I really like the way Simple handled this situation. Their notification to me was actually the first I heard about this happening. They even suggested leveraging the feature to temporary block the card as an added security measure.<p>An excerpt from their message:<p><i>Due to a recent data security breach at a large national chain, we’re sending you a new Simple card. No worries: your current card will continue to work as normal until you receive and activate the new card in about 5-7 business days. And of course, there’s no fee to replace this card.</i><p><i>We have no evidence to suggest that your specific card was compromised. We are taking this step as a precaution, since you shopped at the store in question during the time of the compromise.</i>
Not sure if it's related, but today, at 12:45PM (on a Sunday), I went to the local Chase branch (in San Jose) to withdraw some cash from the ATM. The branch was open and staffed, with tellers assisting those customers who needed to withdraw more than $100. I thought that was pretty cool.
Why not just issue new cards?<p>I recently received a new debit card from my bank... Claiming they had 'detected a problem with my magnetic strip', which seemed spurious as I had never detected any problem with using the card. When this happened before, my old card continued to be okay until I activated the unsolicited replacement. This time, I was denied use of the card at two stores before I called my bank, who told me the card had been suspended - by the 'anti-fraud unit'. They didn't wait for me to confirm I received the new one by activating it.<p>I had indeed used that card at Target in the past three months.
I originally was going to sign up for a debit red card, but they wanted a voided cheque for my account. I don't even have any cheques for my checking account so thankfully I opted for the credit option and got a decent limit.<p>Going forward, I doubt I will ever decide to link my actual bank account to any retailer cards in the future. It's safer, in my opinion, to just use credit for everything since if that card is compromised it's the bank's money that is being taken and not the actual money directly from my bank account. Which results in less consumer inconvenience at least for me.
I still don't get how they had the mag stripe, the PCI compliance [1] documentation is pretty clear about that:<p><i>Sensitive data on the magnetic stripe or chip must never be stored. Only the PAN, expiration date, service code, or cardholder name may be stored, and merchants must use technical precautions for safe storage (see back of this fact sheet for a summary)</i><p>[1] <a href="https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf" rel="nofollow">https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storag...</a>
We cant prevent credit card credentials theft. what we can do is, opt for 2 factor authentication, one of my credit card companies does that. It's a little pain but it worths it.