The massive security breach at Target, which involved the theft of data from 40 million customers' credit- and debit-card purchases, raises a new question for consumers: If you were one of the data-theft victims, should you get a replacement debit card?
Over the weekend, JPMorgan Chase, the nation's largest commercial bank, answered that question for its own customers when it sent email notification that it would be replacing all compromised Chase debit and Liquid prepaid cards in the coming weeks.
Other big banks, however, have not done the same. So what if your debit card was issued by one of them?
"If a consumer knew they used their debit card at Target during that time frame, I would definitely go ahead and ask for a replacement card," says Steve Robb, an executive at ControlScan, an Atlanta-based payments security firm.
We agree. Debit cards are tied to your checking account, which is your core money-management tool. Although fraudulent charges to a credit card can be easily fixed, unauthorized withdrawal of funds from your checking account could set off a cascade of bounced checks—for rent or mortgage, utilities, and credit-card payments. That, in turn, could trigger bounced-check and late-payment fees.
Monitoring your checking account for fraudulent charges may not be enough, either. A crook with your debit-card information can patiently wait weeks or months to steal from your account—after you've long forgotten about the threat—and you might miss a fraudulent charge that blends in with many others.
No other banks have announced a similar replacement program yet.
"If we believe the account is at risk for fraud, we will notify a customer and reissue the card," Bank of America told Consumer Reports in an email statement, which suggests that the Target breach doesn't necessarily put all affected cards at risk.
"We reissue cards as appropriate when we believe the customer's account information may have been compromised and may be at risk," said Emily Collins, a Citibank spokeswoman, also via email.