In the new reality of surging payment card fraud and identity theft, consumers aren't always up to the task of fighting thieves.
About 90 percent of consumers either fail to check their payment card statements or only skim them, which means many victims fail to catch fraudulent charges on a timely basis, said Yaron Samid, the chief executive of BillGuard, citing research his company conducted.
"People really need to wake up to the reality that data breaches are the new norm," Samid said. "There's no technological substitute for carefully reviewing your debit and credit card statements regularly."
While consumers aren't liable for most fraudulent credit card charges, there are some caveats: If a victim doesn't report unauthorized charges until after two days have passed, she has a $50 liability. But debit cards are trickier, with customers liable for up to $500 if more than two days have passed, according to the U.S. Federal Trade Commission. Even worse, debit card users are liable for all losses in their debit card accounts if more than 60 calendar days have passed.
"The biggest thing to do is to be diligent about tracking your card and to set fraud alerts," said John Pironti, risk advisor with ISACA, an IT and information security association, and president of IP Architects. "Almost all card issuers can put alerts on spending and transactions, so you'll get text messages if a purchase is outside of the norm."
That means that a customer who never spends more than $100 could ask to be alerted by text message if a transaction larger than that turns up on his card, for example.
What's driving the recent rise in data breaches? Some of the problem lies in America's outdated credit card system. Most issuers use magnetic-stripe cards, instead of the "chip and PIN" cards favored in Europe, which are harder to hack.
"The magnetic strip technology is from the 1970s, and our adversaries are not using tech from the 1970s," Pironti notes.
Below are five steps for protecting yourself and your payment cards, gleaned from three security experts interviewed by CBS MoneyWatch:1. Check your payment card and bank accounts regularly by going online to check for unusual activity, BillGuard's Samid said. The sooner fraud is detected, the better your chances will be of thwarting a thief, as well as limiting your own liability.
2. Set up transaction alerts that will provide warnings about unusual activity, such as large transactions. Consider using bill-monitoring software, such as BillGuard's app, which uses crowd-sourcing to flag suspicious activity.
3. Limit your disclosure of personal information on social-media sites. Thieves "will use that to profile individuals and to gain more information about them," Pironti noted. "They will often try to guess your mother's maiden name. Don't put those things out in social media," he said.
4. Avoid situations where your credit-card is taken out of view, cautioned Margo H.K. Tank, a partner at BuckleySandler LLP. "Sometimes this is unavoidable, but in some instances a transaction can be completed with the consumer retaining the card," she wrote in an email. Ask if a restaurant has a portable card reader, so that you can pay your bill at the table, for example.
5. Don't click on links in suspicious emails, especially if the email asks for personal or card information, Tank said. Email phishing scams are widespread, with more than 156 million phishing emails sent globally each day, and 16 million of those make it through spam filters, according to security software company Thawte.
Keeping on top of your accounts and tight control of your data will help fight against fraud, the security experts said. Of course, that doesn't mean consumers can expect to eliminate fraud, although they may be able to limit their losses.
"It becomes a time game between the hacker and the card holder," said ISACA's Pironti. Unfortunately, it's likely that payment card hacks will only increase, he said, adding, "Right now it's too easy for a kid with Google search and a few hundreds dollars to do this."