Data Breaches and Identity Theft: How Much You Could Lose

Worried about your credit card data getting stolen? It’s understandable: 1.5 million credit cards were compromised in the Global Payments/Visa breach; though it’s barely April, Citibank and Wells Fargo may have been compromised this year; and MSNBC.com just told us that even your credit report isn’t safe.

Thankfully, in the case of a data breach like Global Payments, your bank or credit union will shoulder most of the burden of keeping you safe, letting you know if your account is compromised and issuing a new card if necessary. But it’s the hacks you don’t hear about that can get you. We’ll break down some of the ways to keep your data safe, and tell you what your liability is if your identity is stolen.

Credit cards

Your credit card information is everywhere: at your bank, on your Amazon account, in your smartphone’s wallet, on new mobile payment apps, and, of course, in your actual wallet. But credit cards are pretty much the best-protected payment method when it comes to fraud.

Your liability:

• You are not liable for any charges made after you report the loss.
• You are not liable for more than $50 per card.

Staying safe:

• Review your monthly statements for fraudulent charges.
• Carry with you only the cards you need.
• If someone from your bank calls and asks for your credit card number, tell them you’ll call back. If it’s actually your bank, you can give them what they need, but never give your credit card number to someone who calls you.

Debit cards

Debit cards can be risky, and not just because you’re on the hook for more money than with credit cards. ATM skimmers abound, and even though you often enter your PIN, you sometimes just sign a receipt like you would for a credit card. And let’s face it, who actually checks your signatures?

Your liability:

• If you report the loss within 2 business days, you are liable for no more than $50.
• If you report it within 60 days of getting your bank statement, you are liable for no more than $500.
• If you report it more than 60 days after receiving your statement, you could be liable for the entire amount.

Staying safe:

• Don’t write your PIN down.
• Use a different PIN for each debit card.
• Keep an eye on your bank statements.

Prepaid debit cards

Unlike credit cards and debit cards, prepaid debit cards don’t have to be FDIC-insured and aren’t required to give fraud coverage. Make sure to check if your prepaid debit card issuer is FDIC-insured, and that they extend that coverage to prepaid cards. Also make sure that you have some coverage in case of fraud.

“Zero liability:” Many prepaid debit cards offer Visa or MasterCard’s zero-liability policy on prepaid cards, but these protections are skimpier than they sound. For one thing, you’re exposed to unlimited loss if your information is stolen at an ATM, as well as some cases when you enter your PIN. Be very careful, therefore, to keep an eye on your statements.

Your liability:

• Under Visa’s Zero Liability policy, you are not liable as long as you aren’t negligible, which includes checking your monthly statement and reporting fraud. You are liable for all fraudulent ATM withdrawals and PIN transactions not processed by Visa.
• Under MasterCard’s Zero Liability policy, you aren’t liable for fraudulent purchases made in-store, online or by phone, as long as you take reasonable care to prevent fraud, your account is in good standing and you haven’t reported two or more unauthorized events in the past year. You are liable for all fraudulent ATM and PIN transactions.

Staying safe:

• Keep a close eye on your account, checking your balance online if it’ll cost you to get paper statements.
• If required, make sure to sign the back of your card, as not doing so may make you ineligible for fraud protection.
• Follow the procedures outlined for debit cards as well.

Mobile payments

Mobile payment providers, like prepaid debit card issuers, aren’t required to provide fraud protection. Some do, but a Consumers Union report found the agreements to be vague and unclear. Here’s a brief breakdown:

If your payment is linked to a credit or debit card, the liability limits apply.

If your payment is linked to your phone bill, your liability varies by cell phone provider. Consumers Union did a study of different carriers’ liability policies, and found a discrepancy between representatives’ assurances and contracts’ terms. This leads us to think that carriers will be more lenient than their contracts would suggest. Still, you can’t count on it.

The standard policy (Verizon’s a lot nicer) is that you’re liable for all charges made before you report the phone lost or stolen. This could theoretically open you up to unlimited losses, but 3 of the 4 carriers cap the amount you can charge to your phone bill. The fourth – T-mobile – offers to let you set a cap, for a fee of $4.99 per account. That fee includes other perks, like blocking certain numbers.

Carrier	Liability	Maximum Spend per Month
AT&T	All charges made before reporting	$100
Sprint	All charges made before reporting	$25
T-Mobile	All charges made before reporting	$80
Verizon	Liability considered case-by-case; generally, you aren’t liable as long as you make an effort to report the loss	$25

Staying safe:

• If your phone is lost or stolen, contact your carrier ASAP.
• Password-protect your phone.
• Keep an eye on your phone bill and report suspicious charges immediately.
• If possible, link your mobile payment to a credit card or (plan B) a debit card.
• Move to California.

Mobile payments in sunny California

The California Public Utilities Commission adopted a strong set of protections for mobile payments linked to your phone bill:

• You aren’t liable for any unauthorized charges.
• You don’t have to pay disputed charges while the investigation is pending, and you can’t incur fees or a black mark on your credit report for not paying disputed charges.
• Disputes must be settled within 30 days.
• You can prohibit third parties from making payments on your account, free of charge.
• Carriers have to clearly disclose the risks of allowing third-party payments.

Staying safe mostly means staying smart

To make sure you aren’t the victim of identity theft, there are a few general guidelines to follow:

• Read your bank statements!
• Don’t reuse passwords, PINs or security questions, and avoid setting your PIN to your birthday.
• Make sure to never give your account information to someone who calls you, and that if you enter your information online, the connection is secure (the URL should start with https, not http).

And if you are a victim, remember to call your bank and cell phone carrier immediately to limit your liability. Make sure to change all automatic bill payments linked to the compromised account. And finally, if you do end up reusing your password (which you shouldn’t!), change all passwords that are the same as the ones on the hacked account.