I suspect because it is better safe than sorry. The possibility exists that someone obtained your actual credit card info so a new card is your best bet.
You are right, but as even the few posts in this thread by people show, the security issue seems to be in Apple's store. How does Apple compensate us for the inconvenience if and when the security breach is theirs, not mine? They do not even reply to my mail about it. With so many people apparently being affected and Apple being one of the biggest companies in the world, how can they get away with this without this causing much more of a stir in the media? Yes, the individual amounts are small, but there seem to be a lot of people affected, and, as you rightly point out, someone might actually have gotten my actual credit card data and might be causing more economic damage with that info, and that would be Apple's fault for not keeping the data I entrusted them with safe. Don't they have this technology where they can locate an actual machine the software is being downloaded to? I don't quite understand the whole fraud scheme here. Yes, the software vendors benefit from these sales, even if the "purchased" software never actually gets downloaded. But it will be pretty evident when and if software vendors are in on this, and they will be busted. Who else benefits if the software that fraudulently gets bought through this never actually gets downloaded by anyone?
My Paypal account was hacked a while back. I had used it maybe two or three times in the previous 18-24 months. Both Paypal and AMEX noticed the suspicious charges and suspended my account and cancelled my card. I was pleased with that response. Anyway, the items bought were virtual items on some game site. You would think it would be relatively easy to at least find out the user ID and IP address of the person making the purchase. AMEX claimed they would pursue it ($2000 in fraudulant charges), but so far, I have not heard anything from them.
