CONSUMERS AT RISK: TIPS WHEN EXPERIENCING A DATA SECURITY BREACH

Media Contacts
Abe Scarr

State Director, Illinois PIRG; Energy and Utilities Program Director, PIRG

Illinois PIRG

CONSUMERS AT RISK: TIPS WHEN EXPERIENCING A DATA SECURITY BREACH

In light of today’s announcement by the Department of Homeland Security that more than 1,000 businesses have been affected by the same cyber attack that hit Target, Illinois PIRG reminds consumers that:

1. Your liability for fraudulent charges is limited under federal law.

Credit Cards: Under federal law, your responsibility for unauthorized credit card charges is limited to $50, and in some cases would be $0.

Debit Cards: Your responsibility for debit card fraud charges is a bit more:

  • $50 if you notify the bank within 2 days.
  • Up to $500 afterwards.
  • Unlimited if you fail to report the fraud charges within 60 days after you receive your bank statement.
  • However, if the physical debit card itself is not lost or stolen, you are not liable for any fraud charges if you report them within 60 days of your bank statement.

Also, since the money to pay the debit card comes directly out of your bank account, you won’t be able to use that money until the fraud charge is reversed.

Both VISA and MasterCard have “zero liability” policies that limit your losses to $0, but these are voluntary policies.

Finally, when you contact your credit card company, don’t pay a fee to receive a replacement card – even during the holiday shopping season. Ask the issuer to waive the expedited fee to send a replacement card. For more information on reporting card fraud, click here.

2. Check your credit report and account statements, but don’t panic.

If you are worried that a security breach has made you a target of identity theft, check your checking account or credit card statement regularly. Also, check your credit report – it’s always a good idea to do that regularly. But theft of a credit card number is unlikely to lead to the thief opening new accounts. That’s because the key piece of information needed for “new account” ID theft – your Social Security Number – is not part of the credit card data.

3. Don’t pay for expensive credit monitoring or fraud detection services.

You can check your credit report for free once a year using www.annualcreditreport.com – no need to pay for a monthly service.

As for fraud detection services, some of them have been known to do questionable things. For example, one of these companies, LifeLock, paid $11 million to the Federal Trade Commission in 2010 to settle charges that it used false claims to promote its identity theft protection services.

4. The strongest prevention against ID theft after a breach is a security freeze.

A security freeze prevents your credit report from being shared with potential new creditors. If your credit files are frozen, a thief will probably not be able to get credit in your name. You have a right to place a security freeze on your credit report under the law in most states, and freezes are available to residents of all 50 states. For more information, click here