CC company to customer: Those were lab draft editions of our new cards.
Private research to CC company: We ordered cards for ourselves as if we were normal customers for this test.
See the article:
" . . . in tests on 20 cards from Visa, MasterCard and American Express, the researchers here found that the cardholder's name and other data was being transmitted without encryption and in plain text. They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150.
They say they could probably make another one even smaller and cheaper: about the size of a pack of gum for less than $50.
And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak. "Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?" Heydt-Benjamin, a graduate student, asked."