What do you do if you've been the victim of a data breach, and your personal or account information has fallen into the hands of criminals? That's not as theoretical a question as you might hope. Some 41 percent of American consumers have experienced just card fraud -- let alone other losses -- in the last five years, according to the Aite Group's 2014 Global Consumer Fraud Survey. And certainly the Target breach, in which hackers grabbed 40 million card numbers and 70 million addresses, phone numbers and other pieces of personal information, was headline news.
Few actually know they're victims
It turns out that what people should do when they've been the victims of data breaches and what they actually do are two very different things. CardRatings.com recently commissioned an OP4G survey to question a representative sample of 2,000 married American homeowners, ages 25 and up, and split evenly between men and women.
The first -- and arguably most concerning -- finding from our survey is one that suggests many simply don't know they have been victims of data breaches. Only 25.5 percent of our respondents said they had been, which is worryingly short of the likely actual number. Last year, ID Experts, a company that specializes in "data breach care," told PCMag's SecurityWatch that more than 600 million records had been compromised in security breaches in this country between 2005 and 2012 -- and that's roughly two events per citizen. So probably close to 100 percent of this survey's respondents have been victims (especially if you believe homeowners age 25 and older are likely to have more accounts and be on more databases than others), but 74.5 percent didn't know.
What victims might do
So what do victims do when they become aware that their data have been breached? We asked them whether they'd carried out all or any of seven actions, and the following percentages reflect how many survey participants had taken action:
- Check credit card statement: 51.18 percent
- Check credit report: 45.29 percent
- Check bank account: 54.31 percent
- Stopped using my credit card: 37.84 percent
- Stopped using my debit card: 32.75 percent
- Signed up for credit monitoring: 24.31 percent
- Put a credit freeze in place: 24.12 percent
What too many victims don't do
The bad news is 48.82 percent said they didn't check their credit card statements and 45.69 percent their bank accounts. No, really! Very nearly half reported they didn't bother to check either when told their data had been compromised.
Maybe those two results were a result of sangfroid. After all, statutory protections and company policies mean you're very unlikely to suffer a significant financial loss -- at least in the long term -- as a result of criminals fraudulently accessing such accounts. Still, roughly one in three stopped using their credit and debit cards, and 86.27 percent received replacement cards with new numbers.
Credit reports critical
Meanwhile, only 45.29 percent said they checked their credit reports -- a number that drops to one in three among those within the 25-34 age group (33.33 percent). But failing to carry out that check seems like madness. Surely everyone knows how potentially damaging and stressful identity theft is, and a data breach often gives thieves just the information they need to hijack yours. Monitoring credit reports can give an early warning of accounts being wrongly opened in your name, and can help you head off problems before they become too serious. And, nowadays, many free credit score services like WisePiggy.com can alert you to new accounts appearing on your report. The Bureau of Justice Statistics says "about 7 percent of persons age 16 or older were victims of identity theft in 2012."
And yet fewer than one in four survey respondents said they'd either signed up for credit monitoring (24.31 percent) or put a credit freeze (aka "security freeze") in place (24.12 percent). The latter means nobody (including lenders) can access your credit report without your permission, which effectively puts a stop to the opening of unauthorized new accounts. Credit bureau Experian explains, "When you place a security freeze on your file, you will be provided a personal identification number or password to use if you choose to remove the security freeze from your file or authorize the temporary release of your credit report for a specific person or period after the security freeze is in place."
Credit cards better
When asked whether they thought it safer to use a credit card or debit card, a slim majority (54.35 percent) got it right, and opted for credit cards. These have superior statutory protections against fraud.
But they're better in an even more important way: If there's an unauthorized transaction on your credit card statement, you are legally entitled to refuse to pay, and it's the issuer's money that's gone. With a debit card, it's your money that's disappeared, and you have to persuade your bank that it should recover it -- and then wait while that happens. Unfortunately, 45.65 percent didn't realize that, and thought debit cards safer.
What to do
Some data breaches are more damaging than others, and your reaction should be proportionate. Check online for the victim company's advice, and follow it. Your options include:
- Keeping a close eye on accounts that might have been affected.
- Requesting replacement card(s) from issuer(s).
- Subscribing (some are free) to a service that can alert you to new accounts being opened. Some retailers that have been victims offered to pay for such services for affected customers.
- Switching to a different credit card from the one that might have been compromised.
- Favoring your credit card over your debit card.
- Considering, if the threat's serious, a credit freeze.
Just don't switch to other payment methods. Cards -- and especially credit cards -- remain the most secure ways to pay.