Using A Security Breach As An Upsell Opportunity?

from the shameful dept

Danny Sullivan has a blog post blasting Citibank for how it handled a security breach, requiring him to get a new credit card. Apparently a vendor where Sullivan had used the card had a breach, meaning Citibank sent him a new card. But did they tell him which vendor it was so that Sullivan could avoid doing business with them in the future? Of course not. But much more insulting is that when he went to activate the new card, Citibank tried to upsell him on a credit check offering. As Sullivan notes, shouldn't Citibank be offering that to him for free? It's probably cheaper than having to send out thousands of new cards every time a vendor screws up. Of course, when Sullivan points that out to the person on the phone, the person at the other end says "we're just the activation department, you'd have to talk to customer service for that." Of course, if they're just the activation department, why are they doing sales as well? I'm sure the big banks will claim that these sorts of sales processes work in that enough people are suckered into these high margin upsell offerings, but wouldn't it be nice to have a bank that actually treated customers well?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: security breach, upsell
Companies: citibank


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    pjhenry1216 (profile), 19 Oct 2009 @ 6:37am

    at least they didn't give him a problem with getting a new card

    my credit card was charged a few bogus charges from paypal. paypal actually contacted me and asked me about the charges because it was suspicious to them. they canceled the charges and recommended i get a new card. capitalone actually tried to convince me not to get a new card and said somebody probably accidentally typed in the wrong credit card number. after enough insisting, they finally issued me a new card, but seriously, i never would have expected that.

    until identity theft is deemed as just another way to steal from a bank or moneylending institution, they won't offer free credit watches and what not. when the problem falls squarely on their shoulders and they have to deal with the fallout instead of the customer, then they'll start being proactive about it.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 19 Oct 2009 @ 7:42am

    If you buy into an Identity Theft service, it authorizes them to not only pull credit reports, but also share transactional history between credit card companies which in turn help them "score" transactions in real-time.

    Problem with this though, is they can then communicate this information to other credit card companies which can "score" your spending patterns as well.

    Remember, it's not YOU that gets a 3% skim off of every credit card purchase, it's the credit card company, and when you're talking about what could conceivably be 90% of the US GDP, it isn't exactly chump change. Yet they somehow believe that their business risk should be mitigated to you, the customer via giving up privacy, and selling your information for ads and mailers.

    link to this | view in thread ]

  3. identicon
    Charles, 19 Oct 2009 @ 7:56am

    Reminds me of a quote

    "Those that give up privacy for safety deserve neither"
    Ben Franklin

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 19 Oct 2009 @ 8:08am

    "Of course, when Sullivan points that out to the person on the phone, the person at the other end says "we're just the activation department, you'd have to talk to customer service for that.""

    and if you talk to customer service they will say, "were just customer service, you'd have to talk to the activation department for that."

    link to this | view in thread ]

  5. identicon
    John Doe, 19 Oct 2009 @ 8:18am

    Re: at least they didn't give him a problem with getting a new card

    The last digit of the credit card number is a check digit. It would be very hard to mistype a credit card number and still get a proper check digit. Capital One was just attempting to be cheap. Though I would imagine further use of the compromised card would have eventually cost them more than replacing it.

    link to this | view in thread ]

  6. identicon
    vastrightwing, 19 Oct 2009 @ 8:29am

    Banks are not banks anymore

    The banks have turned the tables on consumers by reframing their lack of concern as "identity theft". This makes fraud our problem and not the bank’s problem. It should be the bank’s problem since the whole reason we use banks is to keep our money safe, not to keep paying fees and allowing banks to give our financial information away while they make money on that and we, of course, pay for the privilege.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 19 Oct 2009 @ 8:31am

    Re: Reminds me of a quote

    Except the quote is actually

    "Any society that would give up a little liberty to gain a little security will deserve neither and lose both."

    Which is very fitting in today's environment.

    link to this | view in thread ]

  8. identicon
    Ilfar, 19 Oct 2009 @ 8:43am

    Running out of Banks

    I change banks whenever a bank does something that really pisses me off. There are only so many banks here, and I've got one left after my current one.

    Banks just don't care, in two cases things that have annoyed me haven't even registered as a problem on the bank's end - When an ENTIRE EFTPOS network is down for nine hours on a Saturday night/Sunday morning, I expect staff at the local branch to at least be aware of it by the following Tuesday...

    link to this | view in thread ]

  9. identicon
    Stuart, 19 Oct 2009 @ 8:45am

    Re: Re: Reminds me of a quote

    Umm actually.

    it's

    They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

    Ben Franklin.

    link to this | view in thread ]

  10. identicon
    SpacePirate, 19 Oct 2009 @ 9:00am

    Sigg Cares

    So I'll related this both to plug Sigg for being pretty cool and note how better an enormous company like Citi could be.

    A little while back I bought a fancy new cap for a Sigg water bottle (http://mysigg.com/) through their website. Months pass, I'm happy with my cap and have completely forgotten I even had gone to the site to get it. Out of the blue I get a completely new water bottle (with cap) in the mail along with a letter explaining their e-commerce provider (Network Solutions) had been breached.

    They say in the letter transunion should have contacted me (I'm not sure they have). Regardless though, kudo's for 1) notifying me and telling me who done wrong and 2) throwing in a free water bottle to keep my hydrated while my credit is abused by those trickster russian hackers and 3) not trying to sell me anything in the process.

    link to this | view in thread ]

  11. icon
    Paul Stout (profile), 19 Oct 2009 @ 9:01am

    A Solution to Credit Card Problems that Works...

    It's an easy solution actually, but probably not for everyone.

    Back in the 70's I cut up my two credit cards after both card companies pissed me off with obvious "rip'em and gouge'em" penalty fee schemes designed to extract even more money over and above the regular monthly payment (which I generally triple paid). I think the biggest balance I ever had on the two cards combined was somewhere around $400. I don't think I was too popular with either company because I didn't charge enough on either card to suit them. The only concession I make towards cards now is using a Debit Only card so I don't have to carry cash.

    I haven't had a card since then, and have never missed them, mostly because I've pretty much run my life on the principle that if I haven't got the money I don't have any need to buy it. Take half the money you'd spend using a card and put it into a retirement fund instead, it's amazing how fat it can get when you do that.

    Life is much nicer when you're never in debt.

    It's a solution that many people obviously don't believe in.

    link to this | view in thread ]

  12. icon
    pjhenry1216 (profile), 19 Oct 2009 @ 10:20am

    Re: A Solution to Credit Card Problems that Works...

    It's not that they don't believe in it, its just a matter that some people can't afford it. Some people will always live in debt because they don't get paid enough (or, less sympathy for those who just can't spend wisely). It happens.

    link to this | view in thread ]

  13. identicon
    wnyght, 19 Oct 2009 @ 10:25am

    Re: A Solution to Credit Card Problems that Works...

    but that isn't the american dream. lol
    Believe it or not, ppl follow what the government shows them. Our government has racked up an impossible debt, so that is what the people do, charge their life away. It's so sad. Btw, i agree with you. I made some bad credit mistakes in my early 20's, something i am still tring to recover from almost 10 years later. I have since ditched the credit lines, and live by the same principle, "If i don't have the money for, i will find a way to do without"

    Of course, there is one good way to use credit cards. If one can be responsible enough (going way out on a limb, i know) to only charge on the card what they have in the bank, and then pay the full balance of the card every month, but then why not just get a debit card.

    link to this | view in thread ]

  14. icon
    chris (profile), 19 Oct 2009 @ 1:06pm

    Re: at least they didn't give him a problem with getting a new card

    until identity theft is deemed as just another way to steal from a bank or moneylending institution, they won't offer free credit watches and what not. when the problem falls squarely on their shoulders and they have to deal with the fallout instead of the customer, then they'll start being proactive about it

    the banks never see any fallout from credit card fraud. that's why banks don't care.

    fraudulent purchases fall on the vendor, not the credit card company.

    link to this | view in thread ]

  15. icon
    Griff (profile), 19 Oct 2009 @ 2:04pm

    Topical rant

    I just had my credit card breached (details apparently appropriated by some website though not sure which as I tend to use only reputable online vendors). New card arrived, activated it online.

    Today I went to supermarket, got right through checkout and new card failed. It was all I was actually carrying. A bit embarrassing. They agreed to hold my groceries for 45 mins (in cold storage, helpfully).

    I was due elsewhere and while there I called credit card co. Apparently activation had NOT worked. So they did it there and then. "Your card is now ready to use, sir".

    Back to supermarket. Got my groceries from storage. payment refused again. Called credit card co. They said it was now definitely not them,perhaps supermarket had some sort of block. Supermarket said "oh, yeah, we probably do, need to reset that". So they tried that a few times. Still nothing. Ran to a nearby ATM, tried to get cash (yes, on a credit card, I know, but I REALLY wanted groceries). That didn't work either. Well THAT can't be the supermarket's fault.

    Said sorry and headed home without groceries.

    Called card company again.
    Apparently there is a fault on my card (deep in one of their IT systems) meaning it won't work right with some retailers (but they can't tell me which retailers), and it might take up to 24 (or maybe 48) hrs to resolve and "didn't the last guy you spoke to tell you this already" !? WTF !!

    This level of IT incompetence makes me wonder if the "fraudulent transactions" that let to my card being cancelled at the beginning of this story were actually a crossed wire deep in the bowels of their IT system.

    Because one of the retailers who was fleeced told me that the fraudster got through "3d security" including "Verified by Visa". How exactly a bogus website could capture my "Verified by Visa" details (other than by spoofing the Verified by Visa screen itself ?) I don't know.

    I'm not sure I believe any of what they tell me any more.

    link to this | view in thread ]

  16. identicon
    Dave Miller, 19 Oct 2009 @ 5:01pm

    Re: Re: A Solution to Credit Card Problems that Works...

    "but then why not just get a debit card."

    Because in a security breach, like others here describe, if you use a debit card the criminal has immediate access to all the cash in your checking account.

    I use a credit card exactly as you describe, precisely because there is a 30-day buffer between criminal activity and my money.

    link to this | view in thread ]

  17. icon
    Paul Stout (profile), 20 Oct 2009 @ 6:23am

    Re: Re: Re: A Solution to Credit Card Problems that Works...

    If someone is financially challenged due to low pay etc., then the absolute last thing they need, or should want, is a credit card. The high interest rates, which will be very high because they're likely to have a low credit rating, will eat them alive and make a bad situation even worse. It comes under the heading of 'false savings'.

    Unfortunately, people in either of the situations you mention are also the same people who the credit card companies aggressively court, knowing they're quite likely to over-charge a credit card. Good Lord, my own son started receiving credit card solicitations the day he turned 18, and this was a kid still in school with basically no disposable income at all.

    Over my 21 years in the USCG I was constantly counseling kids to save money and avoid expensive contracts on a young mans fancy, usually way too expensive upscale cars, motorcycles, or stereo systems. I was lucky if 1 in 10 paid attention and bought what they could afford, and do without if they couldn't. Most were in constant debt because they were more interested in buying 'right now' instead of budgeting towards a future purchase with cash in hand. Instant gratification instead of common sense!

    I guess for most folks, especially young ones, it's hard to think about that 'down the road' age of 65 (67 these days I guess). It does require some will power.

    I was lucky as a kid in that one of my Dad's constant mantras was financial responsibility, and putting away each month to prepare for retirement. Fortunately for me, I was smart enough to follow his advice.

    link to this | view in thread ]

  18. identicon
    Gene Cavanaugh, 20 Oct 2009 @ 9:19am

    Citibank processes for stolen ID

    Great blog, except for one thing:
    "But did they tell him which vendor it was so that Sullivan could avoid doing business with them in the future?"
    You're kidding, right? There was a breach - you want Citibank to be judge, jury, prosecutor and defense attorney in deciding who (if anyone) was responsible?
    And based on that, they impact or destroy a business?
    Maybe in Nazi Germany.

    link to this | view in thread ]

  19. identicon
    Adam, 20 Oct 2009 @ 9:31am

    Banks dont care about customers

    While on vacation two weeks ago, I found a wallet containing cash, social security card, drivers license, and a credit card. Due to the substantial amount of cash in the wallet, I did not turn it over to anyone, especially the police. I called the number on the credit card and let them know what I found. I politely asked them to contact the owner and give her my phone number. They promptly cancelled the card and would not contact her regarding the matter. They covered their asses by cancelling the card, but did not do a damn thing to help their customer. I did get the wallet back to her, by shipping it to her, but she could have had it much sooner if the credit card company cared about its customers.

    Thanks Chase!

    link to this | view in thread ]

  20. identicon
    PegLeg, 20 Oct 2009 @ 11:30am

    Re: A Solution to Credit Card Problems that Works...

    If Paul Stout thinks he can get away with just using a Debit Card, he obviously doesn't rent cars or stay at hotels. Using a debit card with either of these types of "services" can screw up the account associated with that card for weeks, sometimes months, while you try to get it straightened out.

    link to this | view in thread ]

  21. identicon
    CoolMoJ, 27 Oct 2009 @ 12:24pm

    Re: A Solution to Credit Card Problems that Works...

    There are a lot of us who believe that is we can't pay cash, we can't afford it. I just live it with Citibank's money for 30 days and then pay the balance. If you do a bit of traveling it is not always convenient or, sad to say, safe to carry all the cash you need.

    Also sad to say that I was trolling these forums to see if I could find out who is responsible for the latest breach as Citi just replaced my card again for a suspected breach. The second time in two years.

    I can't get mad at Citi. THey are doing the right thing. The peoblems are usually the clearing houses like Heartland, and sometimes the merchants. If Citi themselves ever had a breach, they would have bigger problems than replacing credit cards.

    link to this | view in thread ]

  22. identicon
    Bubba, 8 Nov 2009 @ 8:05am

    I'm also trolling this as Citi tells me today that there's been a breach somewhere and I have to spend hours changing the card number on all the utilities and so on that automatically charge to my old card. This is the 3rd time in the last 3 years (TJMaxx was the culprit last time, but I was initially told "I don't know" until I insisted. They were lying about not knowing) I think this is the end for me and Citi.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.