You didn't get just low prices at T.J. Maxx and Marshalls, you also had a good chance of getting your credit card information and other personal data stolen.
You can hardly live without credit and debit cards these days, but there are steps that can be taken to ward off the perils of identity theft, privacy experts say, even if caused by a giant information leak from some remote, windowless computer center.
The stakes are high. Nationally, fraud losses to existing credit and debit card accounts totaled $20 billion last year, according to Javelin Strategy & Research.
In the latest major breach, TJX Cos., the parent of T.J. Maxx and Marshalls, has said that at least 45.7 million credit and debit card numbers -- a record -- were stolen from its computers in 2005 and 2006.
For shoppers, the first step in protecting personal data has to do with the answer to the perennial supermarket checkout question, "Credit or debit?"
"We tell people to stop using debit cards for shopping," said Beth Givens, director of the nonprofit Privacy Rights Clearinghouse in San Diego. "If you are a victim of someone who uses your debit card data, the money comes immediately out of your bank account."
That's what happened to Marilyn Key of Pasadena when she was on vacation in Europe.
"I usually use my credit card," she said. "I just use my debit card for little things."
One of those times was at a small market on her trip. "I only found out that the information on the card had been stolen when I had no money left in my account," Key said.
In all, $4,000 was stolen. She eventually got it all back from the card issuer.
But in some cases, that can take weeks.
"We have heard of cases when the bank says it has to investigate the loss," Givens said. "The victim might be left broke while that's taking place."
That doesn't happen with credit cards because purchases initially are funded by the card issuer. As a result, the victim usually doesn't pay out the money before noticing the loss.
Another problem with debit cards is that the laws governing them in case of theft are less protective than for credit cards. The rules are especially tough on procrastinators.
The debit card holder is responsible for losses of as much as $50 if the financial institution is notified of the theft within two days of it being discovered. After that, the user is responsible for losses of as much as $500.
