The number of major chains reporting breaches of data security since the start of the Christmas holidays continues to grow with Michaels the latest to announce problems late last week.   Almost anyone who uses credit or debit cards has to worry that their personal or credit information has been compromised.  Some stores have even reported thefts of data from customer email or mailing lists.  Today the Consumer Financial Protection Bureau (CFPB) published tips to help consumers protect themselves from fraud and pointing them toward help should they have a problem.

"Consumer financial products often involve significant amounts of consumer data," said CFPB Director Richard Cordray. "In light of recent data breaches, we want to be sure that consumers know how to protect themselves and where to turn if they do suspect fraud."

The CFPB advisory calls payment cards - credit and debit cards including prepaid versions - as among the most commonly used consumer financial products.  Nearly three-quarters of Americans have at least one credit card and debit cards are used even more frequently for purchases.  The recent data breaches may have exposed millions of payment card accounts to potential fraud and millions of consumers could have had personal information stolen separately from card information.    

CFPB offers the following guidance to help consumers protect themselves from data theft:

  • Review accounts regularly. Check frequently on-line if possible, but at a minimum review monthly printed statements. CFPB said thieves often test accounts by making small purchases so watch for and report these as well as major expenditures. Problems can occur months after an actual data breach so continued vigilance is important.
  • Consumers should consider changing their pin numbers even if there is no indication they were stolen.
  • Alert the bank or card provider immediately if fraud is suspected. Under federal law the consumer is generally not responsible for unauthorized debits or charges as long as they are reported quickly.
  • Keep any evidence of fraud and record when and how it was reported it to the card provider. Follow-up to be sure proper corrections are made.
  • Be alert for phishing. A legitimate bank or card provider will never ask for account information by mail or email. If requests for card numbers, pin numbers, Social Security numbers, or other information is requested report it to the card provider. If an email directs a consumer to a website where information is requested be aware that site may not be legitimate and contact the provider.

CFPB also reminded consumers that its staff is available to assist consumers if they are not satisfied with how their own bank or card provider responds to a report of fraudulent card use.  Complaints can be submitted by phone at (855) 411-CFPB (2372) or TTY/TDD phone number at (855) 729-CFPB (2372), by fax at (855) 237-2392, or online at