Looks like having my credit card number stolen hasn’t had too bad an effect on my life. I received and activated my replacement credit card about two weeks ago. Also, in the interim, I found out that my dad had one of his cards disabled, too.
The people who called my dad about his card explained that the latest scam going around is just to generate random card numbers. Looks like my research was right; that was one of the top possibilities I found browsing through discussions around the Internet. Unfortunately, algorithms for creating random, valid card numbers do exist for testing purposes. Since both of us had our cards compromised within a week of each other, I think it’s safe to believe that we both were victims of the same scam and there was nothing I could have done to prevent what happened to me.
What kind of grossly inadequate security must credit card processing systems have that someone can successfully (attempt to) authorize a transaction with nothing but the account number? There must be another piece to the puzzle…maybe shady merchants who don’t bother verifying any of the information, or something like that. For now, I’m quite thankful that fraud-detection departments are so vigilant.
Even though I was probably just a victim of a random number generator, I’m still going to see if my card issuer supports generating temporary account numbers for use in online shopping. That seems like a good idea: If one of the numbers is compromised, I can just kill it, rather than dealing with deactivating and reissuing the card. (I have long used this same principle for email addresses. I used to use Gmail’s “plus-addressing” feature to add keywords to my incoming mail; now I give most sites a unique address at technobabbl.es. Both approaches also allow me to track data leaks—which usually result in increased spam—directly to the responsible party. :D)