Card interception

My wife had a recent harrowing experience with a credit card. She has one from OCBC Bank Malaysia and on Wednesday morning, she received an SMS message from the bank to inform her that a renewal card was on its way to replace her existing card which would be expiring soon. I should say that this is quite standard procedure for banks nowadays, to inform their customers that new credit cards are on their way to them.

But what set alarm bells ringing was a subsequent standard SMS message from the bank yesterday afternoon to alert her that an attempt had been made to use her new credit card. She contacted the bank immediately and was told that someone had tried to use the card for a Paypal transaction in US dollars. Her existing as well as the renewal card has since been cancelled.

Pretty alarming, right? What are the security measures over the whole matter? Where was the lapse? Within OCBC Bank itself? Or was the card intercepted outside the bank by a person or persons unknown? Which delivery company was used and what's their integrity and reputation? Did the courier company come to collect from the bank, or did the bank deliver directly to the courier company? Every person along this chain should be a suspect. Is the cancelled card still with the delivery company? Is the bank investigating?? 

It was a lucky thing that my wife spotted the SMS message immediately and straight away contacted the bank. I wonder how many hundreds or thousands of credit cards have already been intercepted in this way during delivery and contributed to fraudulent use. And whether those legitimate victims had found satisfactory recourse from the banks.