Legal Disclaimer Advertiser Disclosure

3 Big Credit Card Data Breach Secrets

Published
January 9, 2019
Gerri Detweiler

Gerri Detweiler focuses on helping people understand their credit and debt, and writes about those issues, as well as financial legislation, budgeting, debt recovery and savings strategies. She is also the co-author of Debt Collection Answers: How to Use Debt Collection Laws to Protect Your Rights, and Reduce Stress: Real-Life Solutions for Solving Your Credit Crisis as well as host of TalkCreditRadio.com.

Card numbers for as many as 1.5 million MasterCard and Visa cards were compromised in a recent data breach of payment processor Global Payments Inc. As a result, issuers are canceling cards and reissuing new ones for customers, while MasterCard and Visa are doing their best to reassure cardholders that they won’t be held responsible for fraudulent charges.

While the fact that cardholders aren’t responsible for fraudulent charges is true, it’s not as though we don’t have anything to worry about when these kinds of breaches happen. Here are three serious problems you may not have heard about:

1. A Credit Card Breach Can Be A Real Hassle

Last week I logged onto my credit card issuer’s online card center only to discover that my credit card account had completely disappeared from the website. There was no explanation, and no message to contact the card issuer. It was just gone.

I called the issuer immediately and, after several attempts at navigating through the automated phone system (there is no option to “press 9 if your account has disappeared”), I finally got through to a customer service representative.

There is nothing to be concerned about, he reassured me. I should just pay my bill with the statement I receive in the mail. “But I haven’t received paper statements for five years,” I shot back.

At that point, I was getting terse. I heard him clicking more keyboard buttons as he attempted to help me. After what seemed like an eternity, he told me that there was a “restriction” on my account and he would transfer me to someone who could help me resolve it.

After being transferred, cut off, and then calling back, I was finally able to speak with someone who told me there was some kind of breach involving a number of accounts. She informed me that my account had been temporarily suspended, and that a new card would be mailed out promptly. She also told me that my online account would be restored once my new card was issued. (I later wondered what would happened if my bill was due that day. Would that have waived the fee for a payment by phone? I didn’t think to ask.)

Fortunately I don’t use that card often so there’s not a lot for me to worry about. But other cardholders may have more work to do, such as changing account numbers for automatic bill payments or for websites where they have stored the card numbers.

2. Vigilance May Be In Order

Initial reports of the Global Payment Inc. breach indicated that two types of account information may have been compromised: Track 1 (which contains personal information) and Track 2 (card numbers only). The company has since announced that only card information – and not personal information – was improperly downloaded. Still, the fact remains that cardholders simply don’t know who got a hold of their information, and what they intend to do with it. If the intention was (or still is) identity theft, then you can’t be too careful. Barrett Burns, president of VantageScore and a Credit.com contributor, says:

“In the event of a security breach such as this, to protect their credit profile, consumers should immediately contact both the lenders and the credit reporting companies (CRCs) to be sure that there have not been any fraudulent transactions reported. Consumers should take detailed notes regarding when they contacted the lender and CRCs, what was discussed and with whom. It is important to be sure there aren’t any fraudulent credit inquiries and credit applications reported as well. In the event that either of these actions did occur, both lenders and the CRCs have processes in place that will remove any negative information that has been reported as a result of the fraud. Credit card fraud victims should also take steps to be sure another account will be issued so that their credit history is preserved.”

3. We’re Not Just Being Nice

Card issuers are going out of their way to emphasize that consumers won’t be responsible for any fraudulent charges as a result of a breach. That’s true. MasterCard and Visa both have pretty robust “zero liability” policies. But although they make a point of emphasizing that their policies go beyond the requirements of federal law, in this case, the laws themselves offer comprehensive protection.

Under the Fair Credit Billing Act, which protects consumers in the case of credit card fraud, federal law limits liability for fraudulent charges to $50 in most cases. But if the card is not presented in the actual transaction; i.e. the card number is stolen and used online, then cardholders aren’t responsible for any fraudulent charges.

Debit cards are covered by a different law, the Electronic Funds Transfer Act. Under the EFTA, consumers have no liability for unauthorized access when the card (or “access device”) was not lost or stolen.

I am not implying that card issuers would try to hold consumers liable for fraudulent transactions as the result of a data breach. But cardholders who do run into any problems as the result of one should realize that federal law is on their side.

Share
Published by

You Might Also Like

Find out what someone can do with your stolen Social Security num... Read More

October 19, 2023

Identity Theft and Scams

The Federal Trade Commission’s Consumer Sentinel Network re... Read More

May 17, 2022

Identity Theft and Scams

COVID-19 vaccines are being rolled out across the country, and th... Read More

May 20, 2021

Identity Theft and Scams