Am I a Victim of the Home Depot Data Breach?

This post may contain affiliate links. Please see my advertiser disclosure for more details.  

Yesterday I stopped at our local butchershop here in Northern Virginia, which is where I buy all our meats these days. I usually just go there once a month and stock up on meat for the rest of the month.

Last night the grand total at the Butcher came to $160.85. The employee swiped my Chase Ink Bold card and handed it back to me. Then he said he need to try again and asked me for the card again. Then, as discreetly as possible, he said, “Um, do you have another card, this one has been declined twice.”

First thing, “Do I have another card?” I’m a points-obsessed credit card collector. Of COURSE I have another card. (I didn’t actually say that, but I was thinking it).

And second thing, “Oh great, now the local family-owned butcher I go to every month thinks I’m a deadbeat with maxed out credit cards.”

But I didn’t think too much of it. I just figured that the amount at the butcher triggered some sort of potential fraud alert algorithm and that I’d be getting a phone call from Chase any moment to verify the charges (like has happened in the past). I paid with another card and had a few more errands to run. By the time I got home, Ken and I chatted for a bit, then we ate dinner, and it was time to go to bed! I pretty much forgot about checking on my Chase Ink Bold card.

Yep, those aren’t my charges

When I woke up this morning, I remembered about the declined card, and logged into my Chase account. And sure enough, there were three charges that I didn’t recognize. After a quick Googling, it looked like two of the merchants were based in Brazil and one was in Iowa. The charges were not excessive ($7.28, $16.32, and $3.55).

I called Chase, and I told them I thought my card had been compromised. The agent said that yes, there had been a fraud alert put on my card, and that she was going to transfer me to the fraud department.

We went through the recent charges, and the agent said, “Did you use your Chase Ink Bold card at a gas station in Brazil yesterday?” Nope, I didn’t.

I confirmed which ones I did not recognize. With that, my Chase Ink Bold card was closed, and they’re shipping me a replacement card overnight.

I guess it’s impossible to tell exactly how my card information got to Brazil and Iowa, but I did use my Chase Ink Bold card at least three times this past June and July at Home Depot. Considering all the news surrounding their data breach, I wonder if that’s how my number was compromised.

Past Fraud Alerts I’ve Experienced

So, I’m really happy that credit card companies disable new purchases if they suspect fraud. That has happened to me at least three times in recent memory:

1) Almost two years ago, I spent about $200 at a WalMart, a place I hadn’t shopped at in years. My Chase card was declined, and I just used a different one. By the time I was walking out the door at WalMart, my cell phone was ringing and an 800 number was showing up on the caller ID. It was Chase’s fraud department and I just had to go through an automated process to confirm my charges. Easy Peasy.

2) Last June, my card was declined after my third of six $50 transactions at a Safeway. (I was buying gift cards to leverage some extreme savings at Lowes). I was using my American Express card, and, like the WalMart issue, my phone rang almost immediately after. Once again, I just had to go through an automated process to confirm the charge, and then I was able to use my card again.

3) My Chase Sapphire Preferred card was declined a few weeks ago after attempting to make a relatively large purchase at ModCloth (an online clothing retailer). Within moments, I had an email from Chase and I was able to go through an online process this time to confirm my recent charges.

So, all that being said … Why didn’t Chase call me this time? I’m glad they put a hold on my account in an attempt to prevent additional fraudulent charges, but calling me could’ve saved me the embarrassment of getting my card declined.

A few final thoughts on the entire situation

• I’m not even mad. These things happen. I’m not going to stop using my credit card for purchases. (Like some random internet commenters always seem to mention in news stories about data breaches … “I’m going back to using all cash!” or “I’m never shopping there again!”) This literally took about 7 minutes of my time to take care of.

• I love credit cards for their consumer protections. Once upon a time, way back when, I used my debit card for everyday purchases. If a debit card card gets compromised, essentially your entire checking account gets compromised! Credit cards have zero links to my “real” money except when I pay my bill! I remember one time (around 2006, 2007) I had a double charge on my debit card for a fast food restaurant You know what the bank’s solution was for that? “Go back to the restaurant and show them your statement and your receipt and ask for a refund.” Umm, what? And that’s what I had to do. The bank wouldn’t refund it directly, I had to take time out of my day to go back to the restauant. I wondered if it was even worth the $7.00 charge, but it was the principle!

• It’s a little more difficult to track unusual purchases if you use 20 different credit cards in a given year. Ken and I always seem to be applying for new cards to maximize points and miles bonuses, so sometimes I can’t even remember what card I used where. Ken likes to track everything through Mint, but I’ve always had a lot of trouble using Mint (they don’t support my one student loan lender, and one time a Citi credit card I was using regularly didn’t update for MONTHS despite having correct login information, and a few other issues as well). I am very diligent about logging into each credit card account each month (usually on the last day of the month), so I know I’d catch any suspicious charges then, but still, it’s not like I have just one credit card to monitor for fraudulent charges! But it does make me more confident in my decision to routinely review my wallet contents and close out cards.

• I am very excited about ApplePay. If it works the way I understand it, merchants will no longer be receiving any specific data, like the credit card numbers, about your credit card. Hopefully this will help prevent large scale data breaches like this in the future!

• Similarly, I’m happy to see that chip-and-pin enabled cards are becoming more common, because they are considered more secure than chip-less cards that just rely on the magnetic stripe. I’m sure that anybody who has traveled to Europe in the past 10–15 years has lamented how difficult it can be to use a US-issued credit card in Europe because US-issued cards are usually not chip-enabled. It appears that many banks should be adopted chip-and-pin cards by October 2015. Just in the past year, my Barclays Arrival Plus and several Citi products (such as my HHonors Reserve) have been issued with chips. It was so much easier to use my cards during our trip to Russia than it had been using credit cards on previous trips to Europe!

So folks, keep an eye on your cards!

Have you ever had a fraudulent charge on your credit card or debit card? How did you get it taken care of?