How to Prevent Your Business Debit Card From Getting Hacked


TLDR (putting this at the front rather than at the end): one of our debit card numbers was stolen (even though the card had NEVER been used or carried in our wallets) and we had over $2,100 stolen from us. We found out too late, and the bank would not recover the losses for us.

I’m also going to start off with the Lessons Learned because I want all of you small business owners to do these things NOW if you want to minimize your risk. This should not happen to anyone else.

Lessons Learned:

  • When you open a business checking account, don’t get a debit card if you don’t need one
    • The bank will assume you want a debit card, and will ask you “how many?” rather than “do you want a debit card?”
    • If you plan to have a credit card, why do you need a debit card? You don’t. We didn’t.
    • This will SIGNIFANTLY LOWER YOUR RISK
  • Look into account monitoring activity that your bank offers
    • Our bank had an option to receive text alerts if a debit transaction is made that surpasses a threshold that you can set
    • This was never communicated to us… so when setting up your account… ASK!
  • Review your monthly account statements. It’s worth the time.
  • Even with all the spam that’s out there, be diligent about checking your voicemail. It COULD be important.

Ok, so what the heck happened?

It was tax season, so I started pulling credit card and bank account statements for the fiscal year. While reviewing our business account statement (we bank at a small mutual bank based in Minnesota) we found over 21 fraudulent charges from 3 months ago. Half of them were charges to what looked like an airline (Asiana Air) and half of the charges were international fees. There were also 2 charges that bounced and were refunded back to our account.

Before we move on, let’s address the elephant in the room. Yes, we should have been looking at our bank statements each month. But, we elected eStatements and they’re not as intrusive as paper statements and are easier to skip over. Also, WE NEVER USED THIS DEBIT CARD… so risk should’ve been uber low. Also, 99.9% of our business spend is via credit card, which I check every couple weeks to pay off credit card charges.

Let’s get back to case – after seeing the charges, I freaked out and called my business partner, and we immediately cancelled the card. And to reiterate - the debit card had NEVER been used. The card rarely left the house as well, so a skimmer (thieves can walk past you and hold a device that steals your card information.. . which is why you may have seen new wallets these days with RFID blockers) stealing the information was very unlikely.

I did some research online and found that if you notify your bank immediately, you can usually recover the fraudulent charges. There’s a few Federal laws (primarily Regulation E in the Electric Funds Act) out there that protect consumers, and some banks apply these same laws to business checking accounts as well. Reg E covers debit card purchases for consumers and states that consumers may be liable up to $50 if they report within 48 hours or up to $500 if reported within 60 days of the fraudulent charge.

We called our bank the next day hoping to recover the funds, but they said because we were past the seemingly arbitrary 60 days since the charge, so they would not be able to file a claim with the debit card company (Visa) and would not be able to refund us for the fraud.

For a small business, $2100 is highly impactful to our ability to grow, so we pressed further.

We called the airline (AsianaAir) that seemed like the business that transacted the fraudulent charges (looking at the descriptions of the charges on our account). We hoped they would be able to cancel the charges. We thought maybe the fraudulent charges were for gift cards and the airline company would have the ability to cancel the gift cards and refund us. We were connected to a baggage specialist (gentleman named Leonard) who provided some of the best customer service I’ve ever experienced – so hat’s off to Asiana Air for that. He reached out to the Billing Department, but that department was not able to find any charges in their system with our debit card. The thief used AsianaAir’s name to throw off the scent.

Then we met with the banker at our bank. Mind you, the banker was fantastically friendly, but admitted that each fraud case is a “learning experience” for them – not exactly what you want to hear when your business was just robbed blind. Nevertheless, the banker promised to reach out to the Account Security team to see what they could do.

We received an email from our banker the next day and it was nothing but bad news. They would not be able to recover the funds because we were after the 60 days. Also, they confirmed that their automated system tried to contact me via my phone number and left 2 voicemails to verify charges on our debit card. I reviewed my voicemails and found them. The voicemails were automated messages and were from a state outside of Minnesota (where our bank is located), so I brushed them off as spam. On the day the voicemails were left, I still made the effort to check our business account later that night and I found nothing suspicious. Fast forward to tax day and I realized that the transactions went through THE DAY AFTER THE AUTOMATED CALL and THE DAY AFTER I CHECKED THE ACCOUNT. If I would’ve checked the account the following day instead of the same day, I would’ve caught the fraud.

So now we’re licking our wounds feeling as helpless as a fish out of water.

Please – provide me some solace. Do not let this happen to your business.  I’m going to list out the Lessons Learned once more to drive this home.

Lessons Learned:

  • When you open a business checking account, don’t get a debit card if you don’t need one
    • The bank will assume you want a debit card, and will ask you “how many?” rather than “do you want a debit card?”
    • If you plan to have a credit card, why do you need a debit card? You don’t. We didn’t.
    • This will SIGNIFANTLY LOWER YOUR RISK
  • Look into account monitoring activity that your bank offers
    • Our bank had an option to receive text alerts if a debit transaction is made that surpasses a threshold that you can set
    • This was never communicated to us… so when setting up your account… ASK!
  • Review your monthly account statements. It’s worth the time.
  • Even with all the spam that’s out there, be diligent about checking your voicemail. It COULD be important.

30 comments


  • djXshQiwpeAK

    WMQFBygJKek


  • nLWQBXlfcOAgEMC

    idzHTxpLmnCsJcNO


  • HqmuGlEit

    zmMcsQpFoVTwfD


  • ciCfwPHMVRboz

    NVLJhkBi


  • noBIkfRXWYpLHUr

    hPJARNvyTY


Leave a comment