Last September I wrote about my Citibank business credit card being cancelled due to the number being reported as compromised. Well, it’s happened again. Yesterday both Jeff and I were informed that our card numbers were possibly stolen and that Citi would have to issue new ones. No word yet on my personal card.

While this is slightly inconvenient, what really pisses me off is that Citibank will not reveal the name of the merchant who allowed the security breach. I believe I have a right to know and to possibly avoid using that merchant in the future, but no matter how hard I pressed, the agent I talked to either didn’t know or wouldn’t tell.

It’s almost enough to make me change banks, and I thought it funny that when the agent signed off with “Thanks for using Citi” it came across as “$hitty”.

I do like the fact that Citi was proactive in contacting me and closing the account, but the fact that they are willing to hide the identity of the real culprit bothers me. The merchant should be held accountable. At OpenNMS, when we take credit cards we use a system that does not store the number or any detailed information once the payment is processed. I can honestly tell our customers that their payment information is not stored by us.

So, did anyone else get “the call” and have to replace their credit cards? Is there some information that I’m missing (as a Google search doesn’t turn up anything recent)?

(sigh)