I used my new Citi card yesterday to buy gas at Costco. DW could not see all transactions (see above) so I logged in. I saw my gas purchase and a separate $1 gas purchase. This suggested that my account had been hacked:
1) scammers are said to test the waters with a small charge then go wild.
2) It was at a gas pump (albeit Costco's) notorious for skimming cards.
I immediately called Citi to investigate. The agent could not explain the charge and I cancelled both cards. The agent said we could get temp cards (only membership cards, it seems) at Costco--and I did.
However, the manager at Costco told me that the $1 charge was Citi's way of testing the first charge on a new card, while Amex simply put a hold on the purchase until it cleared (if I understood correctly).
SO, it seems my cancellation was pointless. Why the Citi agent did not tell me this angers us.
I called Citi to see if I could reverse the deactivation and was told, no. And Citi now blamed Costco for the charge.
This did not happen when we got our Costco Amex card, so I believe Costco and not Citi.
Boo Citi.
[The following got long, but it is based on my experience developing software to process credit card charges. It's been about 10 years since I worked in this area, so it's possible things have changed a bit, but I don't think they've changed significantly.]
You jumped the gun by cancelling your cards. A $1 pending charge that occurs at the same time and from the same vendor as a known charge is not a scammer. That is an authorization transaction to verify the card is valid. It's very common for a business like a gas station, where they don't know how much you'll actually spend, to do a $1 auth and then do a separate auth/capture for the actual amount once it's known. The $1 transaction stays as pending and eventually times out. How long it lasts varies by the card issuer, but it's generally less than a week.
Most businesses know how much you're charging when they run the card, so there's no separate auth transaction. They simply do an auth/capture and don't hand over the merchandise until they've received a verification from the payment processor.
Some vendors, such as hotels, will do an auth for a large amount when you check in (this is often called a hold and your credit limit is reduced by the amount they authorize), then when you check out they do a capture against the previous hold without doing another auth transaction first.
If your card is stolen by a skimmer, thieves won't need to bother with doing a small charge first. They'll go straight to the big item because they already know the card is valid -- after all, you just used it successfully at the gas pump where they skimmed it. The thieves who do the small charge to validate a card are the ones who hacked into some merchant or some bank and stole a huge file of credit card numbers and now they need to see which ones are still valid. These aren't usually the $1 charges though. They'll be about $5-ish and they'll be for some online merchant you don't do business with or for some charitable donation through their website.
The difference between Citi and Amex is that Citi is showing you the pending authorizations online. I also noticed a $1 auth from Costco Gas this week, although that wasn't the first use of my card. I assume they also auth'ed the Amex cards when we had those, but Amex just didn't display those on their website.
While it would be nice if Citi agents were all trained in the difference between auth, capture, and settlement transactions and could explain that clearly, I think you might be expecting too much from the average call center agent. (I also worked on call center software before the credit card processing software, and had the opportunity to interact with many of these agents. While some were very capable, the majority were not.) If you still want a Costco card, you should be able to reapply and get a new one since you have a good credit record on the previous Amex.