Citigroup Gets Around to Addressing PIN Compromises

Hey, remember all those debit cards and PINs that got stolen and stuff? Where hackers got into Office Max, made off with debit card accounts and encrypted PIN codes, decrypted the PINs, made counterfeit ATM cards, and withdraw lots of money and large amounts of people were forced to get their ATM card changed without anyone telling them the real reason why? Well, apparently Citigroup remembers too. Eventually.

A shareholder queried the Citibank corporate office about the debacle and forwarded us the email:

    From: Mcclure, Stacey

    Date: Apr 3, 2006 4:43 PM

    Subject: Your E-mail Dated March 6, 2006

That’s right, it took almost a month for Citigroup to respond to one of its investors about the problem. Imagine their priority level for the average consumer…

The full content of their reply, which they seemed to have cut and pasted from press release drafts, after the jump…

Dear [withheld]:

I am writing in response to your March 6, 2006 e-mail to our Shareholder Relations Department. Your e-mail was forwarded to the Executive Communications Unit for review and response.

In your e-mail, you requested additional information regarding recent ATM restrictions in Canada. As you may know, there have been an increasing number of media reports regarding incidents of compromised data systems at retail establishments where some of our clients have used their cards. As a result, Citibank Banking card numbers may have been available to unauthorized individuals. While this information may not result in fraudulent activity on our clients’ accounts, Citibank is taking steps to proactively prevent this possibility. One of these steps is issuing new Citibank Banking cards to our clients who may have been affected.

For added protection, we are also advising our clients to change their current Personal Identification Number (PIN) code on their reissued card. For their convenience, this may be accomplished at Citibank branches and ATMs in the United States, or online at

To ensure that our customers receive the very best service, as a standard practice, we monitor their accounts on an ongoing basis with our advanced Fraud Early Warning Systems. While the third party retailer occurrences noted above did not involve any security breaches at Citibank, we recently uncovered a new trend of unauthorized ATM activity. We want to assure you that Citibank took immediate action to block such activity from impacting our clients’ accounts.

Mr. [withheld], you may rest assured that we are fully involved in the protection of our clients’ accounts. You are a valued shareholder and we thank you for providing us with this opportunity to provide clarification regarding this very important matter.


Stacey McClure

Client Liaison/Executive Communications”

See our the previous stories on “The Russian Connection.”

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.