Data breaches and credit card fraud: protecting yourself
The Heartland data breach resulted in credit card fraud for only a small number of consumers, according to the company --- though they won't say how small is small. But dozens of banks and credit unions had to alert their customers to the potential that they, too, could have been affected, in some cases issuing new credit and debit cards, just in case. Provident Bank sent out new cards and put transaction limits on debit cards and Sovereign Bank will send customers a new card at their request.
Tom Field of bankinfosecurity.com pointed out the largest examples of similar data breaches weren’t banks themselves. For example, hackers used malware to capture millions of card numbers from the Maine-based Hannaford Bros. supermarket chain last March. And just two weeks ago, T.J.Maxx and Marshalls offered a 15 percent off sale to apologize to customers for a similar hacker attack in 2007.
"None of these happened to a bank and yet the banks are left having to explain to their customers, and to bear the cost of replacing the cards."
Unlike banks, which must have federally mandated security systems, companies such as Heartland aren’t held to the same standards, even though they handle TONS of financial data, Field said.
So how can you protect yourself?
Field said you're probably already doing most of these steps: customers should keep their antivirus software up to date, safeguard their passwords and review their statements right away to spot potentially fraudulent purchases.
It's slim consolation, but at least customers don't have to worry too much in this case about new account fraud --- it's unlikely that someone would be able to open new credit accounts with only a credit card number (not a social security number).
Hugh Williams, administrator of the identity theft unit of the Maryland Attorney General's Office, said that credit card or debit fraud was the main concern in situations such as these.
He said that consumers have up to 60 days to dispute fraudulent charges on a credit card, and would be liable only for up to $50. Fraudulent debit card charges, on the other hand, must be challenged within three days. Dispute within 30 days and banks can’t hold you liable for more than $500, he said.
Marylanders can also contact the identity theft unit of the state attorney general’s office to answer questions and get more information about how data breaches could affect them by calling 410-576-6491 or sending an e-mail to mailto:idtheft@oag.state.md.us.
Categories: Banks, Consumer protection, Credit cards, Identity theft, Naughty businesses/NBotW
