Editorial Policy

Rejected card a result of data breach?

Erica Sandberg

July 18, 2014

QHi Erica,

The other day, my favorite card rejected a charge I tried to make online. It surprised me because I use the card all the time, so you would think that it would go through every time. Is this a new trend because of all the data breaches lately? Will there be more of these rejections? –Douglas

ADear Douglas,

While I can't say for sure why you couldn't make a purchase with your credit card that day, it is certainly possible that one of the recent data breaches is to blame. If you used your card at any of the compromised places, the issuer may have made some changes that affected your charging ability. You may have heard about the latest large-scale data thefts that hit Target, Michaels and P.F. Chang's. There have been many more, however. In fact, the Identity Theft Research Center has identified over 4,000 breaches since 2005.Ask Erica

Here's what's going on, and why your credit account might have been affected.

There are many mutations of data breaches, but all involve criminals stealing personal and financial information from a database. One way they do this is by installing malicious software (called malware) into the store's point-of-sale system. When you as a customer swipe your card, the device reads the information from the magnetic stripe, which it holds in the main computer. Stored information such as credit and debit card numbers, passwords and mailing addresses that should be private are exposed. Such crimes occur online, too. According to a Pew Research Center survey, 18 percent of US. adults say their personal data has been stolen during Internet shopping.

However the criminals operate, once they have the data, they sell it to interested buyers, who can do all sorts of rotten things, such as use your existing accounts or open new ones in your name.

This type of thievery isn't just bad for individuals and retailers, but for the banks that issue credit cards as well. Federal and state laws tend to favor consumers, so they reimburse unauthorized charges.

In response, some credit card companies have lowered credit lines while they take action to mend the damage. For example, Chase sent a notice to cardholders explaining that they had temporarily reduced credit lines in response to a major security breach. When you used your card, you might have exceeded your lowered limit and were denied. To find out for sure, call your creditor. While you're on the phone, ask what you can do to resume charging.

On the other hand, it could have nothing to do with identity theft. It's possible that your credit limit was lowered or suspended because of something you did. For example, maybe you missed a payment or two or have maxed out the credit limit. Either of these would lead to a charging rejection.

Now is a perfect time to review all of your accounts. This is also your opportunity to change passwords.

You pose an interesting question about the future. Sadly, I do believe there will be an uptick in these crimes. Cyber thieves are incredibly motivated to exploit chinks in security armor because it's such a lucrative business. Banks try to keep up by employing better protection measures, including replacing magnetic stripe credit cards with chip-and-PIN or password technology. In the meantime, they will do what they can to reduce their losses when account data fall into the wrong hands.

Got a question for Erica? Send her an email.