Data breach protection: 10 tips
Worried your credit card information has been hacked? Take these steps
If you're one of the millions of Americans who has used a credit,
debit or ATM card at a retailer whose data has been hacked, your account
information may have been stolen.
Once past the shock, employ
some common sense and a bit of vigilance. In most cases, you, your credit history and
credit score should be fine.
No federal law requires you to be personally
notified of a data-related security breach. Forty seven states do require
notification (Alabama, New Mexico and South Dakota are the exceptions), but if there's been a breach reporter, there's no need to wait. Here's are the 10 steps that federal
fraud specialists, consumer advocates and other experts say you should do:
- Look at your receipts or scan your
memory and figure out what card or cards you used a the breached store when it was hacked.
- Reset the password attached to the online
version of that account. This won't protect you against unauthorized use of the
card at brick-and-mortar shops, but it might help defend against a deeper
magnitude of security breach if the data thief decides to poke around in
If you used a debit or ATM card, keep a close eye on the bank account attached to that card. Go online regularly for the next few weeks -- or until authorities or your bank issues an all
clear -- and look for any unauthorized transactions.
If you find one or more unauthorized transactions,
immediately notify the bank. You must contact the card issuer within 60 days of
the day the questionable statement was mailed to you. Upon learning of the
problem, the issuer almost certainly will tell you to cut up the card in question
and it will expeditiously send you a replacement. "They
just want your credit card number," Tom Shaw, vice president of financial
crimes management at USAA, the financial services company that mostly serves
military families, told CreditCards.com in 2013 during a flurry of data breaches. "They are agnostic as to whose name is embedded in the
- Know your legal liability and move quickly. Generally speaking, your liability is limited to
$50 for unauthorized purchases made with your debit or ATM card. But time is of
the essence: Under federal law, if you don't report illicit transactions within
60 days, you may be held responsible for the entire amount. In any case, when
you report an unauthorized transaction, the bank in all likelihood immediately
will deactivate your debit or ATM card and arrange for you to receive a new
If you used a card during the period when hackers were active, go online and monitor the transactions associated with that
account. Check that account frequently until authorities issue an all clear.
If you see anything suspicious,
immediately call the credit card issuer and report the problem. In the case of
credit cards, federal law also limits your liability to $50 for any fraudulent
If you see unauthorized transactions on either a
debit card or a credit card, also contact one of the three major credit
reporting bureaus and ask it to attach a "fraud alert" to your account. This
service is free, and the company must share the alert with the other two
companies. The initial alert stays on your accounts for at least 90 days and
will make it more difficult for a thief to open more accounts in your name.
As a precaution, go ahead right now and order a
free copy of your credit report. It will serve as a pre-fraud starting point in
case things go south on you in coming weeks or months as a result of the breach
at Target or any other potential financial fraud. Federal law requires each of
the three major credit reporting services to provide one free copy
of your credit report every 12 months. When the report arrives, check it
carefully for errors or suspicious activity.
In the unlikely event that you're individually targeted for a full-blown case of identity theft, the damage could spread to your other accounts. In that case, you can ask each
of the three credit reporting companies to put a freeze on your credit file.
This makes it less likely that thieves can open new accounts in your name, but
it also means that potential creditors cannot obtain your credit report. Think
of it as the nuclear option and one to be used only under grave circumstances.
Bottom line: If you apply modest vigilance, employ some
common sense and respond quickly to any suspicious activity regarding your
accounts, you should be fine.
See related: Beware: Data breach dangers rise when you travel
Updated: July 8, 2014
Three most recent Legal, regulatory, privacy issues stories: