How to Handle a Credit Card Data Breach

Last week, Global Payments confirmed a massive security breach involving credit and debit card numbers and information. Global Payments operates a gateway; when you use your credit or debit card to purchase an item — and this could be online or in a brick-and-mortar store — your card information is sent through Global Payments or one of many similar companies to the issuer to determine whether the transaction can be approved.

The breach affects all major issuers, so if you have used a Visa, MasterCard, American Express or Discover card, whether a credit, debit, or charge card, you might be one of the estimated 10 million consumers affected. Update: Global Payments is now confirming that 1.5 million card numbers were included in the breach. Issuers — either the banks that offer the cards to their customers or the credit card companies themselves — have already begun notifying customers whose information might have been compromised.

You can expect issuers to offer free credit monitoring and identity protection services to help customers feel secure about their information in the future. The services differ depending on the provider, but most focus on the same core set of benefits.

• You can receive alerts — by phone, email, or even text message — when your card is used for suspicious activity. Suspicious activity could be anything from a transaction at a store or in a location you haven’t previously.
• You can receive updated credit reports. While the government requires the credit reporting agencies to offer one free credit report per customer each year, identity protection services typically provide access to more frequent credit reports — perhaps monthly or unlimited, on demand.
• If your identity information has been compromise, you should lock down your credit file. By contacting each of the three bureaus, Experian, Equifax, and Transunion, you can inform these companies not to allow any new credit to be issued in your name. This is not going to be an issue with most incidences of credit card information compromises, if your identity is stolen, you are at a higher risk.
• Change your credit card numbers. If you were affected by this security breach, you may have received a new credit card with a new number without so much of an explanation from your issuer. Changing the number helps protect customers who have had their data stolen. Some card issuers offer options where you can receive a new number for every online transaction; this may be a worthwhile service if you have reason to believe your credit card number has been compromised.
• Don’t forget to use your credit card online only over secure connections. Different browsers have different methods of indicating a secure connection. Using a credit card over a secure internet connection is safer than handing your credit card to a waiter or gas attendant. Over a secure connection, your credit card number is encrypted while in transit, but when you hand your credit card to someone and they step out of view, there is no limit to what they can do with your card in 30 seconds.

Aside from trusting technology and employees who handle your card information, it helps to always be aware of your surroundings. While in an airport waiting at the gate to board a flight, I called a hotel to inquire about a reservation. The hotel customer service representative was happy to take my reservation, but required me to announce my credit card number. Although I had no reason not to trust the individuals who were sitting near me, I opted not to provide my credit card number to all within earshot. As a result, and with the understanding that there would most likely be rooms available when I arrived later that night, I didn’t make the reservation.

I did lose the best rate offered on the room, though. When I arrived, the rate I had been quoted earlier was no longer available. I consider it a small loss in exchange for the comfort of not sharing my credit card number publicly.

When the cause of the breach of your information is a payment processor, as in this particular announcement from Global Payments, the issuers do all that they can to protect their customers, even if communication is slow or incomplete. When fraud happens on an individual level, and you are the only customer affected, it’s more difficult to get support from the companies you deal with, without insistence.

If you are the victim of fraud or identity theft, and it is not part of a large-scale technology hack, there are extra steps you must take.

• Start keeping a log of everyone you talk to about the fraud, including credit issuers, banks, and the police.
• File a police report describing the fraud or the incident.
• Contact the credit bureaus to inquire about identity protection services and possibly credit freezing.
• Contact your issuers and explain your situation, seeking any tools they have available to protect you going forward including assigning new card numbers.

Different banks and card issuers have different policies regarding your liability in the event of fraud. For the most part, if you follow the appropriate procedures including reporting suspected fraud in a timely manner, you will have no liability. With debit cards, however, even in the case of fraud, your balance could be lower than it should be. That could lead to missed payments or overdraft fees. That’s one benefit of using credit cards rather than debit cards — your bank account won’t be affected in the event of fraud, even for a day.

Of course, if you choose a cash-only existence, you may be able to completely avoid the hassles involved with credit card fraud and identity theft.