My bank called me today.
"A branch where you used the ATM was compromised. You'll have to change your ATM card and PIN."
No, not again. This was a routine phone call, but actually, I'd already reported the breach last Thursday.
Last week, I went to the ATM near my office to take out cash for the weekend. Something caught my eye. Something strange.
Seems I'd withdrawn a hundred euros that morning in Madrid. At 6:21 a.m. I was not awake at 6:21, and I certainly hadn't been in Madrid. I've never been to Madrid, not even when I lived in Barcelona!
I changed my PIN, filed a report, and ordered a new card. But I actually thought the withdrawal was a banking mistake, that this error would be investigated and rectified. While I seem cynical, I actually have faith in the innate goodness of most people, a byproduct of being helped along the way as I've traveled the world.
Instead, it turned out that this ATM withdrawal was real, that someone else had mined my details and created a card, which was then used to withdraw a hundred euros at 6:21 a.m. in Madrid last Thursday. My bank had taken more than a week to work this out, so I'm glad I found the compromise on my own.
I'm a little annoyed that it took them so long and that the scam originated at one of their own branches. But they credited my account bank with the hundred euros.
They even gave me back the "foreign fee."