Protecting Yourself from Credit and Debit Card Fraud – What Your Bank May Not Be Telling You

by Jim Malmberg

Man with debit or credit card

Within the past two months, it has happened to me twice. I’ve received notification that a credit or debit card of mine may have been compromised. In one case, that notification came in the form of an e-mail message. In the other, it came via snail mail. In both cases I contacted the banks involved and what I discovered was that if you don’t ask the right questions when you are speaking to their customer service, you could actually still be victimized even though your bank is well aware of the situation.

You might think that once your bank determines that your credit card number is compromised, that at the very least they would place a hold on your ability to make new purchases. And when it comes to debit cards that are tied to actual checking or savings accounts, you might think that they would turn the card off completely if they think that it could be used to drain your accounts. But that isn’t what happens.

Last month, I received an email message that looked like it came from my bank. The message said that my debit card had been compromised in a data breach and that the bank would be issuing me a new card. Thinking that the mail message might be a phishing message from a hacker, I didn’t click on any links. Instead, I pulled my debit card out of my wallet and called the number on the back of it to get more information.

As it turned out, the email was legitimate. So, I asked the agent that I was speaking with how long it would be before I got my new card. I was told it would be a few days. I was just about ready to get off the phone when for some reason I decided to ask the agent if my old card had already been deactivated. Much to my surprise, I was told that it would continue to function for the next two weeks… even though the bank knew that some criminal might have access to it. I asked that it be turned off immediately.

At first I thought this was a problem with that specific bank. But when new credit cards arrived in the mail… for a card that had just been reissued a couple of months ago… I started down a path that would lead me to believe that this is an industry issue. Those cards arrived, unannounced and unexpected in the mail, along with a small package of information.

When I pulled out my old card, it said that it wouldn’t expire for another two years. So then I started comparing the credit card numbers. The new cards had new numbers. The only think I could figure was that there had been a data breach. So once again I called my bank and was told that yes, in fact another merchant had had a data breach more than a week earlier. And my credit card had continued to function from the time that the breach was discovered until I called in.

These were two separate incidents with two separate banks. In both cases, the banks refused to give me information on the merchant where the breach occurred. And in both cases, the banks were more concerned with inconveniencing me than they were with protecting me. Frankly, I resent it.

So a word of warning to anyone who receives a notification that their data may be breached. Make sure that you call your bank or credit card company and have them shut down your cards immediately. While the banks involved in my case may not have wanted to inconvenience me, I’m absolutely positive that if purchases had been made in my name, using my credit, or by draining my bank account, the mess that would have been created would have been mine to clean up. And I sincerely doubt that I would have received much assistance from either of these banks.


Jim Malmberg, ACCESS, American Consumer Credit Education Support Services, is a non-profit, tax exempt 501(c)(3) consumer advocacy group whose primary purpose is to disseminate credit education information and assistance to the general public, visit