CreditCards.com is great source of information on credit issues. A post today discusses data breaches of various descriptions and how each stacks up in terms of their impact on consumers.
The authors first remind people that you are not your credit card–there’s a big difference between a risk or breach involving only one account and a breach that exposes one’s entire identity. But the risk increases when a breach extends beyond one card or account to include personal information such as your DOB and SSN.
Scenario 1. Your credit card is stolen or hacked
Someone stole your wallet and with it, your credit card. Or, maybe you still have the credit card but someone somehow got the number and charged items on your account.
Why: The thief wants to spend as much money as possible before you and/or your card issuer get wise to the theft.
The good news: Under the Fair Credit Billing Act, you’re on the hook for only $50 and probably not even that. Most credit card issuers have zero-liability policies that mean you won’t pay a cent. Plus, the thief has access to just that one account number — not other personal info that could put your entire financial identity at risk.
The bad news: You have to get the card replaced and change any recurring automatic payments made with the card. In the meantime, you don’t have the credit card, which is a problem if that’s your only card.
Takeaway: If your credit card is stolen, it’s a hassle but it’s no big deal it’s an inconvenience.
Scenario 2. Your debit card is stolen Someone stole your wallet and with it, your debit card.Why: To clean out your account before you find out about the theft.
The good news: The thief has only your debit card — not anything linked to your identity.
The bad news: You’re not protected for such theft the way you are with a credit card theft or breach. Under the Electronic Funds Transfer Act if your debit card is stolen, in most cases your liability is limited to $50 if you report the theft within two days. But if you wait more than two days, you could be liable for $500. After 60 days, you could be on the hook for the entire stolen amount, although most banks will review such theft on a case-by-case basis.
Even if you do report the theft right away, the bank account linked to the card will be frozen and you’ll lose access to the funds while the issue is being resolved. Meantime, you can’t pay your bills or get cash. For people who are already living on the financial edge, this can cause a domino effect. No money for gas means no way to get to work, which puts a job in jeopardy.
Scenario 3. You friend a fraudster
A fraudster posing as one of your friends asks to connect on social media and you quickly accept. Then you realize you’re already connected and this new social media “friend” is a fraudster. Now all the personal info you share with your real friends is available to an identity thief.
Why: The fraudster may already have some account information on you and now is trying to fill in missing puzzle pieces or get information about your identity that could be used to answer your password security questions, such as “Name your first pet” or “Where did you go to high school?” The fraudster could use this information for full-scale identity theft or to hack one account at a time.
The good news: You could be safe if you catch the mistake and delete the fraudulent friend right away. If the hacker is doing this on his own, he’ll need time to comb through your account.
The bad news: If the hacker is using software to scrape personal info from your page, you might be at risk the minute you click accept.
Scenario 4. Change-of-address fraud
You haven’t gotten any snail mail for days; you see your mailman as he drives by and he says the post office received a change of address notice from you. You didn’t fill one out.
Why: The thief first wants access to mail so he can get account information and other personal identifiers. Next, he wants to make sure you don’t receive mail notifications when he changes passwords, PINs or other key information for those accounts, and opens new accounts in your name.
The good news: You missed a few days of junk mail.
The bad news: This scenario is a major indicator of ID theft.
Scenario 5. Hackers expose your data in a major federal breach
You’re among the millions of victims whose extensive personal information was exposed in the federal data breaches at the Office of Personnel Management.
Why: Thieves can use that information to open new accounts in your name for apartments, cell phones, car loans and more.
The good news: You’re not alone; about 22 million people were affected in two separate breaches.
The bad news: Thieves now have access to a lot of your personal info — the breaches included Social Security numbers and information used for security clearances, as well as employment, educational, residential, financial and health histories.
Scenario 6. Medical ID theft
Your doctor’s office gives you a form to sign confirming that you’ve moved; but you’ve lived in the same house for years. This could be a sign of medical ID theft, one of the fastest growing forms of identity theft.
Why: Medical ID thieves seek to get free medical care, free drugs, free equipment or to commit other fraud.
The good news: It could be human error.
The bad news: If it’s medical ID theft, the implications go beyond financial. When your medical history is intertwined with someone else’s, you’re at risk for misdiagnosis, being prescribed a drug that doesn’t work with current prescriptions, having insurance claims denied or even losing your insurance. Nearly two-thirds of victims in a 2014 survey by MIFA paid out-of-pocket expenses averaging $13,500 including services received by the ID thief.
The most severe consequences are not financial — they’re related to a consumer’s health as the result of confusion about the victim’s true medical condition and health history because it’s corrupted with information about the identity thief’s health conditions.
You can’t prevent some of the scenarios above but you can take action to help prevent being an individual target.
- Set up your debit card so that it’s only an ATM card and can’t be used to buy things and clean out your account, Weisman says.
- Choose strong passwords, change them often and don’t keep them written down in an obvious place.
- For security questions linked to your accounts, make up fake answers that are easy to remember yet have nothing to do with your real first pet, high school or mother’s maiden name. “Give a nonsensical answer,” Weisman says. “For ‘Where did you go to high school?’ answer ‘Grapefruit.’ It’s just silly enough you won’t forget it.”
- Read the explanation of benefits notices your insurance company sends out, even if they say you don’t owe anything. That will alert you to any procedures or doctor visits that didn’t involve you.
And if your credit check engine light comes on, investigate immediately.