[stordoff]

That's why I was pleasantly surprised recently when my bank called me about some fraudulent transactions, and the entirety of the conversation was: "Do you recognise this transaction?" "No" "OK, your card has been blocked and a new one is on its way".

Even if it had been a fraudulent call, they weren't asking for anything (so I didn't have to bother verifying it was legitimate), and even if they got the wrong person there is limited damage they could do.

[daveFNbuck]

What if they got the person who just redirected your mail to their own address?

[stordoff]

I'd notice there was a problem when I stopped receiving mail and my current card stopped working. Even then, even if they DID get the new card, I could report any subsequent transactions as fraudulent (honestly, my mail being redirected would be a much bigger issue to me than someone having access to my card, so that doesn't add much to the attack potential).

Also, at some point, it becomes infeasible enough (that someone would have redirected my mail, hijacked my phone number or managed to change it with the bank, triggered a call from my bank, and managed to line them all up so I hadn't noticed there was a problem) and more trouble than it's worth to be worried about it happening.

[jandrese]

You would probably notice when your card suddenly stopped working.