3 big credit card data breach secrets
If your card number was one of the 1.5 million compromised in a recent data breach, you may be facing a bigger headache than you think.
This post comes from Gerri Detweiler at partner site Credit.com.
Card numbers for as many as 1.5 million MasterCard and Visa cards were compromised in a recent data breach of payment processor Global Payments Inc. As a result, issuers are canceling cards and reissuing new ones for customers, while MasterCard and Visa are doing their best to reassure cardholders that they won't be held responsible for fraudulent charges.
While the fact that cardholders aren't responsible for fraudulent charges is true, it's not as though we don't have anything to worry about when these kinds of breaches happen.
Here are three serious problems you may not have heard about:
A credit card breach can be a real hassle. Last week I logged onto my credit card issuer's online card center only to discover that my credit card account had completely disappeared from the website. There was no explanation, and no message to contact the card issuer. It was just gone.
I called the issuer immediately and, after several attempts at navigating through the automated phone system -- there is no option to "press 9 if your account has disappeared" -- I finally got through to a customer service representative.
There is nothing to be concerned about, he reassured me. I should just pay my bill with the statement I receive in the mail. "But I haven't received paper statements for five years," I shot back.
At that point, I was getting terse. I heard him clicking more keyboard buttons as he attempted to help me. After what seemed like an eternity, he told me that there was a "restriction" on my account and he would transfer me to someone who could help me resolve it.
After being transferred, cut off, and then calling back, I was finally able to speak with someone who told me there was some kind of breach involving a number of accounts. She informed me that my account had been temporarily suspended, and that a new card would be mailed out promptly. She also told me that my online account would be restored once my new card was issued. (I later wondered what would happened if my bill was due that day. Would they have waived the fee for a payment by phone? I didn't think to ask.)
Fortunately I don't use that card often so there's not a lot for me to worry about. But other cardholders may have more work to do, such as changing account numbers for automatic bill payments or for websites where they have stored the card numbers. (Post continues below.)
Vigilance may be in order. Initial reports of the Global Payments Inc. breach indicated that two types of account information may have been compromised: Track 1 (which contains personal information) and Track 2 (card numbers only). The company has since announced that only card information -- and not personal information -- was improperly downloaded.
Still, the fact remains that cardholders simply don't know who got ahold of their information, and what they intend to do with it. If the intention was (or still is) identity theft, then you can't be too careful. Barrett Burns, president of VantageScore and a Credit.com contributor, says:
In the event of a security breach such as this, to protect their credit profile, consumers should immediately contact both the lenders and the credit reporting companies (CRCs) to be sure that there have not been any fraudulent transactions reported. Consumers should take detailed notes regarding when they contacted the lender and CRCs, what was discussed and with whom. It is important to be sure there aren't any fraudulent credit inquiries and credit applications reported as well. In the event that either of these actions did occur, both lenders and the CRCs have processes in place that will remove any negative information that has been reported as a result of the fraud. Credit card fraud victims should also take steps to be sure another account will be issued so that their credit history is preserved.
We're not just being nice. Card issuers are going out of their way to emphasize that consumers won't be responsible for any fraudulent charges as a result of a breach. That's true. MasterCard and Visa both have pretty robust "zero liability" policies. But although they make a point of emphasizing that their policies go beyond the requirements of federal law, in this case, the laws themselves offer comprehensive protection.
Under the Fair Credit Billing Act, which protects consumers in the case of credit card fraud, federal law limits liability for fraudulent charges to $50 in most cases. But if the card is not presented in the actual transaction -- i.e., the card number is stolen and used online -- then cardholders aren't responsible for any fraudulent charges.
Debit cards are covered by a different law, the Electronic Funds Transfer Act (.pdf file). Under the EFTA, consumers have no liability for unauthorized access when the card (or "access device") was not lost or stolen.
I am not implying that card issuers would try to hold consumers liable for fraudulent transactions as the result of a data breach. But cardholders who do run into any problems as the result of one should realize that federal law is on their side.
More on Credit.com and MSN Money:
Copyright © 2014 Microsoft. All rights reserved.
ABOUT SMART SPENDING
LATEST BLOG POSTS
Saving just a single month of expenses may take longer than you think. See how your savings rate affects how quickly you can build a solid emergency fund.
VIDEO ON MSN MONEY
BLOGS WE LIKE
MUST-SEE ON MSN
A charcuterie master shares his process for cold-smoking meat at home.
- Jetpacks about to go mainstream
- Weird things covered by home insurance
- Bing: 70 percent of adults report 'digital eye strain'