Data breach victim? Steps you can take now

Thursday, December 19, 2013

In light of the recent news about Target’s data security breach, Consumer Action, the National Consumer Law Center and U.S. PIRG remind consumers that:

1. Your liability for fraudulent charges is limited under federal law.

Credit Cards: Under federal law, your responsibility for unauthorized credit card charges is limited to $50, and in some cases would be $0.

Debit Cards: Your responsibility for debit card fraud charges is a bit more:

• $50 if you notify the bank within 2 days.
• Up to $500 afterwards.
• Unlimited if you fail to report the fraud charges within 60 days after you receive your bank statement.
• However if the physical debit card is not lost or stolen, you are not liable for any fraud charges if you report the fraud within 60 daysof receiving your bank statement.

Also, since the money to pay the debit card comes directly out of your bank account, you won’t be able to use that money until the fraud charge is reversed.

Both VISA and MasterCard have “zero liability” policies that limit your losses to $0, but these are voluntary policies.

Finally, when you contact your credit card company, don't pay a fee to receive a replacement card - even during the holiday shopping season. Ask the issuer to waive the expedited fee to send a replacement card. For more information on reporting card fraud, see Consumer Action's Credit Card Fraud module.

2. Check your credit report, but don’t panic.

If you are worried that a security breach has made you a target of identity theft, review your checking account or credit card statements regularly.

Also, check your credit report—it's always a good idea to do that regularly. But theft of a credit card number is unlikely to lead to the thief opening new accounts. That’s because the key piece of information needed for “new account” ID theft—your Social Security Number—is not part of the credit card data.

3. Don’t pay for expensive credit monitoring or fraud detection services.

You can check your credit report for free once a year using www.annualcreditreport.com—no need to pay for a monthly service.

As for fraud detection services, some of them have been known to do questionable things. For example, one of these companies, LifeLock, paid $11 million to the Federal Trade Commission in 2010 to settle charges that it used false claims to promote its identity theft protection services.

4. The strongest prevention against ID theft after a breach is a security freeze.

A security freeze prevents your credit report from being shared with potential new creditors. If your credit files are frozen, a thief will probably not be able to get credit in your name. You have a right to place a security freeze on your credit report under the law in most states, and freezes are available to residents of all 50 states. For more information, see:

• Consumer Action's Security Freeze module.
• NCLC identity theft tips.
• U.S. PIRG's identity theft tips.

In addition to the advice above, advocates questioned whether Target has been in compliance with state laws that require consumers to be notified when there is a security breach.