A data breach at a retailer has affected cardholders at both Bank of America and CitiBank. Both banks have deactivated some credit cards. According to American Banker, the banks have not disclosed the name of the retailer. According to Bloomberg, Bank of America sent several debit card customers new cards as a precaution after a possible breach. The banks have not disclosed the name of the retailer.
From my view, the two events are related and the retailer's breach is significant. A reader wrote to me yesterday:
"Wow. This morning BOA contacted me about suspicious activity on my debit card...3 transactions at some international art market. On the 3rd transaction, BOA caught it and declined the card. The rep said she thinks they had a fake card made. But wow! What the hell? Do you think this is a coincidence or could it be related?"
It's probable that this reader's debit card information was skimmed and cloned. It's great that BofA acted proactively and notified the reader of these suspect transaction, but the fraud has already happened. This reader's bank account information is out there among identity theft and fraud criminals. Now, this reader needs to get a new bank account and replacement debit card; plus update all of her online bill payment settings.
I encouraged this reader to use credit cards instead of her debit card when shopping at online and brick-and-mortar retail stores. Sure, debit cards are convenient, but the risk is just too high. When breached, it gives criminals direct access to your bank checking account.
Think of it this way: every time you shop with your debit card at a retail store, you are trusting that retail store and its employees to:
- Protect your sensitive bank account information,
- Protect their customer databases from hacks,
- Protect its point-of-sale terminals from skimming devices,
- Encrypt wireless transmissions of purchase transactions between it and its banks,
- Implement a "red flag" program to controla ccess to sensitive customer data and to discover insider identity theft,
- Comply with state laws to protect and delete certain transaction information within the appropriate deadline, and
- Comply with merchant guidelines (e.g., from Visa International, MasterCard)
So, the next time you enter a brick-and-mortar store, look around and ask yourself if you feel comfortable that that particular establishment has the resources, skills, and commitment to do #1 through #7 to protect your sensitive bank account and payment data. If the answer is "no," then use cash or a credit card. At gas stations, use your card inside and not at the pump. Learn how to avoid being a victim of skimming. Learn more about whether to shop with cash, debit, credit, or a charge card.
Me? I use my debit cards only at my bank's ATM machines.
If you are a Citi or Bank of America customer, were you affected by this latest breach? Did you receive replacement debit/credit cards, or did you have to demand them? If so, please share your experience below.