We are in the school year endgame right now. The kids will be done for the year in 10 days, and then summer officially begins. It is a frantic time in our house – the kids head off for camp in mid-June and we take family vacations before then. There is a lot of stuff to buy, a lot of packing to do, and a lot of quality time to squeeze in before The Boss and I become empty nesters for 7 weeks. One of those tasks is haircuts. It turns out the Boy has my hair. And that means he needs to get it cut. Frequently. I’m not complaining but it requires some planning.

If they leave in mid-June we need to get his hair trimmed mid-May, which gives it a month before we get the short camp cut. Yes, we actually have to think about stuff like this. So I took the Boy for a haircut on Saturday afternoon, and my phone rang with a number I didn’t recognize from South Florida. Normally I would let it go to voicemail, especially on a Saturday, but my paranoia kicked in because Mom is in South Florida. When you get to my age you dread calls from numbers you don’t know in South Florida. So I picked up the phone for my friends in Office Depot’s fraud department.

No, they aren’t really my friends, but they did me a huge solid by catching a strange transaction. Evidently someone used my credit card and address (with cellphone number) to buy a laptop for delivery to a store in California. They asked if I had bought a computer for $519 that day. I had to laugh because everyone knows you can’t buy a Mac for $519, and I wouldn’t be caught dead with a Windows laptop. Kidding aside, they quickly canceled the transaction and kindly suggested I call MasterCard to shut down my clearly compromised card.

Yeah, I was already 2-3 steps ahead. Card was shut down, new card ordered, and fraud investigation underway within 5 minutes. Then came the damage assessment. I checked my personal email account to ensure no funkiness (2FA for the win) and also reviewed transactions on my other financial accounts in case of a larger compromise on my end. All clean, for now.

But then I got thinking – which of the zillion online merchants I use got popped? They had my cell phone, so it wasn’t a skimming attack. This involved both card number and address/phone, so it was full-on total pwnage of some merchant. But I never expect to learn which. I can’t be too pissed – I had a pretty good run with that MasterCard number. It lasted 18 months, which sadly is a long time between card credential compromises.

I could be angry, but it’s just the way it is. When my new card comes in I will need to spend a couple hours wading through my bills and changing all the automatic charges for monthly stuff. I need to monitor that account much more closely until I am confident everything is clean. In 12-18 months I will need to do it again. At least the merchant didn’t give me a hard time – unlike last time this happened, when someone bought auto parts and had them delivered to an address in my town. Of course it wasn’t my address, but those are pesky details. AmEx did good work on that situation, fortunately.

And with that, let me tip my hat to Office Depot once again. Once attackers get a working card the fraud transaction come fast and furious, so they saved me a bunch of angst. Now I need to go by some office supplies from Amazon. Come on, man, you didn’t think this would buy any office supply loyalty, did you?