Simply, data breaches will continue.
For consumers trying to keep their credit card data safe, basic precautions are no longer enough. Hacking software is getting more sophisticated -- and easier to obtain, making a credit card breach a matter of when, not if. But with vigilance and speed, the damage from a breach can be mitigated, making the effects nearly non-existent.
Card or Card Number?
If there's any silver lining to the massive security breaches like the ones at Target or TJX Cos. (TJX), it's this: When credit card numbers -- rather than the cards themselves -- are stolen, the cardholders aren't responsible for charges. If the card itself is reported stolen before the account is used, the same is true. However, if the loss of the physical card is reported after additional charges have been made, the cardholder is responsible for up to $50 a card.
Visa (V) takes it one step further. Customers are fully covered if their card information is used to commit fraud and won't be held liable for unauthorized purchases made using a Visa card, whether the transaction occurs online or off, Visa says.
Same goes for American Express (AXP). According to spokeswoman Amelia Woltering, "If we discover activity on an account that we believe is suspicious, we will contact the card member. If a fraudulent charge is detected, in many cases we'll issue a temporary refund [while it's being investigated]."
MasterCard (MA) has a similar "zero-liability" policy. Customers only pay for authorized transactions.
Discover (DFS) also offers zero-liability and monitoring of all Discover card purchases.
In theory, the same holds true for debit cards. If a card is reported lost or stolen before any additional charges are made, the cardholder isn't responsible for any of the charges. If it's reported within two days, liability tops out at $50 and $500 if the loss is reported two to 60 days after the theft of the card. If the number, rather than the card, is stolen, the cardholder isn't responsible for the charges as long as the loss is reported within 60 days.
However, with debit cards, recouping any lost cash or emptied accounts can be difficult and time-consuming, and have far-reaching consequences when the rent is due and the bank account is empty.
But the hack itself may just be the beginning. Once the credit card information has been obtained, the thieves can contact cardholders posing as representatives of their bank's fraud department to gather more information.
Old Protections No Longer Apply
The Federal Trade Commission offers advice for protecting personal credit information and the FBI offers tips for keeping online retail transactions safe.
The same technologies that help enable credit card theft can help thwart it, says Steve Weisman, author of "50 Ways to Protect Your Identity in a Digital Age." He points to email and text alerts and real-time transaction updates as means of tracking potentially fraudulent transactions.
He also recommends not storing credit card information in online retail accounts, ensuring smartphones have a complex pass code and limiting information sharing on social media networks, which can be used to piece together passwords and security questions for bank accounts.
These tips are helpful for keeping credit card information safe while it's still in your possession, but there currently are no safeguards for inoculating against theft due to a retail hack -- except, of course, to use cash.