Last month, I noticed a transaction on my Citibank Visa credit card that I didn’t recall making, it was for an event software solution so it was probable I could have made it, but on checking out the vendor’s website, I knew I hadn’t - I had never heard of it. 

I then went over my statements more carefully and found another transaction on Agoda that I didn’t recall making.

I called Citibank to enquire about those payments. The customer service officer’s first question was, “Have you ever bought anything online?” I said, “Yes.” Her second question was, “Have you ever shared your CVV code online?” I said, “Yes. When you make an online purchase, you have to share that code. It’s part of the payment process with any website.”

She then said something like “well, if you have done that, then it’s possible your credit card may have been used by someone else.”

In other words, it’s your fault, not ours, who asked you to share that code? (Incidentally, in my second follow-up call, when I was asked the same question again, I asked the officer if he had ever bought anything online and he said no.)

I was then told that I had to contact the vendors directly for refunds. When I said shouldn’t it be the bank’s responsibility, she said no. She said I could have my card cancelled and they could issue a new one.

The query to the first vendor remains unanswered to this day. Agoda responded very promptly and told me that their investigation revealed that the transaction had been made on a “whitelisted account that hadn’t been used for
 2.5 years and it looks like it went ‘bad’.”

It added, “A full refund has already 
been completed on our side …”

Full story