Cyber security attacks that compromised the credit card information of hundreds of millions of customers at major retailers like Target over the holiday season drew vast national media attention. But "there's actually been a number of breaches over the years," Consumer Financial Protection Bureau Director Richard Cordray told CBS News; "your information is always at risk, every day."
Claiming nearly half of the world's credit card fraud incidents, the United States draws attackers for a number of reasons, including its lag to adopt the European chip-and-pin system. It's also, of course, the biggest market in the world: "Certainly as they used to say about robbing banks," Cordray said, "that's where the money is."
But if a breach does occur, U.S. consumers can rest assured that they're protected under federal law.
"The first thing is, you have the ability to try to protect yourself," Cordray said. "You should be paying very close attention to your accounts, monitoring your accounts, looking for any sort of suspicious activity. Some of it may even be a very small amount of activity, because sometimes they start by doing that to see if it's a live account.
"Any problem that you see, you should report immediately to the credit card company, because they do have obligations to resolve disputes and correct errors for you," he went on. "Credit card issuers have obligations to you - banks and retailers do as well."
Reporting suspicious activity early offers consumers their best bet at getting resolution and minimizing damage done.
"There's limitations on how much you can be out of pocket," Cordray said. But if a consumer's not satisfied with the way they're reimbursed by the card company, bank or retailer, he continued, "file a complaint with the federal consumer financial protection bureau - consumerfinance.gov - give us a chance to work it through for you and make sure that you're being treated properly."
Cordray also cautioned against using solicitous services that might contact customers offering help in compensation after a major breach like Target's.
"They may seem very plausibly to be trying to help you," he said. "Don't give them your financial information; that would be an error. If you're contacted and you don't know who it is, go and get the number and the right information for your credit card company and bank, and you contact them so you know exactly who you're talking to. That's a very important thing for consumers."
As for consumers rallying for the U.S. to replace mag-stripe credit cards with chip-and-pin systems, or for companies to accept bitcoin payments, Condray said, keep in mind: The options "may be more convenient for the consumers, but they also create new risks."
"This," he said, "is another reason why I think the whole industry has to review and think hard about their practices."