Joining the likes of Zappos, Michael's, Sony, Epsilon and the New York Yankees -- Global Payments Inc. is the latest company to make headlines with a data breach originally reported to have compromised more than 10 million card numbers. Global Payments is a large third-party payment processor for Visa and MasterCard, and handles a substantial number of transactions for Discover and American Express as well.
Global Payments has since confirmed that the breach was limited to their North American systems and believes that "fewer than 1.5 million card numbers may have been stolen." An investigation is currently underway but we won't fully know how many cardholders were impacted, or how extensive the breach, until the dust settles and the investigation is completed -- which could take weeks, or even months.
Are You Protected Under Federal Law?
The good news for cardholders, if you can call it that, is the theft was limited to credit card numbers and did not include names, Social Security numbers, or addresses. This means the information that was stolen is limited to fraudulent credit card charges, which consumers are protected from by federal law.
On credit cards, the Fair Credit Billing Act limits the liability for fraudulent charges to $50, and if a card number is stolen -- and not the actual card -- cardholders are not responsible for any of the fraudulent charges.
For debit cards, consumers are covered under the Electronic Funds Transfer Act and are not be liable for unauthorized charges if the card was not physically lost or stolen. The main difference between the two is that with a debit card being directly tied to a checking account, cardholders have the additional frustration and inconvenience of waiting on the bank to investigate and return the fraudulently used funds.
How Will You Know if Your Card was Compromised?
Chances are, if your data was breached, you have already received -- or will soon receive -- notification from your bank or card issuer. When a consumer's personal data is breached there are mandatory security breach notification laws in 46 states that require businesses to notify you if your personal information has been compromised in a breach.
In most cases the bank or card issuer will automatically re-issue a new card with a new account number, effectively eliminating the extent of the theft. But, if you have not received an official notification, don't assume you are in the clear; contact the issuer or check your account online to find out. Thieves are smart and may lay low and wait months, or even years before using the data they've stolen, and could hit you when you least expect it.
What Steps Can You Take to Protect Yourself? Whether you think your data may have been compromised or not, one thing is clear: No matter how cautious we are as consumers, we are all vulnerable when it comes to the security of our personal information. We may not be able to prevent a data breach from happening, but we can take steps to protect ourselves and limit the damage if it does:
- Check your credit and debit card accounts regularly for any unauthorized transactions. If you can, don't wait until your statement arrives to check for unusual activity or unauthorized charges. If you spot any unusual charges, contact the issuer immediately.
- Avoid sharing too much information online, including social networking sites. It doesn't take much for a thief to steal your identity -- a name, an address, a pin number. They don't need your Social Security number or specific financial information to succeed.
- Review your credit reports for any unusual activity. The Fair and Accurate Credit Transactions Act (FACTA) gives you the right to a free copy of your credit report, once every 12 months, from each of the three credit reporting agencies through www.annualcreditreport.com, the federally mandated website.
- Monitor your credit and credit report information every month to catch any suspicious loan or credit activity, or sudden, unexpected drops in your credit score. Most of these services cost money but there are also free resources like CreditSesame.com, where you can get your free credit score with monthly updates to help pinpoint unauthorized or sudden changes to your score or balances, which are often indicative of credit card fraud or identity theft.
- Report the theft. Notify the affected account or company to report the theft immediately to stop any further charges or theft.
- Place a fraud alert on your credit report. A fraud alert lets creditors know that you may be a victim of identity theft and will alert creditors and keep an identity thief from opening new accounts in your name. To place a 90-day fraud alert on your credit reports you only need to contact one of the three credit reporting agencies to have the alert show on all three of your credit reports.
- File a police report. If the extent of the theft is more severe than fraudulent credit card charges, you'll want to file a police report to document the crime and keep the damage from escalating even further.
Adrian Nazari is the Founder and CEO of CreditSesame.com, a free personal finance resource that gives consumers the power of bank-level analytics — providing comprehensive credit and debt analysis, monthly access to your free credit score, and personalized savings advice to help improve your finances, build wealth, and save money.