While the theft of 40 million debit and credit card accounts from Target wasn’t the largest or most damaging breach ever, it certainly got attention coming during the height of the holiday shopping season, giving millions of consumers a wake up call on a growing problem.
After all, Target was only one of 500 publicly disclosed data breaches this year.
Any retailer may be hit in the future, which shows just how important it is to protect your bank account and your identity. Even if this breach missed you, sooner or later you will be affected.
That’s why you need to know how credit cards and debit cards differ in terms of fraud protection, and what you can do if your information is stolen.
What Credit Card Users Need to Know
Recommended for YouWebcast: The Art of Growth Hacking: Gaining Early Traction by Doing Things that Don't Scale
If a thief steals your credit card information and makes fraudulent purchases, they’re stealing the bank’s money. If they steal your debit card information, they’re stealing money from your checking account, and you’re left fighting with the bank to get it back.
Federal law limits responsibility for fraudulent credit card charges to $50, but the four major issuers — Visa, Mastercard, Discover and American Express — have zero liability policies that keep you from losing a dime.
The case is very different with debit cards, which have a maximum liability of $50 — if you notify the bank within two days. If you miss the charges and don’t report them for three days or more, liability is capped at $500. If you don’t report the fraud within 60 days, you could lose everything.
While consumer groups like Consumer Action are pushing Congress to guarantee more fraud protection for debit card users, bankers oppose changes to the law, and it’s unlikely any changes will be made.
Debit cards only protect you from certain instances of fraud as well. This means purchases made with your PIN and cash withdrawals will be much harder to reverse.
The bottom line? If you have access to a credit card and the willpower to use it responsibly, it’s the safest way to protect yourself.
Am I Safe if I Used a Debit Card?
If you used a debit card and your account information was stolen, be aware that your money can be legally missing from your bank account for up to 2 weeks as your bank investigates and decides whether it will reimburse you. You may be left unable to pay bills this entire time. If you’re late to report the fraud, you could be on the hook for the entire bill!
While using a credit card is the best way to protect yourself, this may not be possible for you, or it may be too late if this breach affected you.
Get ahead of thieves by requesting a new debit card right away!
Can I Just Change My PIN Number?
Target recently confirmed that encrypted PINs were stolen in the breach, although it said the key needed to decrypt the data was not in the system and could not have been stolen, making it unlikely thieves will be able to make use of the data.
Still, this caused a new wave of concern for customers who used a debit card at Target stores. Many hoped changing their PIN number would be sufficient to protect them from fraud, but this is not the case.
Changing your PIN number only prevents thieves from withdrawing cash at ATMs — it does not stop them from using your debit card account.
If your debit card information is stolen, the only sure-fire way to protect yourself is asking your bank to issue you a brand-new card.
Will Credit Monitoring Protect Me?
After news of the breach, Target announced it would provide free credit monitoring to those affected. While this is a great tool if your personal information is stolen, like your Social Security number or date of birth, it won’t help at all in this situation.
Fraudulent use of your credit card won’t trigger any alerts on your credit, and debit transactions aren’t reported at all.
Likewise, placing a security freeze on your credit report will do little good. A freeze keeps lenders from accessing your report to process new credit applications, but it does nothing for existing accounts.
While this breach did not reveal personal information like Social Security numbers to thieves, this isn’t always the case, and data breaches can affect financial institutions as well. Identity theft is the number one complaint the Federal Trade Commission receives from consumers, but there are steps you can take to protect yourself.
- Monitor your credit scores and reports from all three major bureaus and watch for signs of fraud as a precaution.
- Safeguard your PIN. Do not write it down where a third party can access it or let anyone see it when you input it.
- Always sign for debit card transactions. These transactions account for a higher share of fradulent debit card transactions than those by PIN, and your liability is lower when a signature is used. (This is because credit card networks make more money on these transactions.)
- Review your accounts regularly. Look for and report any unauthorized transactions immediately, and remember that most fraudulent purchases are small or regular, which makes them harder to spot.
- Shop on secure websites and do not make purchases via free Wi-Fi hotspots.
- If a breach involves your debit card, the best way to protect yourself is getting a new card.
“New” Card Technology May Protect You in the Future
Growing concern about the increase in credit card fraud is the biggest reason why U.S.-based card issuers and retailers are now setting a deadline of October 2015 to put an EMV payment system in place. If you’ve ever tried using your credit card overseas to find it didn’t work, you have a bit of experience with the system already.
Over 80 countries use EMV chip card technology already, which encrypts information on an embedded microchip that’s much harder to counterfeit than our magnetic strips. Microchips have been used since 2002 throughout Europe and other countries, but it’s just starting to make its way into the US — and it can’t come fast enough.
Microchip technology can be the very thing to head off these massive breaches in the future. If a microchip is used instead of a magnetic strip at a point of sale, the copied data is useless for creating cloned cards, as the card would then be identified as data used before and unauthorized.
There are now more than 50 EMV cards available in the U.S., if you’re interested in getting one now. Popular examples include the Chase Sapphire Preferred (by request), Citi Mastercards (by request), USAA and the US Bank FlexPerks Travel Rewards Visa.
While there are steps you can take to protect yourself against identity theft, it will always be impossible to prevent your data from being compromised in cases like the Target breach, short of paying in cash.
The best you can do is use a credit card whenever possible to limit liability and stay vigilant.