Join 3,494 readers in helping fund MetaFilter (Hide)


My Debit Card was compromised, now what?
May 14, 2014 6:03 PM   Subscribe

I had to get a new card on Saturday. On Monday, I purchased something on the internet. Today, someone spent 1300 of my bucks on something called "educational services" in New Delhi, while I sit here on the east coast of America. The bank says not to worry. But should I?

The bank has issued me a new card and has my account flagged, and I'm going to get all the money back.

1.Outside of the plain-old get your credit report regularly and monitor my debit account, should i be doing anything else to avoid further identity theft? The bankers I spoke with seemed very unconcerned and told me it happens pretty much all the time and all i need to do is keep an eye on my account.

2. The only places i made purchases at over the last few days have been at a couple grocery stores and that one place on the internet. I kind of assume it was the internet purchase that did it- should i call the company and report it? It is a legit company.

3. My husband's biggest concern is that they now have ALL OF MY INFORMATION and will cause Apocalyptic amounts of damage. Is this likely/true?

Do me a favor tho- don't give any answers with nightmare stories attached. Just the facts and what I should do to prevent nightmare scenarios. My husband is very very worried about this and will be reading this thread closely.
posted by anonymous to Work & Money (15 answers total) 5 users marked this as a favorite
 
Re 2: You should notify the Internet company, and check with the grocery stores. Especially if you used the self-serve kiosks. There have been card skimmers found on a few local grocery store self-serve checkout lanes near me.
posted by straw at 6:07 PM on May 14 [1 favorite]


If all they've done is withdraw money from your account, then it's likely that they only have enough information to use the old debit card number, which can be as little as the number, 3 digit security code and the name, which is why your bank is unconcerned. However, they may have more info, so you should keep an eye on your credit report for anything suspicious. You can get 3 per year (1 from each credit bureau) free every year at annualcreditreport.com. This is good advice regardless of whether you think your info has been compromised or not.

Also, the above advice about skimmers is good. You might go one further and avoid using your debit card in any reader that is left unattended for long periods of time. Use a credit card for those instead, as you get better fraud protection.
posted by Aleyn at 6:14 PM on May 14


In reverse order, 3 they likely do not have all of your info. Your card was comped. It's been reissued. Make sure your computer is patched and run antivirus to check for the obvious stuff.

2 Fraud does not strongly correlate with where you recently used the card, but you can call those places anyway. Don't be accusatory, but they will probably pull the stores and lanes of your transactions and check for skimmers. If there was a skimmer, Visa or Mastercard has probably already contacted the merchant due to correlation of a lot of data points.

1. Stop using a debit card. The protections for debit and the window for dispute puts much more burden on you to immediately notice and dispute a charge. Credit cards have much better consumer protection. I will type my credit card number into the shadiest website on the Internet because I have no risk, outside of waiting for a card to come in the mail if it's reissued. I am hesitant to use my debit card in anything except an ATM attached to a bank because the protections suck.
posted by bfranklin at 6:14 PM on May 14 [5 favorites]


I went through this about two years ago. I suspect that someone attached a skimmer to a gas station pump (this is VERY common). Someone spent a couple hundred dollars at a Barnes & Noble in New Jersey (across the country from me!). I happened to notice this right away because I have an alert set up on my account which texts me whenever a charge over a certain amount goes through.

I called my bank, canceled the card, and got the charges reversed. The bank sent me a new card. I also changed the password on my account just in case. No apocalyptic levels of damage occurred. It was a PITA, but no life-or-finance-ruining catastrophe.
posted by Rosie M. Banks at 6:16 PM on May 14


I've had something similar happen about 4 times now? Here's the advice that I received (and followed) after the last incident, about 6 months ago:
- Never use a debit card, even if it has a Mastercard/Visa/etc. logo on it, except at a bank's ATM machine.
- Get 2 credit cards, minimum.
- One credit card is only to pay bills online. That means those automatic payments, like for cable, electricity, whatever.
- The other credit card is to buy things in person at the grocery store, whatever.
- Just to make sure you're never paying late fees, set both credit cards to automatically be paid out of your checking account.
- If you have any iffy situations, such as a one-off payment to an online store that has little credibility, get a stored-value card and pay with that.

With this setup, it is very easy to protect yourself from the negative effects of fraud, and from the negative effects of suddenly cancelling an account. It also makes it easier to trace back the source of fraud, if it is in question.

Finally, get a card with an institution that has good processes in place for protecting you. I use USAA -- they call me if there's any suspicious activity, they are very proactive in putting fraud-protection things in place, and so on. If you pay balances in full and on time very month, this becomes more important that, say, interest rates.
posted by Houstonian at 6:24 PM on May 14 [2 favorites]


Just wanted to chime in like some others to suggest that you not use a debit card. A debit card provides direct access to your bank account. This opens you up to a high level of risk. I never use a debit card for that reason. I only use a single credit card for all purchases. There are laws that place strict limits on your liability for fraudulent charges on credit cards and in my experience the credit card companies have pretty good algorithms for detecting unusual activity. This advice assumes that you are highly disciplined and will treat the credit card like a debit card--meaning you will only buy things with it that will be paid off in full at the end of the month.
posted by Seymour Zamboni at 6:29 PM on May 14


I have my debit card attached to a secondary account with only a small amount of discretionary funds in it, and another account for bills, etc. which has only an ATM card. This has worked out well from both a damage mitigation and budgeting perspective.
posted by snickerdoodle at 6:39 PM on May 14 [1 favorite]


Never use your debit card online. Use a credit card, that way you aren't out any actual cash when you get hit. Because I think at this point it is an issue of when, not if, for all of us.
posted by COD at 7:00 PM on May 14


1. The bank is correct. It's really unlikely they have more of your information that they haven't used yet; if they had it, there would be attempted account takeover attempts, believe me. And you'd know. Think of it this way: the crooks want the most money possible. If they have all your info, would they go after a couple piddly transactions before the card gets shut down, or would they go after all your identity and all its potential? They'd go for everything. The fact that they haven't indicates that they don't have anything but your card info.

2. I would actually report the suspected point-of-compromise to the bank. The bank does/should report suspected compromised merchants to their association (meaning Visa or MasterCard). Visa/MC will look into these and will reach out to the merchants if a compromise is suspected.

3. This is very unlikely. I've had cards compromised a few times now, and have not had anything resembling true ID theft.

Reg E forces financial institutions to be very good to consumers who have unauthorized activity on their cards, and MC/Visa/Discover all have "zero liability" policies for unauthorized activity, provided you report it to your bank in a timely manner. It really, truly does not matter if your credit card gets compromised or your debit card does--you will more than likely get your money back, barring certain circumstances (ex. you don't report it for a long time, for example).

Please keep an eye on your statements, too. People put a lot of onus on the financial institutions to detect the activity, but algorithms can only do so much. It's up to customers to detect the things FIs cannot!

Anecdata: I use my debit and credit cards wherever I want, have done so for the past 11 years, and have only had fraudulent attempts twice. I never went without reimbursement for longer than a couple days.

You'll be fine, nothing to worry about, really :)
posted by Verdandi at 7:06 PM on May 14 [1 favorite]


Anecdotally, this has happened to me twice before, a few years apart, and nothing catastrophic happened. The money was put back into the account by my bank within a few days. I do monitor my accounts, etc, but things worked out fine.
posted by the twistinside at 7:26 PM on May 14


The only time I ran into a fraud problem, it stemmed from an account where I had linked both a debit card and a credit card.

The fraudsters quickly cleaned out the debit account to the point of overdrawing it, and I had no idea until minutes later, when they hit the credit card, and my credit card provider immediately emailed me, then called me to alert me to the fraud.

Credit card provider reversed the fraudulent charges right away and overnighted me a replacement card with a new number. The bank where the debit card was linked didn't get the mess straightened out (usable account with new number and new debit card, fraudulent charges removed) for almost 2 months, in spite of my constant calls, emails, faxes, showing up in person at the local branch, whatever they asked. It was eventually fixed, but I'm all credit card all the time now.
posted by Bentobox Humperdinck at 8:50 PM on May 14


This happened to us (debit card skimming, it wasn't an online thing) last week. We were hit for a bunch of local purchases. (groceries, gas station, local nightclubs) Our credit union's security team shut down the card when someone attempted to use the number on the west coast. But our CU is very vigilant like that.

We filled out the charge dispute form on Thursday and the money was returned to our account last night, so six regular days later. I suspect if I was still with Large Regional Bank I'd still be waiting in the lobby to talk to someone.

I will continue to use my debit card. It has been a game-changer for people like me who don't do well with credit card bills. But I'll probably carry more cash so I don't have to use the card as much.
posted by kimberussell at 4:04 AM on May 15


It's really common for people to conflate credit/debit card fraud with identity theft which is what you're doing. They are not the same thing. Card fraud is reasonably common and not usually a big deal compared to identity theft. I worked in a bank branch and dealt with this stuff fairly often. I never met anyone who was a victim of BOTH identity theft and card fraud at the same time and certainly no one where one led to the other.

nth'ing the suggestion to use a credit card instead of a debit card. In addition to advantages that others have already pointed out you're also not using your money. If something like this happens again, you've just lost access to some credit while the dispute is getting resolved instead of waiting for the bank to put your money BACK into your checking account.
posted by VTX at 8:02 AM on May 15 [1 favorite]


Two years ago my husband and I both had our debit cards and a credit card compromised a couple of times each over a period of several months. No telling where it happened, as we bought a house and moved during that time, and thus had what seemed like billions of purchases all over the city and the Internet as we furnished the house and paid various service people.

We have had zero long-term effects that we know of. Both of our credit reports are fine. We continue our normal pattern of transactions: my husband uses his credit card almost exclusively, and I use one for joint purchases, but use my debit card for getting cash and making my own purchases. I do that because I have impulse spending issues and if I have unfettered access to an account I'll spend everything in it before realizing I've done so. So I have my debit card connected to a separate account with a limited amount of money in it. If it gets compromised, not a big deal, and our bank has refunded me everything the 3 times it's been compromised since I've had it. I haven't had any problems since the move, though.

(The last time my debit card was compromised, I just happened to go online to check the amount in my debit account and noticed that I had two odd charges from places I didn't recognize. Googling unearthed the info that one was a gas station and one an adult club, both on the other side of the country. I called the bank, and they said that a third charge, to a hotel, had been turned down as it exceeded the amount left in the account. I have now constructed a narrative in my head of a guy testing the card at the gas station, picking up a girl at the club while getting a couple of drinks, then getting hosed when he tried to get a hotel room. Although realistically he probably had multiple stolen card numbers on him.)
posted by telophase at 1:40 PM on May 15 [1 favorite]


Never use a debit card, even if it has a Mastercard/Visa/etc. logo on it, except at a bank's ATM machine.

Nth-ing this suggestion - if at all possible, never use your primary bank ATM card anywhere except at your own bank's ATM. People might suggest looking carefully for ATM skimmers, but good luck with that.

For online transactions, you should only use credit cards - if you're paranoid, many card issuers will generate single-use card numbers for you.
posted by RedOrGreen at 2:27 PM on May 15


« Older I just got a job offer (yay!) ...   |  I'm bringing a car to Omaha in... Newer »

You are not logged in, either login or create an account to post comments