A couple of days ago, I received an email from HSBC India (an @hsbc.co.in email address) on behalf of HSBC Canada’s Fraud Monitoring team:

The email.

Even though the majority of these types of emails are phishing attempts, I still briefly scan them, especially if they manage to avoid the junk filters. This one addressed me by name and the phone numbers checked out when I compared them to HSBC’s website, so I called HSBC to see what happened.

It turns out that someone attempted to run a few bogus charges through the card. HSBC blocked the subsequent charges, but the first one went through. I confirmed that I did not buy 600 dollars’ worth of booze from a liquor store in Washington DC. The woman on the other end of the line was apologetic. After reassuring me that my reward points would not be affected, she promised to issue me with a new card within 8 to 10 business days. Meanwhile, the transaction would be forwarded to HSBC’s fraud team for investigation.

To my minor annoyance, she then attempts to cross sell me on a checking account. I tell her I’ll consider it if the fraud team correctly finds in my favor, and we both chuckle. I’m not mad at her as she is probably required to make a sales pitch on every call. Having once worked in a call center, I know how crummy of a job it can be.

If memory serves me well, this is not the first time I’ve been the victim of credit card fraud. Unfortunately, credit card issuers are frequently reticent about providing details and the HSBC representative I spoke to was no exception. Thus, I have no way of knowing how my credit card was compromised.

To mitigate the risk of a similar headache, you should be in the habit of locking any credit cards that you don’t use on a regular basis. In my case, I hadn’t used the breached credit card in months. Or you could cancel them, but that might adversely affect your average age of credit accounts.

Let’s hope HSBC doesn’t try to make me pay for alcohol that I never ordered!

10/10 Update: The charge was rescinded. Whew!