Breaches Leave Cardholders Asking, "What Next?"

In the wake of computer security breaches involving millions of credit card numbers, many cardholders are questioning how safe their credit card information really is, according to The Wall Street Journal.

If you're one of the potential victims, here are answers to common questions:

Q: Will my card issuer notify me if my card is among the 40 million that were potentially exposed?

A: State law requires California residents to be notified of security breaches where "personal information was, or is reasonably believed to have been, acquired by an unauthorized person." In March 2005, several federal agencies banded together and notified financial institutions that they should inform all their customers--not just those in California--if a breach occurs. As a result, many credit card companies experiencing security breaches have told all their customers about problems.

Q: What are the odds of fraudulent charges showing up on my account?

A: There's some good news in that the odds appear to be pretty low. If thieves manage to find the data and know how to remove it, they then need to target your number out of the thousands--or millions--of card numbers. After that, they need to use the card in a way that the card companies won't spot it immediately and prevent the charge from going through.

Q: Am I stuck with the bill if a thief successfully uses my card number?

A: Consumers who see fraudulent charges on their bills almost never have to pay for those charges as long as they notify the card issuers promptly. Federal law limits liability to $50 per card; many issuers will waive the fee if you call as soon as you detect possible fraud.

Q: Does the breach reported by MasterCard in spring 2005--involving 40 million credit card numbers from a variety of issuers--leave me vulnerable to identity theft?

A: No. Because Social Security numbers weren't exposed, it's almost impossible to open new accounts in someone else's name or take over an existing account.

Q: Should I change my account number?

A: Although nearly all card issuers reported having received calls from customers worried about their credit and debit card accounts, consumer advocates say there is no need to cancel accounts yet. A June 2005 New York Times article suggests that, "Consumers should wait for notice from the [financial institution]. In the interim, if consumers have the ability to check credit and checking accounts online, they should do that, and if not, they should open and review their statements very carefully the next couple of months."

Q: Am I more likely to have my card rejected at merchants in the next few months?

A: It's possible, especially if your card was one of the 40 million affected. Card companies will be keeping a close eye on affected card numbers and will set their fraud-detection systems accordingly. If you're traveling, it can't hurt to let your card company know in advance that it will be seeing charges from other countries.