How to Tell If Your Credit Card Was Hacked in the Global Payments Breach [Updated]
On Friday, March 31st, news broke that credit card processor Global Payments suffered a massive security breach, in which intruders made off with thousands—possibly millions—of credit card numbers from hundreds of of card issuers worldwide. The story is still developing, and the hows and whys of how the card numbers were lost will be debated for years, but the bigger question is what should you do right now to make sure your money is safe? Here are a few tips.
Global Payments is a credit card processor, meaning they're one of the companies responsible for handling your transaction when you swipe your credit card at a register. The retailer sends your information to a processor, who then forwards it to Visa, Mastercard, or another issuer, who handles the transaction with your bank. Card processors are frequently the target of these types of attacks, mostly because they handle transactions for every brand and type of credit card, for banks all over the world. Photo by Andre Blais (Shutterstock).
Estimates for how many card numbers were lost in the breach range from 50,000 cards all the way up to 10 million, so odds are we won't know for sure how many accounts were really compromised until the dust settles a bit. The Wall Street Journal reports that Global Payments is one of the country's largest processors, and while we know they work closely with New York cab and parking companies, WSJ says they actually have a significant client list and the size of the breach could mushroom. Visa and Mastercard have, for their part, already acknowledged that Global Payments has alerted them to the breach, and stress that their own networks have not been compromised. Discover and American Express, on the other hand, say they're keeping an eye on things.
The scariest aspect is that it's possible the thieves have had access for a while now, have been stockpiling credit card numbers for months, and only now have been discovered. According to some analysts Mastercard has already reached out to some banks and card issuers to let them know which accounts have been compromised. That said, there are a number of things you can do right now to make sure you're on top of it if your card is one of the ones lost.
Update: Visa has confirmed that up to 1.5 million North American credit card numbers were obtained by the thieves in the Global Payments breach, and have subsequently removed Global Payments from their preferred list of card processors until they re-certify their data security practices with them. Mastercard is still investigating, Global Payments says they have the breach "contained," and all parties say they're contacting specific banks, who will then contact individual card holders if their credit card was among the ones stolen.
A spokesperson for Global Payments told the Consumerist over the weekend that the issue is confined to North America, and that while credit card numbers and expiration dates were stolen, additional information about the cardholders like names, addresses, and social security numbers were not. This means that wholesale identity theft may be unlikely, but credit card re-use and fraud are still distinct possibilities, if the thieves see fit to resell the card numbers they've obtained to the highest bidder.
Contact Your Financial Institution
We haven't seen any kind of full disclosure from any of the companies involved in this yet, mostly because they're all likely trying to get their stories straight before they open their mouths to the public. In the interim though, there's no harm in contacting your credit card issuer to see if they're aware or doing anything about the issue. You'll likely get hold of a tier one customer service rep who may not even know the news, much less have some copy prepared to read to you about it, but you can always ask more generally about how they handle data breaches and fraudulent transactions on a stolen card.
After all, :you're not liable for purchases on a stolen or copromised credit card. Ask them if they offer credit monitoring in cases like these, whether it's a free service, and how long they'll monitor your account. If it's free and monitored for a few years, spring for it—if not, hold off. If your issuer did lose numbers in the breach, the first thing they'll do to smooth it over with you is give you a few months of free monitoring. Regardless, now is a good time to call your issuer and make sure you're up to speed on their policies around fraudulent transactions and identity theft.
Keep An Eye On and Review Your Statements
Fortune reports that the thieves may already be using some of the credit card numbers they've obtained, and Gartner points out thatif you've used your credit card in the past few months to pay for a cab or parking garage in the New York City area, you're in a particularly high-risk group (since that's where the Global Payment attack originated, and the first information to be accessed.) Even if that doesn't describe you, now is a great time to pore over your credit card statements from the past few months and make sure you can identify every single transaction posted to your account. Photo by Seth Anderson.
It's easy to let the statements slip, especially if you have your bills set up to auto-pay, but it's important to double-check your statements anyway, even moreso at a time like this. If you see any transactions you can't identify, or you're certain you didn't make, contact your bank or card issuer immediately to report them. It's also worth checking out whether your bank or card issuer lets you set up transaction alerts, so you're notified if your credit limit falls below a certain amount, card activity goes above a certain level, or purchases over a given dollar amount are made.
Like we said, Mastercard has already contacted individual banks, credit unions, and other card issuers to let them know what information has been lost. Visa will likely follow suit, if they aren't doing so as you read this. The next step is public disclosure from those companies, and for those companies to reach out to individual cardholders to let them know whether their data has been compromised. Bank of America has said that they're monitoring accounts already, and will contact customers if they see anything suspicious. Photo by Yi Chen.
If you are contacted, you'll have more power at that point—you can cancel your card entirely, request a new one with a new number, or sign up for credit monitoring (which will likely be offered to you for free if you've been affected.) Still, while you wait for the story to unfold, it might be a good time to look over your financial docs and make a sort of credit card emergency plan in case your account is one of the unlucky ones.