Using A Security Breach As An Upsell Opportunity?

from the shameful dept

Danny Sullivan has a blog post blasting Citibank for how it handled a security breach, requiring him to get a new credit card. Apparently a vendor where Sullivan had used the card had a breach, meaning Citibank sent him a new card. But did they tell him which vendor it was so that Sullivan could avoid doing business with them in the future? Of course not. But much more insulting is that when he went to activate the new card, Citibank tried to upsell him on a credit check offering. As Sullivan notes, shouldn’t Citibank be offering that to him for free? It’s probably cheaper than having to send out thousands of new cards every time a vendor screws up. Of course, when Sullivan points that out to the person on the phone, the person at the other end says “we’re just the activation department, you’d have to talk to customer service for that.” Of course, if they’re just the activation department, why are they doing sales as well? I’m sure the big banks will claim that these sorts of sales processes work in that enough people are suckered into these high margin upsell offerings, but wouldn’t it be nice to have a bank that actually treated customers well?

Filed Under: ,
Companies: citibank

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Using A Security Breach As An Upsell Opportunity?”

Subscribe: RSS Leave a comment

at least they didn't give him a problem with getting a new card

my credit card was charged a few bogus charges from paypal. paypal actually contacted me and asked me about the charges because it was suspicious to them. they canceled the charges and recommended i get a new card. capitalone actually tried to convince me not to get a new card and said somebody probably accidentally typed in the wrong credit card number. after enough insisting, they finally issued me a new card, but seriously, i never would have expected that.

until identity theft is deemed as just another way to steal from a bank or moneylending institution, they won’t offer free credit watches and what not. when the problem falls squarely on their shoulders and they have to deal with the fallout instead of the customer, then they’ll start being proactive about it.

John Doesays:

Re: at least they didn't give him a problem with getting a new card

The last digit of the credit card number is a check digit. It would be very hard to mistype a credit card number and still get a proper check digit. Capital One was just attempting to be cheap. Though I would imagine further use of the compromised card would have eventually cost them more than replacing it.


Re: at least they didn't give him a problem with getting a new card

until identity theft is deemed as just another way to steal from a bank or moneylending institution, they won’t offer free credit watches and what not. when the problem falls squarely on their shoulders and they have to deal with the fallout instead of the customer, then they’ll start being proactive about it

the banks never see any fallout from credit card fraud. that’s why banks don’t care.

fraudulent purchases fall on the vendor, not the credit card company.


If you buy into an Identity Theft service, it authorizes them to not only pull credit reports, but also share transactional history between credit card companies which in turn help them “score” transactions in real-time.

Problem with this though, is they can then communicate this information to other credit card companies which can “score” your spending patterns as well.

Remember, it’s not YOU that gets a 3% skim off of every credit card purchase, it’s the credit card company, and when you’re talking about what could conceivably be 90% of the US GDP, it isn’t exactly chump change. Yet they somehow believe that their business risk should be mitigated to you, the customer via giving up privacy, and selling your information for ads and mailers.


“Of course, when Sullivan points that out to the person on the phone, the person at the other end says “we’re just the activation department, you’d have to talk to customer service for that.””

and if you talk to customer service they will say, “were just customer service, you’d have to talk to the activation department for that.”


Banks are not banks anymore

The banks have turned the tables on consumers by reframing their lack of concern as “identity theft”. This makes fraud our problem and not the bank?s problem. It should be the bank?s problem since the whole reason we use banks is to keep our money safe, not to keep paying fees and allowing banks to give our financial information away while they make money on that and we, of course, pay for the privilege.


Running out of Banks

I change banks whenever a bank does something that really pisses me off. There are only so many banks here, and I’ve got one left after my current one.

Banks just don’t care, in two cases things that have annoyed me haven’t even registered as a problem on the bank’s end – When an ENTIRE EFTPOS network is down for nine hours on a Saturday night/Sunday morning, I expect staff at the local branch to at least be aware of it by the following Tuesday…

Sigg Cares

So I’ll related this both to plug Sigg for being pretty cool and note how better an enormous company like Citi could be.

A little while back I bought a fancy new cap for a Sigg water bottle ( through their website. Months pass, I’m happy with my cap and have completely forgotten I even had gone to the site to get it. Out of the blue I get a completely new water bottle (with cap) in the mail along with a letter explaining their e-commerce provider (Network Solutions) had been breached.

They say in the letter transunion should have contacted me (I’m not sure they have). Regardless though, kudo’s for 1) notifying me and telling me who done wrong and 2) throwing in a free water bottle to keep my hydrated while my credit is abused by those trickster russian hackers and 3) not trying to sell me anything in the process.

Paul Stoutsays:

A Solution to Credit Card Problems that Works...

It’s an easy solution actually, but probably not for everyone.

Back in the 70’s I cut up my two credit cards after both card companies pissed me off with obvious “rip’em and gouge’em” penalty fee schemes designed to extract even more money over and above the regular monthly payment (which I generally triple paid). I think the biggest balance I ever had on the two cards combined was somewhere around $400. I don’t think I was too popular with either company because I didn’t charge enough on either card to suit them. The only concession I make towards cards now is using a Debit Only card so I don’t have to carry cash.

I haven’t had a card since then, and have never missed them, mostly because I’ve pretty much run my life on the principle that if I haven’t got the money I don’t have any need to buy it. Take half the money you’d spend using a card and put it into a retirement fund instead, it’s amazing how fat it can get when you do that.

Life is much nicer when you’re never in debt.

It’s a solution that many people obviously don’t believe in.


Re: A Solution to Credit Card Problems that Works...

but that isn’t the american dream. lol
Believe it or not, ppl follow what the government shows them. Our government has racked up an impossible debt, so that is what the people do, charge their life away. It’s so sad. Btw, i agree with you. I made some bad credit mistakes in my early 20’s, something i am still tring to recover from almost 10 years later. I have since ditched the credit lines, and live by the same principle, “If i don’t have the money for, i will find a way to do without”

Of course, there is one good way to use credit cards. If one can be responsible enough (going way out on a limb, i know) to only charge on the card what they have in the bank, and then pay the full balance of the card every month, but then why not just get a debit card.

Dave Millersays:

Re: Re: A Solution to Credit Card Problems that Works...

“but then why not just get a debit card.”
Because in a security breach, like others here describe, if you use a debit card the criminal has immediate access to all the cash in your checking account.

I use a credit card exactly as you describe, precisely because there is a 30-day buffer between criminal activity and my money.

Paul Stoutsays:

Re: Re: Re: A Solution to Credit Card Problems that Works...

If someone is financially challenged due to low pay etc., then the absolute last thing they need, or should want, is a credit card. The high interest rates, which will be very high because they’re likely to have a low credit rating, will eat them alive and make a bad situation even worse. It comes under the heading of ‘false savings’.

Unfortunately, people in either of the situations you mention are also the same people who the credit card companies aggressively court, knowing they’re quite likely to over-charge a credit card. Good Lord, my own son started receiving credit card solicitations the day he turned 18, and this was a kid still in school with basically no disposable income at all.

Over my 21 years in the USCG I was constantly counseling kids to save money and avoid expensive contracts on a young mans fancy, usually way too expensive upscale cars, motorcycles, or stereo systems. I was lucky if 1 in 10 paid attention and bought what they could afford, and do without if they couldn’t. Most were in constant debt because they were more interested in buying ‘right now’ instead of budgeting towards a future purchase with cash in hand. Instant gratification instead of common sense!

I guess for most folks, especially young ones, it’s hard to think about that ‘down the road’ age of 65 (67 these days I guess). It does require some will power.

I was lucky as a kid in that one of my Dad’s constant mantras was financial responsibility, and putting away each month to prepare for retirement. Fortunately for me, I was smart enough to follow his advice.


Re: A Solution to Credit Card Problems that Works...

If Paul Stout thinks he can get away with just using a Debit Card, he obviously doesn’t rent cars or stay at hotels. Using a debit card with either of these types of “services” can screw up the account associated with that card for weeks, sometimes months, while you try to get it straightened out.


Re: A Solution to Credit Card Problems that Works...

There are a lot of us who believe that is we can’t pay cash, we can’t afford it. I just live it with Citibank’s money for 30 days and then pay the balance. If you do a bit of traveling it is not always convenient or, sad to say, safe to carry all the cash you need.

Also sad to say that I was trolling these forums to see if I could find out who is responsible for the latest breach as Citi just replaced my card again for a suspected breach. The second time in two years.

I can’t get mad at Citi. THey are doing the right thing. The peoblems are usually the clearing houses like Heartland, and sometimes the merchants. If Citi themselves ever had a breach, they would have bigger problems than replacing credit cards.


Topical rant

I just had my credit card breached (details apparently appropriated by some website though not sure which as I tend to use only reputable online vendors). New card arrived, activated it online.

Today I went to supermarket, got right through checkout and new card failed. It was all I was actually carrying. A bit embarrassing. They agreed to hold my groceries for 45 mins (in cold storage, helpfully).

I was due elsewhere and while there I called credit card co. Apparently activation had NOT worked. So they did it there and then. “Your card is now ready to use, sir”.

Back to supermarket. Got my groceries from storage. payment refused again. Called credit card co. They said it was now definitely not them,perhaps supermarket had some sort of block. Supermarket said “oh, yeah, we probably do, need to reset that”. So they tried that a few times. Still nothing. Ran to a nearby ATM, tried to get cash (yes, on a credit card, I know, but I REALLY wanted groceries). That didn’t work either. Well THAT can’t be the supermarket’s fault.

Said sorry and headed home without groceries.

Called card company again.
Apparently there is a fault on my card (deep in one of their IT systems) meaning it won’t work right with some retailers (but they can’t tell me which retailers), and it might take up to 24 (or maybe 48) hrs to resolve and “didn’t the last guy you spoke to tell you this already” !? WTF !!

This level of IT incompetence makes me wonder if the “fraudulent transactions” that let to my card being cancelled at the beginning of this story were actually a crossed wire deep in the bowels of their IT system.

Because one of the retailers who was fleeced told me that the fraudster got through “3d security” including “Verified by Visa”. How exactly a bogus website could capture my “Verified by Visa” details (other than by spoofing the Verified by Visa screen itself ?) I don’t know.

I’m not sure I believe any of what they tell me any more.

Citibank processes for stolen ID

Great blog, except for one thing:
“But did they tell him which vendor it was so that Sullivan could avoid doing business with them in the future?”
You’re kidding, right? There was a breach – you want Citibank to be judge, jury, prosecutor and defense attorney in deciding who (if anyone) was responsible?
And based on that, they impact or destroy a business?
Maybe in Nazi Germany.


Banks dont care about customers

While on vacation two weeks ago, I found a wallet containing cash, social security card, drivers license, and a credit card. Due to the substantial amount of cash in the wallet, I did not turn it over to anyone, especially the police. I called the number on the credit card and let them know what I found. I politely asked them to contact the owner and give her my phone number. They promptly cancelled the card and would not contact her regarding the matter. They covered their asses by cancelling the card, but did not do a damn thing to help their customer. I did get the wallet back to her, by shipping it to her, but she could have had it much sooner if the credit card company cared about its customers.

Thanks Chase!


I’m also trolling this as Citi tells me today that there’s been a breach somewhere and I have to spend hours changing the card number on all the utilities and so on that automatically charge to my old card. This is the 3rd time in the last 3 years (TJMaxx was the culprit last time, but I was initially told “I don’t know” until I insisted. They were lying about not knowing) I think this is the end for me and Citi.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it