Merchant Data Breaches: How Do They Affect You?

Staff Report From Georgia CEO

Wednesday, November 15th, 2017

Every year millions of Americans become victims of fraud due to merchant data breaches.

In a late 2016 survey conducted by Georgia Credit Union Affiliates, 44 percent of respondents said they’d been victimized by fraud and/or identity theft. That was before the recent Equifax breach, which affected 145.5 million people. Although most consumers have probably only heard about a few breaches, more than 1,100 data security breaches have occurred so far this year. According to the Identity Theft Resource Center, this has exposed more than 171 million data records.

The Georgia Department of Law Consumer Protection Unit notes than in 2015 Georgia had the seventh greatest number of identity theft-related complaints filed with the Federal Trade Commission. Atlanta/Sandy Springs/Roswell ranked 24th and Gainesville ranked 40th among the 50 largest U.S. metropolitan areas with the most identity theft-related consumer complaints.

Many financial institutions are working hard to implement debit and credit card chip technology, but this does not prevent online merchant transaction fraud. As cybersecurity threats continue to evolve in both sophistication and scale, the need to safeguard your data has never been more critical.

When a breach occurs, a financial institution blocks and reissues cards as needed. When fraud occurs, they work with consumers to remove the fraudulent charges. When a merchant breach happens, the cost of that security lapse is passed on to the financial institutions. These expenses can be a hardship for not-for-profit credit unions, since they operate within a different structure than for-profit service providers, delivering benefits like lower interest rates and fewer fees to their members rather than profits to shareholders. With more and more merchant data breaches occurring each year, consumer identity fraud will only continue to increase, placing your private information into the hands of criminals.

Insider's Perspective:

"Keeping our members' personal information protected is of upmost importance to us," said Phyllis Cochran, President/CEO at Augusta VAH Federal Credit Union. "We live in an age in which we and our members are increasingly reliant on technology, which comes with its conveniences, but is not free from its drawbacks. Thankfully, we have not had a data breach to date. Our staff is trained to detect phishing efforts and other techniques employed by cyber criminals, and we enlist experts in the field to maintain our network firewalls and security. Our focus is primarily on prevention rather than mitigation, and we will continue to try to keep up with the ever-changing techniques used by these criminals."

So, what do you do if your identity is compromised? Here are some tips and resources to help:

  • Verify fraud. If unauthorized account transactions occur, contact your financial institution or company where fraud has occurred to report unknown charges.

  • Update your passwords. Once fraud is confirmed, change account logins and passwords. Passwords should be robust with multiple types of characters (upper and lowercase letters, numbers, and symbols).

  • Take control. To avoid additional compromises, place an initial fraud alert by calling one of the three national credit reporting companies (Equifax: 800-525-6285; Experian: 888-397-3742; TransUnion: 800-680-7289).

  • Report theft. To begin an identity recovery plan, report your theft to the Federal Trade Commission online at or by phone at 1-877-438-4338.