Yesterday, my partner and I received our new, more secure, chipped cards on our shared credit card account. We activated them via the attached phone number around noon. My partner used his card once, in person, at a local retailer. My card never left the house.
When we got home yesterday evening, less than 12 hours after activation, my card had been used 3 times in Canada (I’m in Maryland). These were all in-person transactions, not online. It’s not clear whether they used the magnetic “swipe” or the supposedly harder to duplicate ship.
I understand that card cloning is easy to do - skimmers just duplicate the magnetic stripe that they read when you swipe, or you can generate your own magnetic strip if you know the algorithm, name on the card, and card number. But there is literally not a single merchant in the world who had this card’s number yet. It had never been swiped, chipped, or used online.
So my question is: does this mean that there’s a data breach at the factory and/or the issuing bank? That is a much more serious problem than a merchant breach, and can compromise a lot more of my financial data. I’m particularly concerned because I’m trying to buy a house right now, and it would be seriously the worst time for identity thieves to be damaging my credit.