Recent large scale thefts of credit- and debit-card information from Target, Michael's, Neiman Marcus, and other retailers have left many people wondering if it is safe to continue paying with plastic. The thefts have also underscored the importance of understanding the fraud-related laws and policies that cover credit and debit cards. Here's what you need to know.
Credit-card vs. debit-card protections
- With a Credit Card
If you report the loss or theft of a credit card before it's used, federal law states that the issuer cannot hold you responsible for any unauthorized charges. If there is fraudulent use before you report the card missing, the most you will owe is $50. But Visa, MasterCard, American Express, and Discover provide additional protection in the form of zero-liability policies that cover you for all fraudulent uses.
- With a Debit Card
Federal law states that if your debit card is lost or stolen and you notify the issuer within two business days of discovering the problem, your liability for unauthorized charges is limited to $50. That rises to $500 if you wait more than two days after the card goes missing but notify the issuer about an unauthorized charge within 60 days of the issuer sending a statement listing the charge. Wait longer than that and you could be liable for $500 plus the amount of any unauthorized charges made after the initial 60-day period. Thankfully, many debit-card issuers provide more comprehensive protection, limiting liability for all fraudulent use to $50.
Of course, not knowing that your card information has been stolen will affect how quickly you're able to report fraudulent use! That's what happened at Target. No one's wallet or purse was stolen or lost. The victims simply swiped their cards through a store's card reader when making purchases and had their information stolen by illegally installed card-reader software.
The fraud protections many issuers offer for credit cards and debit cards may sound similar, but as we're about to see, there is one striking difference.
A key difference between credit and debit cards has to do with how payments are made for purchases.
If you had used a credit card at Target when the data thefts were occurring, and if unauthorized purchases were then charged to your card, no money would have come out of your bank account. Instead, the amounts would have shown up on your bill, with a payment due date perhaps several weeks away. That would have given you time to dispute the charge. By law, when you do that, you are under no obligation to pay the disputed amount while the issuer investigates.
On the other hand, if you had used a debit card at Target and unauthorized purchases were then charged to your card, the money would have come out of your bank account almost immediately.
Filing a dispute in that case isn't about who's going to cover a charge that shows up on a bill. It's about getting money back into your account after it's already gone.
Two types of debit-card transactions
Many debit cards offer a choice between credit and debit when making a purchase. If you choose debit, you need to enter a personal identification number (PIN). If you choose credit, you sign for the purchase instead. While both transactions draw funds from your checking account, they are processed differently. PIN transactions debit the account right away, while signature transactions debit the account 1-3 days later. Importantly, there are fraud protection differences between the two debit-card purchase options as well.
Financial radio host and author Dave Ramsey, a proponent of using debit cards instead of credit cards, recommends signing for debit-card purchases: "This will ensure that you are protected by the card company's zero-liability policy — you will not be responsible for unauthorized transactions," he notes on his website.
While it's true that Visa and MasterCard-branded debit cards do promise zero liability on signature-based transactions if there is a fraudulent transaction, the missing money won't always be returned to your account immediately. Policies vary, but banks generally have 10 days to investigate whether they have to replace the money. In the meantime, because of the reduced checking-account balance, the card-holder may not be able to pay other bills and could incur overdraft or bounced-check fees.
What’s a plastic payer to do?
The Target data theft, and others like it, are especially confounding because there is nothing a victim could have done to prevent it. Thankfully, better protection is headed for the U.S. in 2015. That's when card issuers are slated to switch to a technology called EMV that stores critical data on a chip inside the plastic rather than on a magnetic stripe. This makes the information less vulnerable to theft.
As we wait for crime-prevention technology to catch up to the criminals, credit cards generally provide better fraud protection than debit cards — or, at least less hassle if you ever have to deal with fraudulent use of your card.