Joining the likes of Zappos, Michael's, Sony, Epsilon and the New York Yankees -- Global Payments Inc. is the latest company to make headlines with a data breach originally reported to have compromised more than 10 million card numbers. Global Payments is a large third-party payment processor for Visa and MasterCard, and handles a substantial number of transactions for Discover and American Express as well.
Global Payments has since confirmed that the breach was limited to their North American systems and believes that "fewer than 1.5 million card numbers may have been stolen." An investigation is currently underway but we won't fully know how many cardholders were impacted, or how extensive the breach, until the dust settles and the investigation is completed -- which could take weeks, or even months.
Are You Protected Under Federal Law?
The good news for cardholders, if you can call it that, is the theft was limited to credit card numbers and did not include names, Social Security numbers, or addresses. This means the information that was stolen is limited to fraudulent credit card charges, which consumers are protected from by federal law.
On credit cards, the Fair Credit Billing Act limits the liability for fraudulent charges to $50, and if a card number is stolen -- and not the actual card -- cardholders are not responsible for any of the fraudulent charges.
For debit cards, consumers are covered under the Electronic Funds Transfer Act and are not be liable for unauthorized charges if the card was not physically lost or stolen. The main difference between the two is that with a debit card being directly tied to a checking account, cardholders have the additional frustration and inconvenience of waiting on the bank to investigate and return the fraudulently used funds.
How Will You Know if Your Card was Compromised?
Chances are, if your data was breached, you have already received -- or will soon receive -- notification from your bank or card issuer. When a consumer's personal data is breached there are mandatory security breach notification laws in 46 states that require businesses to notify you if your personal information has been compromised in a breach.
In most cases the bank or card issuer will automatically re-issue a new card with a new account number, effectively eliminating the extent of the theft. But, if you have not received an official notification, don't assume you are in the clear; contact the issuer or check your account online to find out. Thieves are smart and may lay low and wait months, or even years before using the data they've stolen, and could hit you when you least expect it.
What Steps Can You Take to Protect Yourself?
Whether you think your data may have been compromised or not, one thing is clear: No matter how cautious we are as consumers, we are all vulnerable when it comes to the security of our personal information. We may not be able to prevent a data breach from happening, but we can take steps to protect ourselves and limit the damage if it does:
Adrian Nazari is the Founder and CEO of CreditSesame.com, a free personal finance resource that gives consumers the power of bank-level analytics — providing comprehensive credit and debt analysis, monthly access to your free credit score, and personalized savings advice to help improve your finances, build wealth, and save money.