Last week it happened to us — again. It seems to happen at least once a year now, and if your family is anything like ours, it happens to you, too. If you don’t see it on the news first, you end up finding it in your mailbox. A slim envelope with a message admitting there was a breach — and you would be issued a new card. No need to panic. No need to freak out. This is being Taken Care Of. End of story.
Except not really.
In this brave new world, most of us have suffered a breach — or you soon will. That’s what Bank of America, for instance, calls “an organized theft of ATM, debit card or credit card information.” This happens, they say, because of “a data breach on the part of a merchant or a merchant third-party processor, computer theft, stolen storage tapes or company insiders working for a merchant or a merchant’s contractor.” Basically, someone steals credit card info from somewhere else, and ends up with info from Bank of America customers.
Federal law says banks have to notify customers of breaches, and 46 states say companies must do the same — though most large companies will just notify people as a matter of course. You will get a letter in the mail, or an email, detailing what’s been compromised. This can include your passwords, email address, credit and/or debit card numbers, bank account number, or social security number. The last two, of course, are nightmares you’d rather not contemplate. But contemplate them we shall. Here’s what to do in the event of a breach.
Don’t Waste Time Finding The Source Of The Breach
According to Consumerist, card associations have confidentiality agreements, and no one has to give up how the breach happened or where. So don’t spend your time calling everyone, sitting on hold, and getting angrier and angrier trying to figure out where the breach originated.
Watch Your Bank Statements
Now is the time for vigilance. Most hackers just want your credit card numbers so they can charge things for themselves. You need to go over your statements in detail. Note any suspicious or unauthorized activity and notify your bank immediately. Creditcards.com says that you have to contact your bank within 60 days from when a statement was sent to you. Generally, they say, you are legally liable for about $50 of unauthorized charges on your debit or credit card before 60 days. After that? You could have to pay for the entire amount.
Check Your Online Banking
At most banks you can see your account activity in real time now — you don’t have to wait for your stodgy old statement. That gives you an edge to notice exactly what charges are suspicious (you’ll remember where you used your card in the last few days), and a chance to flag that activity weeks before a statement arrives.
Change Your PIN
If your debit card was involved in the breach, you need to make a new PIN number, stat. You also probably need a new account number. This is why banks mail out new cards: Bank of America says of the recent breach, “We’re replacing your card as a safety measure to help ensure that your account information is protected. The new card has a new account number.” Yeah, that means they got your bank account info. Terrifying, right? All the more reason to …
Set Up A Fraud Alert
You can set up a fraud alert in your name with one of the major credit bureaus. Once you set up an alert with one of the firms, they have to share the info with the other two. This alert stays on your account for 90 days and makes it harder to open other accounts in your name.