I just got a phone call out of the blue from a representative at the Royal Bank Visa credit centre, asking me to verify some recent suspicious purchases.
My visa was just used to purchase $4 worth of something in Czechoslovakia, then $1500 worth of diamonds in Spain. Holy crap. She said it's nothing that I've done wrong, that the Evil Thieves are able to get credit card numbers from literally anywhere (like, for instance, the huge database theft that hit the parent company of HomeSense, where hundreds of thousands of visa billing records were stolen, likely a few of mine in there as well).
So, she's nuked my visa. Cancelled the charges. And is issuing me a new card. In the meantime, I get to live on cash or Interac (which is what I normally do anyway).
What I find really scary is that someone can get a visa number and go ahead and place charges on it. There is absolutely no security built into the transaction, and we're left to rely on eagle-eyed monitors like the one who called me today.
I think it's time to redesign the credit card / interac / debit system so that the only security checks aren't made from essentially public information (I have to assume that both my full name and now visa number are in the public domain, so neither is a valid part of a security challenge).
Surely we can do better than this in the first part of the 21st century... Biometrics? Secure ID? Rotating cypher keys? Quantum encryption? Something!