Poor Security of Citibank Costco Credit Card

Over the past nine months, we have had about 15 instances of Citibank customer service giving third parties access to our credit card account, or issuing new credit cards to those third parties. Their fraud department has admitted that they do not consistently follow their verification procedures, and are letting in imposters pretending to be us - often with just publicly available info like our address, birthdate, and checking account number which is on every check we write and every autopay that we have. We even changed the checking account to no avail. Although we have set up a complex password that Citibank is supposed to use with anyone who calls in, they don’t do this either, leading to repeated issuance of new cards to fraudulent third parties.

We have wasted many hours and had travel disrupted many times by this lack of security, something that doesn’t happen with any of our other credit cards. We also have contacted Costco Customer Service who said that they have received many complaints about Citibank but have no plans to change for now.

Has anyone else had this problem? We are close to canceling the card because it is not worth the hassle, and they don’t seem to care - have sent us about 20 new cards this year because of the repeated fraud, but are not solving their internal security problems.

Never had this issue with Costco Citi Visa. Sorry you’re having problems. I’d cancel it, why reward incompetence?

I have 2FA for my Citi card, and when logging in, they send a code to my cell phone, and it works for my calls to them. I call and they either send a code via cell phone or to my email.

I turned my 2FA off but change pw every 90 days, 19 digit completely random. I just felt impatient the other day

We’ve had the Citi Costco Visa since it was issued and had zero issues. We also have a Citi Mastercard and have had no issues with that either.

Perhaps a card skimmer?

I know that’s recommended, but fail to see the logic. Can you explain? [your p/w is safe for 89 days, but not the next day?]

19 digits is great, so how could it be hacked? [mine are about 10 digits]

Several websites i use require me to change passwords 3 to 4 times a year. I dont recall the day count. Some send a reminder; others don’t. What’s annoying is these are sites I usually visit only 2 or 3 times per year.