I listen to a few netcasts from Leo Laporte’s TWiT network. For a while about 18-24 months ago a few shows on the network were sponsored by VISA, flogging their fraud protection capabilities. “Safe, Secure, VISA” was something I heard ad-nauseum a while ago (and started hearing it again recently, as I listen to old Security Now episodes).
While my Thalys journey to Paris was coming to an end, I got a phone call. I wasn’t going to answer it for the combined reasons of being in a foreign country, being on a train in a foreign country, and being in a small room not normally associated with telephone communication while on a train in a foreign country. Something made me answer the damned thing though.
It was someone claiming to be from my bank in Australia, asking me if I’d just used my credit card to buy something from the Apple Store in the US. Now I did very nearly say yes, and to stop bothering me with such stuff: this was the card that had been associated with my Apple ID, and there was a chance that N had picked up my iPod and stumbled through and found the App Store and bought something. They’d never contacted me before about App Store purchases however, and then I remembered that card was not on my Apple ID any more. So I replied non-committally (and very helpfully, in hindsight)…
“Well, maybe.”
“This was only in the last couple of minutes,” said the bank.
“Oh,” said I. That changed things. Knowing that the card was not linked to my Apple ID any more, there was very little chance that N might have done something. It definitely wasn’t me either, given where I had been during the few minutes in question. “No, then,” I replied.
At this, the VISA machinery sprang into action. Within seconds I had been recited the standard dialogue about how my card(s) had now been cancelled and that I would soon receive new card(s) and PIN(s), so on and so on. Being none too happy about having to re-arrange scheduled charges to the account (the only use that particular card gets, as it turns out) I started to think about how the number had got into the wild.
In spite of knowing that there are card number generators that the bad guys use to generate valid card numbers to try on unsuspecting e-commerce sites, something gave me the thought that it was more likely I had lost the small wallet that card was kept in. I started thinking about the other cards that were in that case. Hotel/car loyalty cards: painful, but not a problem. Unused AMEX: cancellation drama only. Travel-backup credit card: hmm, that might be a problem. What else…
Oh, wait a minute…
OH CRAP.
Last I saw that wallet it was wrapped around…
O. M. F. G.
My PASSPORT.
Instantly I understood the feeling described by the term “heart in my mouth”. There I was, standing on a train pulling into Paris Gare du Nord with my knees buckling contemplating the possibility that my passport was lost.
I started to look through the bags I was carrying, the places where I knew the wallet should have been. Nothing. By this time the train had stopped, and I alighted the train with the other passengers and took my frantic search to the Gare du Nord platform. Still nothing.
My mind was racing. Do I continue my journey to Montpellier as planned, and sort out the passport later? Maybe ironically, the thing I was most upset about was having lost all the stamps in my passport!
I decided that I couldn’t think properly standing on a train platform and that I had to get to my hotel and sort it out there. I managed to find the subway that links the SNCF station to the RER, but halfway through the subway I realised that I couldn’t go any further without having a proper search. So in the middle of a railway station subway in Paris I started rifling my luggage like a sniffer-dog looking for the stash (and it wasn’t until later that I realised how much trouble that might have got me into).
FOUND.
The wallet, all cards secure and still encasing my passport, had worked its way into the lowest portion of the wheeled laptop bag I use. I suffered the joyous feeling of my heart returning to its rightful place, combined with the return of my ability to breathe. As I put stuff back into my bags and resumed my journey, I tried to concentrate on the task of getting the right ticket, the right RER line and the right train to get me to Gare de Lyon (thanks to the signage in the station, this was made very easy).
Once I was on the RER, with other commuters around me and me trying to marshall my luggage, I realised how I could not have done the trip thinking that I had lost my stuff. I also realised that that was the closest I ever want to come to actually losing my passport while overseas.
Oh, and the credit card? Like I said, it was in the wallet all along. The card hasn’t been out of that same wallet for over twelve months, and the regular deductions (and my automatic payment to cover them) have been the only transactions on the account for at least that long, so I guess a card generator just happened to get lucky with my number.
So if you happen to get that phone call from your bank, think seriously about your card’s whereabouts and recent activity… and for heaven’s sake don’t do what I did and jump to the conclusion that the card was lost or stolen — your imagination might just take you someplace you really don’t want to go.
Update: Before I left Australia I had asked the bank to reissue the card for a promotion they were having, but the new one didn’t reach me before I left the country. When I got home, I had a look at the card that had been issued — the one that got hacked. I think I know now why I got pinged: the CVV number (the three-digit printed number on the back of the card that is supposed to increase security) was the last digit of the card number followed by “00” — I’d have to think that would be about the weakest CVV number the card could possibly have had! I feel much better now that this was simply a random selection by a card-number generator, facilitated by a stupidly-insecure CVV.
Crossed Wires 