Credit Cards

How to Handle a Credit Card Data Breach

Advertiser Disclosure This article/post contains references to products or services from one or more of our advertisers or partners. We may receive compensation when you click on links to those products or services.
Last updated on July 25, 2019 Comments: 8

Last week, Global Payments confirmed a massive security breach involving credit and debit card numbers and information. Global Payments operates a gateway; when you use your credit or debit card to purchase an item — and this could be online or in a brick-and-mortar store — your card information is sent through Global Payments or one of many similar companies to the issuer to determine whether the transaction can be approved.

The breach affects all major issuers, so if you have used a Visa, MasterCard, American Express or Discover card, whether a credit, debit, or charge card, you might be one of the estimated 10 million consumers affected. Update: Global Payments is now confirming that 1.5 million card numbers were included in the breach. Issuers — either the banks that offer the cards to their customers or the credit card companies themselves — have already begun notifying customers whose information might have been compromised.

You can expect issuers to offer free credit monitoring and identity protection services to help customers feel secure about their information in the future. The services differ depending on the provider, but most focus on the same core set of benefits.

  • You can receive alerts — by phone, email, or even text message — when your card is used for suspicious activity. Suspicious activity could be anything from a transaction at a store or in a location you haven’t previously.
  • You can receive updated credit reports. While the government requires the credit reporting agencies to offer one free credit report per customer each year, identity protection services typically provide access to more frequent credit reports — perhaps monthly or unlimited, on demand.
  • If your identity information has been compromise, you should lock down your credit file. By contacting each of the three bureaus, Experian, Equifax, and Transunion, you can inform these companies not to allow any new credit to be issued in your name. This is not going to be an issue with most incidences of credit card information compromises, if your identity is stolen, you are at a higher risk.
  • Change your credit card numbers. If you were affected by this security breach, you may have received a new credit card with a new number without so much of an explanation from your issuer. Changing the number helps protect customers who have had their data stolen. Some card issuers offer options where you can receive a new number for every online transaction; this may be a worthwhile service if you have reason to believe your credit card number has been compromised.
  • Don’t forget to use your credit card online only over secure connections. Different browsers have different methods of indicating a secure connection. Using a credit card over a secure internet connection is safer than handing your credit card to a waiter or gas attendant. Over a secure connection, your credit card number is encrypted while in transit, but when you hand your credit card to someone and they step out of view, there is no limit to what they can do with your card in 30 seconds.

Aside from trusting technology and employees who handle your card information, it helps to always be aware of your surroundings. While in an airport waiting at the gate to board a flight, I called a hotel to inquire about a reservation. The hotel customer service representative was happy to take my reservation, but required me to announce my credit card number. Although I had no reason not to trust the individuals who were sitting near me, I opted not to provide my credit card number to all within earshot. As a result, and with the understanding that there would most likely be rooms available when I arrived later that night, I didn’t make the reservation.

I did lose the best rate offered on the room, though. When I arrived, the rate I had been quoted earlier was no longer available. I consider it a small loss in exchange for the comfort of not sharing my credit card number publicly.

When the cause of the breach of your information is a payment processor, as in this particular announcement from Global Payments, the issuers do all that they can to protect their customers, even if communication is slow or incomplete. When fraud happens on an individual level, and you are the only customer affected, it’s more difficult to get support from the companies you deal with, without insistence.

If you are the victim of fraud or identity theft, and it is not part of a large-scale technology hack, there are extra steps you must take.

  • Start keeping a log of everyone you talk to about the fraud, including credit issuers, banks, and the police.
  • File a police report describing the fraud or the incident.
  • Contact the credit bureaus to inquire about identity protection services and possibly credit freezing.
  • Contact your issuers and explain your situation, seeking any tools they have available to protect you going forward including assigning new card numbers.

Different banks and card issuers have different policies regarding your liability in the event of fraud. For the most part, if you follow the appropriate procedures including reporting suspected fraud in a timely manner, you will have no liability. With debit cards, however, even in the case of fraud, your balance could be lower than it should be. That could lead to missed payments or overdraft fees. That’s one benefit of using credit cards rather than debit cards — your bank account won’t be affected in the event of fraud, even for a day.

Of course, if you choose a cash-only existence, you may be able to completely avoid the hassles involved with credit card fraud and identity theft.

Article comments

Anonymous says:

I check my bank accounts online several times a week to make sure everything is in line, and do the same with my credit cards. Can’t be too careful these days.

Anonymous says:

I hope both of them drop it. It’s kind of sad that in this industry one mistake can be the end of you. But that’s the way it should be.

Anonymous says:

thanks for the article flexo. This is very good information. I read that Visa is going to drop Global Payments & I wouldn’t be surprised if mastercard does the same. As someone who has been a victim of fraud, I am always checking my bank accounts on mint to see if there are any bogus transactions.

Anonymous says:

This is a little scary. I don’t have a debit card for security reasons, but I always felt pretty secure about credit cards. It also helps to check your balance every month, even if you haven’t used the card.

Anonymous says:

Things like this are bound to happen. So it’s also best if we consumers take the extra step in protecting ourselves. Protect your pin and passwords and avoid using very obvious ones. Also, keep in touch with the people who can help you with this matter like your credit card issuer and credit bureaus.

Anonymous says:

For clarity sake the term “Fraud Alert” should be used when dealing with the credit agencies. They understand the term and although it’s temporary, their actions should prevent someone else from opening an account with your information. Be advised that if you should desire to open an account in your name you’ll have to pony up a lot of ID information not normally required until the alert expires. Been there -done that!

Anonymous says:

Credits to the author, very good article, definitely one of those go back to from time to time
Maybe I would suggest few more everyday tips for keeping your data safe like:
NOT keeping your credit card numbers,passwords,PIN codes etc. in your cell phones or
NOT using the same password for all accounts or
NOT leaving sensitive data on social networks, which could lead to your confidential data

Luke Landes says:

There are good tips to keep in mind. None of this would help much in the case of a payment processor’s data breach, unfortunately.