Debit card compromised: what should I do besides dealing with my bank?
November 16, 2013 10:21 AM   Subscribe

There was a fraudulent online charge on my debit card which I'm dealing with disputing with my bank. What passwords should I be changing or other tactics now to protect myself and the new card I'll be getting soon?
posted by dahliachewswell to Work & Money (9 answers total) 2 users marked this as a favorite
Your bank will give you a new debit card number. That's more important than a new password at this point.
posted by Houstonian at 10:23 AM on November 16, 2013

They didn't use your password, just your card number. To a certain extent there's nothing you can do unless you never use your card. Obviously be careful using unattended swipers (ATMs, gas pumps) and examine them for skimmers, be careful in places like gas stations and convenience stores that you or the employee is using the real equipment (or use cash), and try to use a more secure payment option (Amazon Checkout, Paypal, etc) when shopping on smaller websites.

Having two bank accounts makes it slightly less annoying because you're not left without a card for several days, but you still have to change all your auto-bill information to the new number. You feel violated the first time or two, and all outraged, but after that you're just like "damn it, hackers" as you change your cell phone autobill card AGAIN.
posted by Lyn Never at 10:33 AM on November 16, 2013 [2 favorites]

other tactics now to protect myself

Stop using a debit card and get a credit card.

Credit cards have legislatively mandated $50 maximum liability under the Fair Credit Billing Act and most credit card companies will waive that $50. Debit cards are also regulated under the Electronic Fund Transfer Act, but there is no maximum liability if you take too long to report the loss. For instance, if you take two days to notice a lost card, you could be liable for up to $500 in charges. Further, fraudulent debit transactions still come right out of your checking account, which means they can overdraw your checking account, unlike credit transactions. So, an inconveniently timed fraudulent charge could cause your rent payment or mortgage payment to bounce. In that case, you could be entirely compensated for the fraudulent charge, but still end up with significant penalties from your landlord/mortgage holder due to a bounced payment. Even worse, the EFTA does not require your bank to immediately reimburse you for fraudulent charges; they can take 10-20 days to do so, extending the window when a bounced check can happen.

Even if fraud does not occur, holds on debit accounts can cause checks to bounce if you have a tendency to keep low account balances. For instance, gas stations often hold $50 or $75 on your account whenever you make a transaction. That hold goes straight to your checking account and can cause a check to bounce if your balance is too low.

In addition, the rewards on a credit card are, in general, almost always better than debit cards. It is trivial to get 1% cash back on credit card transactions, and you can push that to 5-6% if you are creative with how you use credit cards.

There is almost never a reason to use a debit card unless there is a discount provided for using a debit card. Even then, the discount needs to exceed the cash back you'd get from a debit card to make sense.
posted by saeculorum at 10:33 AM on November 16, 2013 [6 favorites]

Get a different bank.

This just happened to us, and the bank (or rather the company the bank used to administrate the card) contacted us. The bank has been nothing but helpful, as they knew WE weren't using our debit card in Chicago or New York when we were right here in Fayetteville. They even advanced us funds covering the loss until the process worked itself out.

In our case our information was stolen from one of the banks (I guess security breach) so there was nothing we could have done to protect ourselves.
posted by St. Alia of the Bunnies at 10:51 AM on November 16, 2013

Response by poster: Just to be clear: I know the thieves didn't need a password to fraudulently use my debit card. I was wondering if there was any scenario where I should be concerned about other secure information, or for instance my email account, being compromised depending on the vector they used to access the debit info. (Ex: I know I shouldn't be worried about email if they skimmed my card info at a store, but what about if it happened through keystroke logging?) I don't have great knowledge about how this sort of thing happens, so want to make sure I'm not NOT taking some action that would be obvious to someone else.
posted by dahliachewswell at 10:56 AM on November 16, 2013

but what about if it happened through keystroke logging?

This is very unlikely. Thieves looking for debit card numbers will want as many as they can get; single cards are not very valuable if only because the bank will close down the number quickly. It's easier to get a lot of numbers by skimming at an ATM/store (for local thieves) or by hacking databases (for online thieves).
posted by immlass at 11:03 AM on November 16, 2013

Seconding the advice to get a credit card to use for purchases where someone may have attached a skimming device to the reader, and for all online purchases. It is much easier to dispute fraudulent charges on one. I have one that I basically use like a delayed-action debit card, paying it off before the grace period expires. Which reminds me, make sure the credit card you get has a grace period, so that you don't have to deal with interest payments.

As far as protecting yourself goes, the standard advice of making sure your machine is free of malware and making sure that you don't use the same passwords for banking as other sites is a good start. If your bank offers 2 factor authentication for your banking website, it's a really good idea to enable that. This is advice anyone should take though. Without knowing how your number got compromised, all you can really do beyond that is try to be more careful and vigilant in the future.
posted by Aleyn at 12:15 PM on November 16, 2013

Let me add that my friendly teller told me a lot of this has been going on lately. There was really nothing we could have done to prevent it.
posted by St. Alia of the Bunnies at 1:43 PM on November 16, 2013

Debit card fraud is pretty innocuous in the whole range of types of bank fraud. Changing your online banking password is the extra paranoid thing you can do.

3rd'ing using a credit card rather than a debit card. In addition to the added security benefits, it helps smooth out your cash-flow since instead of your daily purchases being deducted from your bank account, you're using the bank's money for a month at a time. That's the other security feature (well, really it's kind of a convenience thing) that comes with using a credit card. If there is fraud, they took the bank's money, not your cash. So if it takes a little bit of time to get it straightened out, it's no big deal, you still have access to the cash in your bank account.
posted by VTX at 5:59 PM on November 16, 2013

« Older How should I store my grandmother's fancy table?   |   I Need a Good Search Box Newer »
This thread is closed to new comments.