WATCH ACCOUNTS CLOSELY WHEN ACCOUNT DATA IS HACKED AND REPORT SUSPICIOUS CHARGES
If your information was part of a breach, the most immediate risk is that the thieves may make unauthorized charges or debits to your accounts. Keep a close eye on your account activity and report suspicious transactions immediately to your bank or card provider. The sooner you tell your provider about any unauthorized debits or charges, the better.
Tip: Watch for reports from the merchant that was hacked, or your card provider, about the nature and timing of the security breach.
Check your account statements for unauthorized charges or debits and make a habit of monitoring your accounts
If you have online or mobile access to your accounts, check your transactions as frequently as possible. If you receive paper statements, be sure to open them and review them closely. You should do this even if you're not sure your information has been compromised.
Report even small problems right away. Sometimes thieves will process a small debit or charge against your account and return to take more if the small debit or charge goes through. Look for suspicious activity like unfamiliar merchant names, especially from merchants outside your area.
Fraudulent charges to your card or fraudulent debits to your bank account might occur months after the theft of your information during a data breach. It's important to make a habit of monitoring your accounts.
Alert your bank or card provider immediately if you think your account has suspicious debits or charges
Contact your bank or card provider immediately if you suspect an unauthorized debit or charge.
If a thief takes money from your bank account by debit, or charges items to your credit card, you should cancel the card and have it replaced before more transactions come through. You should also consider changing your PIN just to be on the safe side.
Your best step to protect yourself from unauthorized charges or debits to your accounts is to report that your card or your information has been lost or stolen promptly after you learn of it.
For credit cards
If your account number, not your physical credit card, has been stolen, you are not responsible for unauthorized charges under federal law.
For debit cards
If an unauthorized transaction appears on your statement (but your card or PIN has not been lost or stolen), under federal law you will not be liable for the debit if you report it within 60 days after your account statement is sent to you. But if the charge goes unreported for more than 60 days, your money, and future charges by the same person, could be lost. There are timelines for the bank to investigate and recredit the missing funds to the account after you make a timely report about the problem.
The time for you to report is much shorter if your card or PIN has been lost or stolen (2 business days, in order to limit your liability to no more than $50 of unauthorized charges), so make the report as soon as you learn that your card is missing or your PIN has been stolen.
For payroll, government benefit, and prepaid cards
For these types of cards, your rights vary depending on the card. If you suspect information from a payroll, government benefit, or prepaid card was stolen, check with the provider to find out its policy and deadlines for disputing charges. Your rights vary depending on the type of card.
You can also learn more about your card protections at consumerfinance.gov/askcfpb.
How to report a suspicious charge or debit
If you spot a fraudulent transaction, call the card provider's toll-free customer service number immediately. Ask how you can follow up with a written communication. Your monthly statement or error resolution notice also likely includes instructions on how and where to report fraudulent charges or billing disputes. When you communicate in writing, be sure to keep a copy for your records. Write down the dates you make follow-up calls and keep this information together in a file.
Tip: If you get a replacement card, remember to update any automatic payments linked to the card.
Contact the CFPB if you have an issue with your bank or card provider's response
Card providers should investigate the charges and respond quickly – generally within 10 business days of receiving an error notice for debit card disputes or within two billing cycles for credit card disputes. You have a right to know the results of the investigation.
If you have an issue with the card provider's response, you can submit a complaint to us. Go to consumerfinance.gov/complaint or call (855) 411-CFPB (2372).
HEART BLEED BUG
On April 7, 2014, security researchers announced a recently-discovered vulnerability called Heart Bleed. By exploiting this vulnerability, attackers could access sensitive data, compromising the security of the server and its users. You may have read media reports that say that all online banking websites are vulnerable.
Digital Insight, our online banking vendor, takes security very seriously. They are aware of the Heart Bleed Bug (CVE-2014-0160) and have taken steps to evaluate whether there is impact.
After performing a thorough investigation, Digital Insight research indicates that this vulnerability does not impact Digital Insight Online Banking services because the encryption libraries used for Digital Insight Online Banking do not use the OpenSSL library that is the source of the vulnerability. However, there are a number of ancillary services within your online banking experience that have not yet completed their assessment. Rest assured that we are doing everything we can to help ensure that your information is safe. We will be sure to keep you updated.
TARGET DATA BREACH
ATTENTION: Individual Sutton Bank customers are being notified as we are made aware of specific Sutton Bank debit or credit cards that may be involved in the Target data breach. Please CLICK HERE to leave Sutton Bank's web site and be taken to the Target web site page with detailed information on the data breach and what Target is doing to mitigate damages to its customers. As mentioned on the Target web site, be particularly watchful for emails or phone calls that claim to be from Target asking you to provide credit card numbers or social security numbers to "verify" your account. DO NOT click on any links provided in such emails and DO NOT provide account numbers or social security numbers over the Internet or telephone.