01523: Credit Card Compromised

And the weekend had been going so well.

This afternoon I received an email from BPI's Credit Card Fraud department asking me to verify a few online transactions made over the weekend. And while I could confirm some of the recent fast-food deliveries that we had made during our game sessions and such, there were also a number of transactions that I did not recognize that appeared to be from "SM Prime Holdings". When I called up the fraud agent, it turned out that these were most likely charges made via the SM Tickets website, which covers any number of concerts and sporting events.

I guess I should consider myself lucky that whoever managed to compromise my credit card was only aiming for somewhat small-time events. Had they tried to book some major international concert, I imagine that I would be much deeper in the hole right now.

Thankfully the transactions were only done last night and so we were able to block my card today and have a new one issued within the week. I can also dispute the charges, so at the very least I won't have to deal with paying for this fraudulent charges either. Based on the template letter that they had sent me to sign, it looks like it's easier to dispute fraudulent online charges versus when you actually lose your card since from there they can only tag fake charges from the moment that the card is reported stolen - not when you physically lose it. And there can be a pretty big gap of time between those two events if you're not careful.

I'm still not sure how my credit card information was compromised in the first place, although I have a sneaking suspicion that it may either involve CityDelivery, since we had ordered from them for the first time week or Shakey's, which would be rather disappointing. We're longtime Shakey's customers and I have used their online payment facility before. Although thinking back, this weekend marked the first time that I ever recall having to entire my credit card information into the Shakey's website itself and not directly at the payment facility website (e.g. Yes! Payments or PesoPay). This was the only time that I had ever entered my CVV into a different website (should I have thought twice about that, at least I see that now in hindsight) and once you have that, everything else is easier. I may call Shakey's about it, but I'm not quite in the mood to make accusations at this point. The damage has already been done so no sense in crying over spilled milk.

At the very least, we have identified the issue and have taken steps to address the concern. In the future I'll try to use my BPI eCredit card more for such online payments and make sure that I only enter my complete credit card info directly in the merchant payment portal. We'll chalk this all up to experience for now.

In other news, Tobie and I finally watched the second season of Dollhouse last night instead of going out. I still feel pretty bad that the show ended, especially since it had a lot of very interesting concepts to explore. Now we're going back even further in time as we continue watching Alias - we're only at the second season at this point. Hooray for good television.

And yeah, the photos were just an excuse to show off my reissue version of Powermaster Optimus Prime with Apex Armor.