This article originally appeared as a column for the Cleveland Jewish News.
During a mere 2½-week period around Thanksgiving 2013, as many as 40 million Target shoppers became victims of one of the largest data security breaches in history.
Debit and credit card numbers, PIN numbers, magnetic strip data, all stolen, using malware believed to have been written by a 17-year old. As many as 30 million more customers who shopped at Target even far outside of that window of time had other data stolen such as email and mailing addresses and phone numbers.
Not only Target, but Niemen Marcus, Michael’s, White Lodging – a company that maintains hotel franchises under brands such as Hilton, Marriott, Sheraton and Westin – and many others, may have been breached just over the last few months.
With all of these breaches – and the identity theft and credit/debit card fraud that often follow – making national news, it’s no wonder that people are starting to change the way they shop and pay for goods and services, sometimes even reverting to using good old cash.
The U.S. Department of Justice estimates that as many as 11.5 million Americans fall victim to some form of identity theft, credit card fraud, or bank fraud each year, resulting in more than $20 billion in total financial loss. How does this affect the consumer? Luckily for the average individual, laws have been put in place to put the losses on the financial institutions, and not the consumer.
Two federal laws, the Fair Credit Billing Act and the Electronic Fund Transfer Act offer the consumer protection if a credit, debit, or ATM card is lost or stolen.
Under the FCBA, consumer liability for unauthorized credit card use is limited to $50. If, however, the theft is reported before any unauthorized charges can be made, the consumer liability is zero. If a credit card number is stolen, but not the card, the consumer has no liability for its unauthorized use.
Protections for debit card theft also exist, but be aware they are less favorable. The consumer can be liable for anywhere between $0 and the total loss, depending on how quickly the theft is reported, which means it is important to report any theft as quickly as possible. But, fortunately, if the loss is as a result of a stolen card number, rather than a stolen card, the consumer liability for unauthorized transactions will typically be nothing so long it is reported timely.
Some common sense practices can minimize your risk. Check your bank and credit card statements regularly so that you may quickly report any discrepancies to your financial institution. Be wary of emails that appear to come from your financial institution. If an email that looks to be from your bank asks for personal information, consider calling the company directly at the telephone number on your statement or on the back of your card to verify the request is legitimate.
Determine if your credit card company will generate a one-time use credit card number to use for online purchases. Use a credit card instead of a debit card for regular purchases in order to minimize the chances of your bank account being cleared out by a thief. Set fraud controls on your account so that your institution will notify you of purchases outside of your normal use. Use PayPal to pay for online purchases whenever possible, to minimize the number of institutions given direct access to your credit card information. And, of course, consider using cash whenever practicable.
*Andrew Zashin writes about law for the Cleveland Jewish News. He is a co-managing partner with Zashin & Rich, with offices in Cleveland and Columbus.