CreditCards.com

Protecting yourself

Lying to protect your card account from ID theft: Why experts discourage it

Jeremy Simon

Would you lie to your bank if it meant protecting yourself from identity theft?

Although some cardholders indicate they would stretch the truth to keep themselves safe — telling the bank a credit card was lost or stolen when, in fact, that wasn’t true — lying could actually end up hurting you, experts say.

In a recent blog, I described how data breaches have driven my bank to re-issue my credit card twice this year. Readers responded to that blog post with some great comments, detailing their own experiences of compromised credit card information. One comment in particular stood out.

A reader named David described how, although his Bank of America debit card was compromised, he never received any notification of a data breach from the bank. “It turns out that BofA had been processing ATM charges against my checking account for several months,” David writes. “Upon review, innocent-looking charges were on my statements, such as ‘e-Bill Pay $ 39.00.’ As I paid credit cards and other bills through this account, and the amounts were relatively small, these transactions did not stand out. But the problem did not stop there. Because my business checking and savings accounts were LINKED (which is required for you to transfer funds from one to the other), BofA KEPT PAYING FROM MY SAVINGS ACCOUNT even when the bogus charges became more obvious.”

David includes further details about his debit card experience from hell (including what he viewed as a poor response from BofA), then offered the following advice for fellow cardholders:

“As a matter of basic security, and even if you have to lie about it for your own protection, it’s a good idea to have your card reissued, with a new account number, periodically. It might be the best way to proactively protect yourself, and to a large degree, you are the first line of defense against fraud, and sadly, maybe the ONLY line of defense. Changing the card number will do more to protect your account than any other single thing you can do,” David writes.

But will lying to your bank really keep you safe? To find out, I asked several experts.

“I have not heard this recommendation before. I would not advise it,” says Edgar Dworsky of consumer education website ConsumerWorld.org. “You will have to lie to get the card reissued because you will have to say the card was lost or stolen or used fraudulently. How many times can you do that with the same issuer?”

“There is also a maximum liability of only $50 under federal law to start with for fraudulent charges on your card, and many banks advertise zero liability,” Dworksy says of credit cards. “So you are not preventing a loss of money by getting a new card number issued.”

The U.S. Federal Trade Commission also discourages lying to your bank. “We would not recommend that advice. It could cause more problems than it would solve,” says Lisa Schifferle, an attorney in the FTC’s Division of Privacy and Identity Protection. She explains that since the consumer’s credit report may list each new card issuance, that approach could impact the cardholder’s credit history. “It may appear to be many accounts instead of one account with the number changing over time,” Schifferle says. Since a lengthy credit history can help your credit score, chopping a long-standing account into smaller pieces could hurt you, she suggests.

Instead, if you’re worried about card security, try the following:

Check your credit reports and account statements. “I think the best way to prevent card fraud is to monitor credit reports regularly,” the FTC’s Schifferle says. By visiting AnnualCreditReport.com, consumers can request a report from each credit bureau once every 12 months. Look over those reports for any errors or questionable items (such as unrecognized charges or accounts) that could signal ID theft. Debit card holders should check their bank account statements. Contact the bank and credit bureau about anything odd you find.
Get a virtual card number. “Consumers would be smarter to obtain virtual card numbers for use when making an online transaction so an unfamiliar merchant never gets your real number,” says ConsumerWorld’s Dworsky. Use of temporary card numbers — issued by your bank — ensures that even if the number gets stolen, thieves don’t have the information for your actual account. Contact your bank to find out if it issues virtual card numbers, since not all of them do. Discover, for example, just this week announced plans to terminate its temporary-number program.

According to experts, honesty may be the best policy. But do you agree? Have you ever misled your bank? If so, what made you lie?

Let me know in the comments section below.

See related:
Despite lingering online fears, virtual credit cards stall

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

  • David

    I am the “David” to whom you refer in your above article. I did, indeed, write the comment in which I offered an opinion that card re-issuance, even if done by misleading the issuer, is a good way to protect yourself from criminals. I offered the comment somewhat tongue-in-cheek but after now being left to own the comment, I have to say I still believe it’s a good idea. I mean no disrespect, but I don’t think you’re experts know the all of the details of debit card, fraudulent transactions and the programs that supposedly offer protection against them.
    I note these people , from whom you solicited comments, at no point mention that this would be illegal, nor did they suggest it would not be an effective way to head off card abuse. I’d like to offer the perspective of a card abuse victim to their comments.
    Dworsky/ConsumerWorld.org – The reason this is the first you are hearing of this “recommendation” is because this hasn’t happened to you, or anyone your know, yet. You should not be so quick to dismiss it until you gather all the facts. People misplace or lose things all the time; you don’t have to report a crime. My personal opinion is that you do not have to do seek re-issuance regularly but “periodically” commensurate with any imminent risk , degree & nature of card use and other factors. I’m sorry, Mr. Dworsky, but you are grossly misinformed as to the “maximum liability of $50.00 under federal law”, at least in California. That slogan sounds great in advertising but unless you read the details, in some cases it’s nothing more than the illusion of protection, in effect deceiving consumers into believing that any fraudulent charges over $50.00 are covered. They are not.
    In the name of full disclosure, that line should read as follows: “Maximum liability of $50.00 under federal law provided you contact the card issuer no later than 60 days from the date of ANY fraudulent activity on your account. If your account experiences any fraudulent charges, even if you do not notice or report them, the first date of any such prior fraudulent charge shall be the date that this 60 day period begins. You are responsible for all charges, including fraudulent charges and any overdraft or related fees, that are incurred AFTER the expiration of that 60 day period regardless of when any prior fraudulent charges are subsequently discovered”.
    Your comment that you are not preventing loss by getting a new card number issued is wrong. I lost thousands because I did not catch a tiny, inconspicuous $39.00 charge several months prior. The FIRST thing BofA did, was try to determine how many statement periods they had to go back to find ANY instance of fraud. Why? It’s because their liability will only go FORWARD 60 days from that point. So, the further they can go back, the earlier they can “use up” their 60 day window of liability. The fact that I did not catch it was used against me. Most of the larger, fraudulent charges were in October so once BofA found that $39.00 charge appearing on an April statement, they told me that meant BofA was not liable for any charges after June. They don’t go BACK 60 days from when you notify them. They go FORWARD 60 days from the first sign of any unreported, fraudulent activity they can find. And, they can apparently go back as far as they want. No mention is ever made of any such 60-day period when anyone ever quotes that $50.00 maximum liability clause, including yourself when you made reference to it for this article. If an informed gentlemen such as yourself did not know this, then how can you reasonably expect the average consumer to know about it?
    A BofA fraud department rep acknowledged to me on the telephone that these scam artists are “tricky and know how to bury charges on accounts”, but yet BofA became speechless when I asked them why, if they know this, did they not act or inform me that such a suspicious charge was present on my account. ( I was later advised that this person should not have told me that) Of course. This person went on to admit that a common technique is to submit one of the small, innocent looking charges to see if it will be challenged. If it is not, it is done again & perhaps again eventually leading them to apparently believe that this charge has been accepted as “standard recurring” or until such time as they can determine the proper timing to make one last, big score. So, BofA knows this.
    BofA was like an insurance company. Their first posture was a blinding-speed search for a reason why they should not have to pay. When they found one, everything changed. There was no concern whatsoever for my distraught condition, my financial loss or any laws being broken. I have acknowledged that I share some responsibility for performing only a quick examination of my statements, but most consumers like myself can be fooled by such innocent looking & small charges and the tricks criminals will use. So, there’s the letter of the law and the spirit of the law. In this case, BofA did not adequately inform me of the terms of their $50.00 maximum liability program, failed to notice what to me was obvious “out-of-pattern” and/or unusual activity less than 30 days prior to my reporting fraud, failed to inform me of the risks of linking my savings account to my ATM card and in general, ceased to be on my side, once the fraud occurred and they located a loophole. Additionally, when I went into the local BofA branch, a bank VP who tried to help me was met with stone wall after stone wall from his superiors. I was there for hours. Like you, Mr. Dworsky, this bank VP was obviously unaware of the protection program’s fine print and was seemingly embarrassed by that. He also seemed surprised that the bank was leaving me out to dry. His demeanor changed abruptly. It’s as if, suddenly, they had no interest in the fraud. The only threat to them at that point was me, their customer.
    If, during that time prior to October, I would have had my card re-issued, for whatever reason, I would have saved myself thousands of dollars, plus the time, energy, stress and the numerous other negative effects. I submit to you that my original suggestion holds. As it has now been proven to me that one’s bank cannot seriously be counted upon to act to prevent such instances of card abuse, that the bank actually will seek to limit their own liability first before addressing my problem, that the bank possess knowledge of tricks used by card frauds but may or may not disclose them to me, that the bank will seek payment for overdraft fees that occurred as a direct result of their own negligence, that senior bank personnel are not familiar with the details of consumer credit card protection programs and that the fact that my being the victim of a crime seemed inconsequential, I have no doubt that a reasonable mind might conclude that a periodic re-issuance of a card would merely be a prudent act to protect oneself from not only fraudulent transactions, but from bank incompetence or indifference as well.
    Schifferle/FTC – First, let me applaud what you do. Your degree from Yale and vast, legal work experience will hopefully go a long way to help you protect consumers. However, I respectfully feel you also do not understand how the deck is stacked against consumers in such instances as these. I “discourage” my kids from lying , but if a little white lie will save them thousands of dollars, and protect them from criminals and a huge, greedy corporation that only sees them as a walking dollar sign, I will try to teach my kids that sometimes in life, it may be necessary to bend the facts to protect what’s yours. If your argument against my re-issuance suggestion is based on moral reasoning, that lying is wrong, one can only hope that FTC efforts to protect consumers from giants like Visa, Master Card and other huge, financial mega-corps, does not also rely on discouraging and the taking of moral high ground. These companies couldn’t see the little guy with a telescope. They hold most of America’s consumer debt, are extremely profitable and have tremendous political influence in Washington. I just had my accounts cleaned out and am wondering about paying next month’s bills and you want me to ignore a legal, proven means of protecting myself. Changing account numbers is so simple, that it actually works.
    After you have lost thousands of dollars you thought you were protected from losing, after you lose your savings, after your bank piles on fees for the trouble THEY just went through paying all those fraudulent charges, after your image of the bank being a safe, friendly place is shattered, after your business is dealt a fatal blow, perhaps you might grasp how possibly losing a few points on my credit score just seems a little more acceptable. I value my credit score and want to keep it, but if the FTC wanted to help consumers, you should mandate that ATM cards can be periodically re-issued, without penalty, as a prudent, effective and common-sense precaution against identity and card theft or abuse. You could even charge a small fee. This measure alone would drastically reduce card abuse. The card abusers can certainly figure out that American institutions don’t like to let, or as you suggest, will penalize people who change their card numbers. So, by anchoring consumers long term to just one account number, you in effect are making it easier for them to be abused. The FTC, like American consumer protection law, is way behind the criminals & improperly influenced by the Visa/MasterCard & banking lobby. Chopping a longstanding account into smaller pieces is not what is happening. What’s happening is weaponless consumers are trying to find a way to protect what little they have and there are two, well-equipped opponents; criminals & banks. In American today, many average consumers will suggest to you that there is a fine line between the two.
    I recognize that my perspective is different than those who have not been victimized as I have. But the perspective I now have is unique and this information needs to be heard. I’m not trying to create paranoia, but again knowledge is power. My analogy is this; if you want to know how to survive a plane crash, don’t just ask the pilots or the engineers; also ask the guy who walked out of the wreckage.
    But I’d like to also provide some unique full disclosure of my own regarding the section, “Instead, if you’re worried about card security, try the following:” and the failed logic therein.
    1) the suggestion by Ms. Schifferle at the FTC is certainly valid. Obtaining your credit report annually will help you spot problems. But of course, given the “60 Day forward” rule, checking annually is useless for ATM card users . She does mention that debit card (ATM) holders should check their monthly or online bank statements and contacting the credit bureau about anything “odd”. Of course, “odd” is a relative term. “e-Bill Pay $39.00” did not appear “odd” to me at first glance. What the card issuers and banks are doing is placing the burden back on you to not to just review every charge, but view every transaction with great suspicion. Then, you must take the phone time necessary to submit a challenge to any and all questionable charges. Given the bank codes used, the nature of 3rd party billing practices and the general lack of information on your statement, you will suddenly begin to see bad guys behind most of your transactions. You are then required to invest a great deal of your time and effort to, in effect, become your own “Fraud Detection” department, something you thought the bank was doing. (remember those reassuring ads?) But here’s the strange part.
    BofA has a “Fraud Detection” department. In my case, the largest bank in American proved no match for the criminals spending my money all across the UK. For example, apparently BofA did not consider a flurry of overseas charges in a 2-week period, some almost simultaneously in Dublin, Ireland and Southern California, to be anything unusual. They give you a statement and you can get a credit report and that’s all they have to do, legally. Everything else is up to you. What you must do is take a more aggressive stance because, in my experience, the bank is either incapable, inept or disinterested in active protection measures. And, remember this; if you do NOT challenge any/every suspicious charge, it could be used against you at a later date, as it was used against me, by making the charge back on that date, retroactively, the start of your 60-day window of bank protection. In such cases, not only are you not protected, you’ve been unprotected for a while & you didn’t even know it. I’ll admit to a paranoid moment as all this craziness was happening to me. There was so much here that just did not make sense, so many unanswered questions, so little help or concern, it actually seemed plausible that BofA and the people cleaning out my account were splitting up the booty.
    2) I’m sorry but getting a virtual card number will only work for you in a narrow group of circumstances. Even though Mr. Dworsky states that this would be “smarter” for online transactions, it’s still a cumbersome process. If you’re buying something expensive online or real world, DON’T use your ATM card; use a credit card because you will then be playing with money that is not sitting in your checking account. If the bank is on the hook for making good on a bogus purchase, just sit back & watch how fast they move. The fact that DISCOVER CARD is terminating it’s temporary numbers program is telling you that it either doesn’t work or is not being used by consumers, likely because of the inconvenience.
    In summary, please let me make the following final points;
    1) Using your ATM card, despite that little Visa/MC logo, means your playing with YOUR money. A credit card means your using the bank’s money. You have to know that important distinction. Use your ATM card less; use cash or use your credit card & then just add that amount back on top of your credit card payment each month. The bank is a lot less concerned if you lose YOUR money and that’s the sad reality. VISA/MasterCard have no liability whatsoever, and always get their fees. You are the only one risking anything when you use an ATM card.
    2) if you are an active ATM card user, try to keep less money in your checking account. UNLINK your savings account from your ATM card; a little inconvenient to transfer money between the two but since the bank doesn’t tell you, I will. This will keep your savings account safe from criminals who jack your ATM card number.
    3) In general, try to use all cards less. The banks will hate this advice, of course, but the less you use them, the less your chances of being a victim of card theft or abuse. Use cash more. Even criminals know that people don’t carry around cash like they used to. Also, by using cash, you are not tracked by your bank & other companies who then might sell your buying habits to others, thus doubling their profits off of you. All merchants love cash, and some offer a discount for using it. Privacy experts will tell you that today, old-school, land line phone calls are vastly more secure than cell phone calls. Sometimes, going back to the old ways, perhaps precisely because they are “old” ways, is a safer way to operate in a modern world. Today, the odds of getting robbed electronically are much greater than being held up at gunpoint.
    4) Challenge any and all charges that appear the least bit suspicious on your statements. Familiarize yourself with this challenge process and try to determine from your bank, EXACTLY the point whereby you have “officially” met the legal definition of having properly challenged a questionable charge. Don’t be afraid that you are overworking your bank’s fraud department. They will just change their policy when too many people start challenging; probably start charging for it. Just keep in mind that the folks down at the bank are likely not as smart , or motivated, as the bad guys.
    5) Card abuse/fraud does not just happen to the rich. My modest, middle class balances were just as attractive to criminals. Even if you only have $100.00 in the bank, I can assure you that, somewhere, there’s a criminal that could care less about making you penniless.
    6) Visit, read and consider the advice offered by consumer web sites. Repeating again (sorry) but information is power. The internet is the place where you can obtain a great deal of understandable information about how to protect yourself and your assets, including information about things your bank/card issuer will only tell you in a multi-page, tiny booklet that requires a lawyer to understand. Become active in your support of consumer privacy and consumer protection as those two often overlap. Visit sites like http://www.eff.org, http://www.epic.org, http://www.ftc.gov, and others you can find by just “googling” the term “consumer protection”. And don’t just go to government sites. The non-profits and even some of the blogs, like this one, are much freer to go into detail, provide typically better ideas, offer better links to similar sites and are typically free of any thoughts that big financial firms have any influence over what you are reading. Demand greater consumer rights and privacy protection from your elected officials.
    7) I saved this one for last because it’s the most controversial, apparently. If I had a lot of ATM card “exposure”, or if I had reason to believe that my card number might have been compromised, I would lose my credit card and ask immediately for a replacement. The changing of your account number is about the single BEST thing you can do to thwart criminals. You might also be doing law enforcement or your fellow consumer a favor. That card number will now be “flagged”, which turns the tables on the criminals as any use of it might be met now by a law enforcement response. Again, if you have a legitimate concern for the safety of your card information, and given my suggestions to you that you cannot realistically rely on the bank or that “$50. Liability Limit” to protect you from educated, aggressive criminals, then you should consider doing anything within the law you can do; then go do it.
    I appreciate what JEREMY SIMON is doing with this blog. He is trying to make a positive difference in the lives of consumers. I would like to thank Mr. Simon for this opportunity to be heard. The American consumer needs more people just like him.
    DAVID

  • Nancy

    We have just received yet another set of replacement Visa cards from Bank of America. This has happened twice before, for reasons that are never shared with us. I’m grateful to be protected from fraud, but hate the way this leads to an accumulation of closed accounts on our credit reports, always with a notation of “lost or stolen card,” as if we had anything to do with it or could have prevented it. On a recent mortgage application, our credit scores were downgraded for “too many accounts” when the truth is that we have used just one credit card account since 1994. The report shared with us by the mortgage bank also said “balances too high” when we have always paid off our entire bill each month. And our credit history was rated as “insufficient” because our 2 previous house mortgages were paid off long enough ago to have aged out of our credit reports. We need some serious reform of the US credit reporting system, in my opinion, so that it better reflects who is willing and able to pay what they owe.