If you swiped your credit or debit card at a Target store between Nov. 27 and Dec. 15 and you haven’t checked your account, do it now. Especially if you used a debit card.
The breach of computer data Target announced last week affected 40 million card accounts. Stolen data included customer names, credit and debit card numbers, card expiration dates and the code that’s embedded on the magnetic stripe on the rear of the card. There’s no evidence that three- or four-digit security codes on the back of the cards were revealed.
Target hasn’t said how the breach happened but did say it has fixed the problem. Gregg Steinhafel, Chairman, President and CEO of Target, said in a statement, “Target’s first priority is preserving the trust of our guests, and we have moved swiftly to address this issue, so guests can shop with confidence.” However, a lot of Target shoppers must be feeling less than confident over the second-largest data breach in U.S. history.
Maine officials were quick to urge customers of the chain to be on guard. People with the Bureau of Financial Institutions and Bureau of Consumer Credit Protection at the Department of Professional and Financial Regulation say in cases like the Target breach, consumers can be their own best advocates.
Target customers should check their debit and credit accounts for any irregular activity; that’s true if a card was used in a store, or if it is unclear whether a card was used (no problems have surfaced with online transactions). Customers who can access their account information online should do so at once, rather than waiting for a statement to come in the mail.
If there’s unfamiliar or suspicious activity on the account, consumers should notify the financial institution that issued the credit or debit card. They do not need to contact Target; the store has added extra workers due to a crush of calls at its customer service number, 1-866-852-8680. People who have Target’s own debit and credit cards — called Red Cards — should contact the company (many reportedly had trouble getting through soon after the breach was announced).
On credit cards, consumers’ liability for unauthorized use is capped at $50. If consumers report a lost card to the issuer before the credit card is used, the customer can’t be held responsible for any unauthorized charges. When a card hasn’t been lost but account numbers were stolen, consumers have no liability for unauthorized use. Your cardholder agreement may give you added information.
Holders of debit cards who spot unauthorized activity due to a data breach have 60 days from when the bank or credit union sent the statement to report the matter. If consumers don’t meet that deadline, they are liable for the amount of the unauthorized transactions.
Consumers whose debit card has been lost or stolen have two business days after discovering the loss or theft to notify the financial institution to limit their liability to $50. If they miss that deadline, consumers can be held liable for up to $500 of unauthorized transactions. If consumers don’t notify their institutions within 60 days of getting a monthly statement that lists a fraudulent debit, they could be liable for ANY unauthorized withdrawals after the 60-day period.
Consumers who are hit with unauthorized charges or withdrawals should first call the credit union or bank that issued the card, then follow up in writing to detail the problem. Some banks and credit unions may issue new cards to customers whose accounts were known to have been breached. And consumers can ask to have a card re-issued if they’re concerned about their accounts.
For more information, call Maine’s Bureau of Financial Institutions toll-free at 1-800-965-5235 or the Bureau of Consumer Credit Protection at 1-800-332-8529.
Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit http://necontact.wordpress.com or email firstname.lastname@example.org.