Replacing a (potentially) compromised Visa prepaid debit card
/If you play this game long enough, you guaranteed to see everything eventually. In many ways, I think travel hackers have a better view into the guts of the US financial system than the people who designed it, because we get to see it from every angle.
There have been lots of report of compromised MasterCard gift cards over the years, typically taking the form of packaging that has been opened and resealed after the card’s data has been swiped. I still haven’t encountered that one, but during the recent Safeway promotion for $15 off two $100 Visa gift cards (a classic negative-cost opportunity to manufacture spend), I ran into what I suspect was a compromised Visa card.
Stuck packaging, missing CVV2, dead magnetic strip
My hackles were first raised when trying to open the card’s packaging, and found it was much harder to open than usual — remember I’d been loading up on these cards for several days, so had a good sense of how easy they typically are to open. This was annoying, but not alarming, since I’ve encountered multiple versions of these cards, so I assumed that I had happened to grab either an earlier or newer generation off the shelf.
Once I’d cracked it open, more or less shredding the original packaging, I immediately noticed that only the last digit of the security code on the back was visible. The obvious problem here was that it meant I was unable to check the card’s balance online, since the website requires you to enter all three digits. Now I was not just annoyed, but worried.
In principle to liquidate the card all I needed were the last four digits on the front of the card, which work as the card’s PIN at money order retailers. Nevertheless, out of an abundance of caution, I used my home credit card reader to see if the card itself had been tampered with, and discovered that the magnetic strip was completely dead.
I want to stress, despite these three clues, I have no proof that the card was actually tampered with in any way. Old packaging, sticky glue dots on the card’s backside, and improper handling could easily explain all three of the issues I saw. Nevertheless, I needed a replacement.
Metabank mailed me one for free
To request a replacement, I called the number on the back of the card and eventually navigated my way to a customer service representative. I explained the situation to him and he asked for the long string of digits above the card’s bar code. Using that information, he told me that the card’s value was still in place. Since I knew (but didn’t tell him) that the card had also been demagnetized, I insisted on a replacement.
I placed the call on the 18th and was assured the replacement card would arrive within 7-10 days. I actually received it on the 24th, just 6 days after my call.
Conclusion
In my case, requesting a replacement was easy since the card’s value hadn’t been used yet, and I want to stress, I do not know whether it was maliciously compromised or simply defective. Nonetheless, I want to make readers aware that if you run into a similar situation, resolving it is relatively painless, as long as you act quickly after discovering the problem. Had the card’s value already been drained, I presume the process would have been substantially more complicated and time-consuming.