On December 19 retail giant Target announced that 40 million customers’ credit and debit card data may have been stolen between November 27 and December 15, during the busiest shopping season of the year. It’s not clear yet how this breach happened, but it appears to have affected customers who made purchases at the company’s physical stores, not on Target’s website. The data includes shoppers’ names and the account numbers, expiration dates and security codes embedded in the magnetic stripes on their cards – information that crooks can use to buy things with victims’ accounts.
What can consumers do to prevent their financial information from being stolen when they shop at a store? Two words: use cash. But that’s sometimes inconvenient and may be even more risky. If a thief robs your cash and gets away, your money may be gone for good. If your credit or debit card data is stolen and used, you have the right to say “I didn’t make this charge or debit.” Under federal law, your responsibility for fraudulent charges or debits is limited and most card issuers won’t make you pay anything at all. Of course, if it’s a debit, you may discover that you have less money in your account than you think, causing legitimate payments to bounce and other headaches. Banks have up to ten business days to credit the money back to your account once you notify them about the unauthorized debit, though they may do it more quickly. In any case, dealing with these problems can be a hassle.
If you used your credit or debit card purchase at a Target store during this time span, contact your card issuer to see if there are purchases on your account that you didn’t make and get a new card. Your issuer may have already shut down your account. If your card has been used, you can follow the steps that the Federal Trade Commission recommends for identity theft victims.
Don’t panic – it’s not as bad as it would be if it was your Social Security number that was stolen, which does not appear to be the case here. But this massive breach is a troublesome reminder that companies need to secure our data much better to keep it out of the hands of identity thieves.