Once posted, the question is not so much what were you thinking, but what happens if you do find yourself in this plastic pickle?
The editorial content below is based solely on the objective assessment of our writers and is not driven by advertising dollars. However, we may receive compensation when you click on links to products from our partners. Learn more about our advertising policy.
The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Please see the bank’s website for the most current version of card offers; and please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.
You might think that most people wouldn’t purposely post their credit or debit card information online for the world to see, but some do just that, either unwittingly or on purpose. Whether it’s to capture a proud selfie moment about getting a first credit card, qualifying for an elite card or showing off a personalized card design, folks are snapping and posting plastic pics on social media without realizing the potential consequences.
In fact, there was even a Twitter account, @needadebitcard with 18,000 followers, whose sole purpose was retweeting people’s card photos.
Even if you don’t think you’d ever do something so careless, it could happen accidentally. Your card may end up in the background of a photo if it’s lying on your countertop or desk, or a relative or friend might take a quick picture of it to prank you – you never know.
Once posted, the question is not so much what were you thinking, but what happens if you do find yourself in this plastic pickle? We turned to card security experts to break down the legal implications and fraud risks of \u2018gramming, snapping or posting your card image.
A 5-step recovery plan for a posted card photo
The good news: You’re probably safe from liability
The federal law governing consumer liability for unauthorized charges on credit cards is called the Fair Credit Billing Act. It basically states that consumer liability is limited to $50 when fraudulent purchases are made by someone online or by phone, explains Mason Wilder, research specialist with the Association of Certified Fraud Examiners. However, most card issuers these days offer zero liability on fraudulent purchases. Debit card fraud is protected under the Electronic Funds Transfer Act. Basically, your liability is $50 if you notify the bank within two days of discovering the fraud. After 60 days, however, you could be liable for the entire stolen amount.
See related:7 exceptions to ‘zero liability’ policies
Grey area: Debit card slip-ups may cost you
Banking institutions might be slightly less forgiving if your debit card is the star of your social media status, however. Once reported and during the bank’s investigation, the money spent from your checking account might take a few days to a few weeks to be restored, which can turn into a major inconvenience.
A fraud investigation can also get more complex in cases where the consumer does something foolish such as posting a picture of their card online, says Scott Schober, cybersecurity expert, speaker and author of “Hacked Again.” “Issuing banks weigh several factors in determining if a cardholder is irresponsible, and if found negligent, the card issuer could decline the fraud claim,” he says.
Then again, that’s only if you actually admit you were careless enough to share your card details digitally. Most banks will not hold consumers responsible for anything once it is confirmed that fraud was committed, says Schober. “If the cardholder is a loyal customer, most banks will also offer to waive the $50 liability fee,” he adds.
And in case you were wondering about the person who uses your account information? Even though you made your information public, it’s still totally illegal. “The only authorized user of the card is the one who has their name on the account. No one else is authorized to use that card,” says Robert Siciliano, security awareness expert and CEO of Safr.me, an online resource focused on information security.
Beyond dollar costs: The hidden dangers of card photos
Even if the law protects you from liability and your transgression doesn’t end up costing you a cent, you’re not completely off the hook. When your card number gets into the hands of a cyber criminal, with a little digging, they may also find out your address, email and phone number, says Siciliano. “With this additional data, they can begin the process of \u2018socially engineering’ you to extract the remaining data required to complete a transaction.”
Wilder agrees, adding that putting your name and card number out there leaves you exposed. “Someone can take some of the information you posted and look on the dark web for other personal information of yours and open up new credit lines in your name,” he says.
And don’t think that if you cover up or black out a couple of the card numbers that you’re protected, says Schober. “Even when an image does not show detail, digital tools and algorithms allow thieves to zoom in and determine the credit card number,” he says. Plus, each card issuer has unique indicators that make it easier to crack the code. For instance:
- Visa cards always begins with the number 4 and typically has 13 or 16 digits
- AMEX cards begin with 34 or 37 and have 15 digits
- MasterCard begins with 51-55 and contain 16 digits
- Discover cards begin with 6011 and have 16 digits
“This commonly known information is a great starting point for cyber thieves looking to clone a copy of your credit card information onto a new blank card,” says Schober.
What’s more is that cyber criminals might consider someone who posts their credit card photos online an easy target for other kinds of scams like phishing, says Wilder.
Your post-posted photo plan: How to minimize risk
If your card information is ever shared or posted online, your first step (after you take down the photo, that is) is to freeze that account immediately, says Justin Zeidman, head of credit card products at Navy Federal Credit Union. “Some financial institutions allow you to freeze your accounts within their mobile app. While your information may be compromised, freezing your account can prevent fraudsters from making any purchases using the card information,” he says.
Once that’s done, immediately call your financial institution to make them aware of the issue, adds Zeidman. That way, they can close out that account number and issue you a new card.
Another layer of protection that Wilder recommends is changing all the passwords to your banking and other online accounts that have sensitive personal information.
Lastly, you might consider requesting a credit freeze with the credit reporting agencies, Equifax, Experian and TransUnion. “This prevents someone from taking your personal information and opening additional lines of credit,” says Wilder. Because of recently passed legislation, those credit freezes are now free of charge.
See related:How to freeze your credit: A step-by-step guide
Monitor and protect your financial accounts
Whether you have a fraud scare or not, it’s wise to be proactive about protecting your identity by keeping tabs on your accounts, says Siciliano. “You should go ahead and sign up for push notifications so you’ll get an email or text message with every charge in real time,” he says.
As for your physical card, keep it away from the cameras. Schober suggests housing them in protective sleeves at all times, and only removing them when you have to make a payment at a secure terminal.
The bottom line? Just as you (hopefully) wouldn’t post a photo of your Social Security card or checking account number online, the same should go for your credit and debit cards. Once they’re being shared on social media, it’s only a matter of time before you fall victim to fraudulent purchases or identify theft.