CONSUMER NEWS    RECALLS    COMPLAINT FORM    SCAM ALERTS  


Complain about a product or service
Small Claims Guide | Class Actions | Lemon Law | FAQ | Resources | Newsletters | Spanish
Automotive    Education    Electronics    Family    Finance    Health    Homeowners    Shopping    Travel   
NEWS   Latest |  Archives |  Auto |  Cells, etc. |  Computers |  Financial |  Health |  Homeowners |  Parents |  Privacy |  Scams |  Seniors |  Travel

Citibank's Cards Mysteriously Shut Down


By Martin H. Bosworth
ConsumerAffairs.com

March 8, 2006

Data Theft
Thieves Steal AT&T Laptop with Employee Data
Report: Data Breach Disclosure Laws Don't Affect Identity Theft
Patient Information Exposed in Data Breach at Walter Reed
Supermarket Chain Reports Data Breach
Report: Feds Still Not Doing Enough To Secure Data
Data Thieves Hit Georgetown University Students, Faculty
800,000 Job Seekers At Risk In Gap Data Breach
TJX Data Breach Settlement Has Strings Attached
More ...

Jacob Appelbaum was traveling through Toronto, Canada, on March 4th, 2006, and innocently stopped to get some cash out of his Citibank account via ATM.

Little did he know that this simple act would open the door to yet another massive security breach surrounding debit cards and ATM networks.

Appelbaum tried repeatedly to withdraw $100 from his account, and was denied, his account marked as "ineligible."

He tried contacting Citibank, and was told that there had been a breach of the ATM network Citibank uses for transactions in Canada, Britain, and Russia. His card would be canceled and reissued, but as he was outside the U.S., that was of little help to him.

"The ATM network in Canada has been compromised and as a result, using my ATM card over the Canadian network locked my account automatically," he related.

"[The bank representative] informed me that this has been an ongoing issue for the last two weeks. When I asked why there was no media attention, she said she wasn't sure. I said it was a pretty big deal and she agreed."

Appelbaum, a network security consultant by trade, wasn't satisfied with the answers he got. He asked if a "class break" was responsible for the ATM compromise.

In security parlance, a "class break" is when one particular breach opens up a network to more breaches, and can attack different security instances in one system. The Citibank representative he spoke to confirmed -- at the time -- that this was the case.

But was it?

The Plot Thickens

As is often the case these days, blogs and independent news sites picked up on Appelbaum's story before the mainstream media did. BoingBoing, one of the Web's most highly trafficked blogs, took notice of the incident and followed up on it.

Other instances of Citibank debit and credit cards being shut down and leaving their users without cash began to surface. Pro-shopper blog the Consumerist got a note from someone claiming to be a Citibank employee, who related that Citibank employees were just as clueless about the breach as their customers.

"A client came into the branch late last week (She was traveling in Canada), and her card stopped working for no reason," the anonymous writer said.

"She called up Citiphone and they gave her no reason as to why the card was blocked, and had a new card sent to our branch. Since she was in Canada, this really didn't help her out one bit."

Citibank issued a press release on March 6th stating that the cards were locked due to "previous retailer breaches" in the U.S. "To protect customer accounts that were affected, we placed a special transaction block in those three countries on PIN based transactions," the statement said. "We are currently reissuing cards, as appropriate, to affected customers."

Details regarding the particular retailer that may have been responsible were not provided to the public. A Citibank spokesman, who asked not to be identified, would only say that the breach "happened in the United States to a small number of affected accounts."

The bank blocked access to the accounts when it noticed a large number of "fraudulent cash withdrawals" in ATMs outside the country in mid-Feb. 2006, the spokesman said.

When asked why the bank would not confirm the identity of the third party that caused the breach, the spokesman said that "we don't know precisely who it was, and even if we did, we couldn't discuss it publicly for a variety of reasons."

Speculation has it that the "third party retailer breach" may be connected to a similar shutdown that occurred last month, in which Bank of America and Washington Mutual customers suddenly found their cards disabled.

The FBI and Secret Service are continuing to investigate the breach, with claims that it centers on retail behemoths Wal-Mart and Office Depot.

Although Wal-Mart has admitted to a security breach in Nov. 2005 that forced at least one bank to reissue hundreds of cards to its customers, both retail chains are publicly denying any new security breaches or hacks in recent months.

"Something Doesn't Add Up"

There is also the possibility that the data breaches come from the hack of the CardSystems payment processing database.

Forty million Visa and MasterCard users' information was exposed to identity thieves in the CardSystems breach, with approximately 260,000 accounts actually hacked or stolen.

CardSystems recently settled charges with the Federal Trade Commission (FTC) that it failed to provide appropriate security measures to protect consumers' private information. The company was recently bought by Pay By Touch, a biometrics-based payment processing company.

Jacob Appelbaum is skeptical of Citibank's claims and was unimpressed with their response to the situation.

"This sounds like an issue that's unrelated to cards just being rejected, doesn't it?" he said to BoingBoing. "If it was just the networks rejecting cards, why did I need to have a new card reissued?"

Speaking to ConsumerAffairs.com, Appelbaum reiterated his belief that the breach was not what it seemed to be. "It doesn't make very much sense," he said.

"[Citibank's response is] void of any real information. It doesn't state who was compromised and when. It doesn't give the details as to why my new card would be possibly locked just for using the Canadian ATM system... As I've said before, something doesn't add up."



Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.


Consumer News

July 9 2008

Print, mail, etc.
Recent Recalls & Safety Alerts

FREE CONSUMER NEWSLETTERS

The Daily Consumer
Afternoons M-F
Sign up now!

Consumer News & Alerts
Every Sunday
Sign up now!

Knowledge is free.
Knowledge is power.

Back to the top |

Advertisement


Home | Rogues Gallery | Good Guys | Complaint Form | News | Recalls | Search | Video | FAQ |
Consumer Resources | Small Claims Guide | Lemon Law | Newsletter | Contact Us
Advertise With Us | Testimonials | Newsroom | RSS Feeds | Radio | Job Postings



Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice.  ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof. 

Copyright © 2003-2008 ConsumerAffairs.com Inc.  All Rights Reserved.