jump to navigation

What to do if your card was compromised and used… April 1, 2012

Posted by Chris Mark in Data Breach, Industry News, InfoSec & Privacy.
Tags: , , , , , ,
add a comment

I have already read 5 different articles where experienced and well known security evangelists are discussing how their credit card data was exposed and how it exposed them to danger.  Here are some things to understand about credit card theft and liability.  First, credit card theft is NOT identity theft.  Certainly, criminals can make fraudulent transactions but they cannot assume your identity to buy a boat, house, or get further credit.

Second, Under Federal law, consumers are limited to $50 for fraudulent credit card transactions.  The major card brands (Visa, MC, Amex, JCB, Discover) all have “Zero” liability clauses.  This means that if your card was used fraudulently…you have no liability for transaction that run over their networks. If it is a PIN based transaction (debit, for example) there are other considerations.  You can read more on this post. “Signature or PIN? Credit or Debit?…the answers”  If the Global Payments breach was limited to track 1 or track 2 data as reports indicate, then the PIN issue is not relevant.

Here is what you should do…

1) check your credit and debit card accounts. Debit cards can be processed as an ‘offline’ transaction which means they run over credit networks.  The criminals can use them just like stolen credit cards.  If you see unauthorized transactions take the next step.

2) call your issuing bank (bank listed on your card) and inform them of the fraudulent transactions.  They will require you to complete an affidavit stating it was not your charge, etc. etc.  If you have unauthorized charges on your bank account from the debit card being compromised, read the post here as it is a bit more complex from time to time. Understand that your bank will CANCEL the card and reissue a new card.  Make sure you have taken steps to update your bills etc.

3) continue to monitor your accounts for fraudulent activity…that simple.

Hopefully this helps assuage some concerns

%d bloggers like this: