5 years ago – my Citi profile is updated, I personally dropped by the closest brunch in Dublin – what does it take for Citi to change my "home branch"?

Best regards,

post

Now We Know Why The City Never Sleeps

citilog

Now we know why The Citi Never Sleeps: they are busy censoring their customers. If you are a Citibank customer and they dislike your blog, you may just get in trouble.  (Disclosure: I do have a Citi account… so am taking a risk by writing this post.)

That’s just what happened to fabulis, a social network for gay men. Someone at Citi read their blog, decided that “content was not in compliance with Citibank’s standard policies” and froze their business account without advance warning.   Fabulis Founder Jason Goldberg says:

for the life of us we can’t find anything “objectionable” on our blog besides some good humor, some business insights, and some touching coming out stories from some great and fabulis gay people.

fabulis-underwear Some speculate it’s images like that of this underwear with fabulis printed on it.  If you ask me, these are not the most fabulis [sic] briefs, but who cares?

In fact it really doesn’t matter whether the fabulis blog has any “objectionable” material or not.  Since when is it the business of a bank to read and censor their Client’s writing?

I’m pinching myself, thinking it’s a bad dream.  But it’s not.  This happened in the United Sates in 2010.

Something tells me within hours as management wakes up, Citi will be bending over backwards to dig themselves out of this huge PR nighmare – the damage is done, repairs will be costly.

In the meantime, enjoy Fabulis (almost) by Amanda Lear.

(Cross-posted @ CloudAve )

post

The Citi Never Sleeps

https://www.citicards.com/ this morning:

Error 404: No target servlet configured for uri: /cards/wv/home.do

The Citi Never Sleeps. Except when it does. thumbs_down

Update:  Service is back now.  The Citi woke up.

post

Citibank, Get a Clue!

 Email @ 9:20pm yesterday:

Your Citibank statement is now available at http://www.citicards.com. This notification is part of the All-Electronic Program you enrolled in to receive your statements online only instead of in the mail

Email @ 10:07pm yesteday:

Live the clutter-free life by replacing your regular printed statement with an electronic one.
It’s easy to enroll! Simply sign on to citibankonline.com

This from the Citi that “Never Sleeps”smile_eyeroll

Update: While at it… Dear Citi, could you please take the monthly junk-mail (typically inviting me to credit cards I already have from you)  that comes to my house in multiple thick envelopes  and shove it.. no, you won’t, but at least send it electronically, so I can quickly and painlessly route it to the junk folder.  If you do that, you can launch a new marketing campaign… you know, about being Green.smile_wink

post

Blog Tracking Services Compromise Online Bank Security?

I’m not a security expert, but this warning at the Citicards site was quite a shock:

Customers using comment or blog tracking services on their computers run the risk that information submitted here could be displayed on those websites. Please disable your comment and blog tracking service before using Citi Cards Message Center.

Is this a real danger? What do you think?

Update (11/19): Several commenters here and on TechCrunch confirm what I thought myself: the warning likely refers to “tracking” products that offer a browser plug-in. In this case I was using FireFox with the BlogRovr plugin turned on. I know coComment offers a plugin, and whoever else does … well, Citibank considers it a security risk. Hm… food for thought. smile_sarcastic

Update #2: Wow, apparently this has been a well-documented problem for at least half a year, so Citi’s solution is to finally put up a warning message. smile_sad