Or was the call really from my bank? Was it a scammer trying to get my details? Of course not, they were asking me to call the normal 0845 number, so it had to be genuine.
So I called, went through the security questions, and asked what it was about. They wanted to check my last few credit card transactions, there was apparently a problem.
As they read through the last three or transactions, they all sounded like mine -- nothing out of the ordinary. Then I was passed to the fraud team, which sounded worrying. They took me through the same exercise, but with more transactions just to ensure they were all OK. They were.
"Is there anything else I can help you with today?," she asked.
Well, I wouldn't mind knowing how they'd spotted there was something wrong with my card, I said. Had there been attempted transactions overseas somewhere, for example? She couldn't tell me, saying the police had supplied them with a list of compromised credit cards, no other information.
The experience raised a mixture of feelings. Suddenly becoming a victim of credit card fraud, rather than just writing about it, made me feel angrier than I'd expected. Like anyone who has been burgled, or worse, there was a sense of outrage. How dare they do that to me?
On the other hand, I was impressed to see that the fraud prevention system worked so well. The bank's systems and staff were quick off the mark, and I have the comfort of knowing I won't suffer any financial loss, or even have to get fraudulent transactions cancelled.
But I would like to know more. How did the details get out? Was it an internet-based attack, or (more likely) someone in a shop who's copied my card details?
Without that information, how do I guard against it happening again? If it was a retailer who was to blame, I'd like to know who it was. I'd like to have justice and information, as well as protection.
Even as an unharmed victim, I should have a right to know, like they do in the US where consumers are kept informed of the loss of personal data. The sooner we get mandatory disclosure of breaches here, the better.