What to do if your credit card is hacked

When Home Depot experienced its North America–wide data breach earlier this year, millions of cardholders were exposed to potential fraud. If you’ve ever had your own credit-card hacked, you know how unsettling it can be. Here’s what you need to know if it happens to you.

Identifying fraud

You’re vulnerable to fraud if your card is lost or stolen; a criminal could also obtain your data and use it to manufacture a counterfeit card or to make telephone or Internet purchases (known as “card not present” fraud).

You’ll know your card has been hijacked in one of two ways: you see a transaction — or several on your statement — that you didn’t make, or you get a call from your issuer asking you about a fishy purchase.

“You’ve probably had these calls from an issuer yourself, where they say they’ve been monitoring your account and have noticed suspicious activity,” says Rick Rennie, MasterCard Canada vice president of payment system integrity. “They call to verify if this is your transaction or not; then if you say something like, ‘No, I’m not in Spain’ there’s a smooth handling of it right away.”

If that’s the case, the issuer would cancel the card pronto, reissue one to you, and remove the transactions from your account.

“They want you back to your card as fast as possible,” Rennie says. “They manage that process very quickly and very efficiently.”

If you see purchases on your statement that you didn’t make, you need to call your issuer right away. Check the back of the card for the number or, if you can’t read it because the font is ridiculously small, look up the number online.

Make other calls

Your job isn’t done once you’ve contacted your card issuer. The Financial Consumer Agency of Canada suggests three other steps.

Contact both of Canada’s credit bureaus Equifax Canada and TransUnion Canada

These two agencies monitor your entire credit history and are able to place fraud alerts on your credit report to mitigate any damage to your credit health by fraudulent transactions. Financial experts say you should be checking your credit reports every year anyway; this is especially important in case any of the activity on your cards somehow results in a poor credit rating.

Contact your local police

Report the fraud to the Canadian Anti-Fraud Centre.

“If you suspect that you may be a target of fraud, or if you have already sent funds, don’t be embarrassed - you’re not alone,” the fraud centre’s website states.

Know your rights

American Express, MasterCard, and Visa also provide protection to cardholders beyond the maximum liability indicated in their credit card agreements, according to FCAC. They do this under public commitments: Visa and MasterCard’s Zero Liability Policy and the Fraud Protection Guarantee in the case of American Express.

Under these commitments, if your credit card is lost or stolen, or if someone uses your credit card number to make transactions you didn’t authorize, you can usually be reimbursed.

“The commitments apply to transactions made on the Internet, by phone or at a retailer’s place of business or location,” according to the FCAC.

“However, they might not cover you in the case of fraud involving the use of your personal identification number (PIN)—for example, a cash advance received with your card at an automated banking machine (ABM). They might also exclude transactions made with convenience cheques or with corporate credit cards.”

Check with your card issuer about whether it has a fraud protection policy and how you are protected. This type of policy is not usually listed in a credit card agreement since it’s a public commitment, not a legal requirement.

Stop fraud from happening

“Consumers are the first line of defence against fraud,” says Scott Gamble, vice president of account recovery and fraud management at TD Canada Trust. “They need to be diligent about protecting personal information and monitoring their financial statements and bank accounts to make sure they protect themselves.”

Some reminders on how to do that:

• Never share your PIN or passwords with anyone; never write them down on a piece of paper that’s stashed in your wallet; shield the keypad from view when entering your PIN at a terminal.
  
  “And don’t let anyone walk away with your card; don’t let the restaurant server go to the back with it,” Gamble says. “They should bring the terminal right to the table. Know where your card is at all times.”

• Never provide your card number over the phone unless you’ve initiated the call.

• Only make online purchases with merchants you know and trust. Look for a website’s secure transaction system and look at the URL before making a purchase. The URL on some fraudulent websites won’t match the site’s name. Keep confirmation numbers for any online transactions you do complete.

• Never click on a link in a suspicious email. In many reported cases of fraud, the FCAC reports, individuals receive e-mail from what appears to be their bank asking them to click on a link included in the message. If you click on it, you’re brought to a fraudulent site that looks just like your bank’s website, in what’s known as phishing. If you enter personal information such as your credit-card number and expiry date, those details are sent directly to the perpetrators of the fraud.