Account Safety and Fraud

Welcome back. In Week 5 you learned how your bank accounts work and how to keep their fees at zero. This week is the other side of the same coin: keeping the money in those accounts safe from fraud. Here’s the encouraging part — U.S. law already does a lot of the protecting for you, capping what you can lose and putting the bank on the hook to investigate. But the law only helps if you know it’s there and take a couple of small steps to switch its protections on. That’s the whole job of this week: learn the few habits, and the one phone call, that stop most fraud from costing you anything.

Main topic

Keeping your money safe: how your liability for card fraud depends on the kind of card and how fast you report, the handful of security habits that actually matter, how to recognize the scams that target bank customers, and where to go if your information is stolen.

Why this matters

Fraud isn’t a sign of carelessness, and it isn’t rare. Scammers send messages to millions of people at a time and only need a few to respond, so being targeted says nothing about you — it’s a numbers game, and everyone is in the pool. It also has nothing to do with how much money you have: a thief draining a small checking balance does just as much damage to the person who owns it. What does vary, enormously, is how much a given incident ends up costing you — and that comes down to two things you control: knowing the protections you already have, and reacting fast.

The good news from Week 5 carries over here. Federal law caps what you can lose to card fraud, and says you owe nothing for anything taken after you report. The work is small: turn on a couple of settings, learn to spot the one conversation that’s always a scam, and know the single phone number to call before you ever need it. This is for anyone with a card or an account — a teenager with a first debit card as much as anyone — and the steps are free.

Learning objectives

By the end of this week you’ll be able to:

Explain how your liability for unauthorized charges differs between a credit card and a debit card — and why reporting speed matters so much with debit.
Set up the few account-security habits that prevent most problems.
Recognize the bank-impersonation scam (and its relatives) on sight, and know the safe response.
Know exactly where to report fraud or identity theft and what to do first.

Lesson summary

1. Two cards, very different protection

A debit card and a credit card can feel identical at checkout (that’s the Week 5 mechanics: debit spends your own money, credit borrows). But when a card is lost, stolen, or used by a fraudster, the protection you get is very different — and this is the real reason it matters which one you reach for.

With a credit card, federal law (the Fair Credit Billing Act) caps your liability for unauthorized charges at $50, and if you report the card lost before it’s used, you owe nothing; most issuers go further and offer zero liability (CFPB explains it here). Because a credit card spends the issuer’s money, a fraudulent charge is the issuer’s problem to reverse while you dispute it — your own cash never leaves your account.

With a debit card, your protection (under a different law, the Electronic Fund Transfer Act / Regulation E) depends on how fast you report it:

Report within two business days of learning of the loss or theft, and your maximum loss is $50.
Report after that but within 60 days of the statement that shows the problem, and it can rise to $500.
Wait longer than 60 days, and you could be liable for everything taken after that point.

Two things make debit fraud sting more than the dollar tiers suggest. First, because debit spends your real money, a fraudster drains your actual checking balance — money you can’t use until the bank investigates and restores it (the bank must investigate, and often issues provisional credit while it does). Second, the clock is unforgiving, so noticing matters: this is exactly why the account alerts below are worth switching on. The practical takeaway isn’t “never use debit” — it’s that speed of reporting matters enormously with debit, and that for risky, large, or online purchases, a credit card’s protections are simply stronger. (One reassuring detail from the law: being “careless” — say, keeping your PIN with your card — can’t legally be used to raise your liability above these limits.)

2. The habits that actually matter

Most account security comes down to a few small habits, and the most valuable one connects directly to the debit rule above: report a lost or stolen card, or any charge you don’t recognize, immediately. Federal law says you’re not responsible for anything taken after you report — and with debit cards, reporting fast is what keeps you in the $50 tier instead of the $500 (or worse) one. Beyond that, the federal banking regulators recommend a short, concrete checklist:

Turn on two-factor authentication (2FA) for your banking app — a second login step, like a one-time code, so a stolen password alone isn’t enough.
Use a strong, unique password you don’t reuse on other sites, so one breached site doesn’t unlock your bank.
Set up account alerts for low balances and for large or unusual transactions, so problems surface in hours instead of at month’s end.
Never keep your PIN with your card, and never share account details, codes, or passwords with someone who contacts you.

(FTC: Lost or Stolen Credit, ATM, and Debit Cards; OCC: Credit and Debit Card Fraud.)

3. Spotting the scam — the conversation that’s always fake

One scam is worth naming because it’s so common and so effective: someone calls, texts, or emails claiming to be from your bank’s “security” or “fraud” department, says there’s a problem, and — this is the tell — asks you to confirm your account number, card number, PIN, password, or a verification code they just sent you. That request is the scam, every time. A real bank already has your account number and will never need you to read back a code or PIN; those codes exist precisely to keep other people out, so anyone asking you to share one is trying to get in. Two features show up in almost every version: the contact comes to you out of the blue, and it pushes urgency (“your account will be locked,” “confirm now to stop a charge”) to rush you past your own judgment.

The safe response is always the same, and it’s worth making automatic: don’t act on the message. Hang up (or don’t click), and contact your bank yourself using the number printed on the back of your card or in its official app — not a number, link, or callback in the message. If the warning was real, you’ll reach the same bank and sort it out; if it wasn’t, you’ve lost nothing. The same logic covers the relatives of this scam — a text with a “verify your account” link, a pop-up warning, a caller asking you to “move your money to a safe account” or pay with gift cards or a transfer. Legitimate institutions don’t operate that way, and federal law already protects you, so there is never anything to “activate” in a hurry.

4. If it happens — report fast, and where to go

If a card is lost or stolen, or you spot a charge you don’t recognize, call your bank immediately using the official number — that single call starts the clock in your favor and ends your liability for anything taken afterward. If you think your personal information has been stolen, or someone has opened accounts in your name, the FTC runs a free recovery hub at IdentityTheft.gov that walks you through exactly what to do and generates a personal recovery plan. Reporting quickly isn’t just about money; it’s how you keep a single stolen card from turning into a longer mess. (For the full step-by-step recovery sequence after identity theft — fraud alerts, the official Identity Theft Report, closing fraudulent accounts, and cleaning up your credit — see the Identity Theft module.)

There’s a quiet through-line from Week 5 here, too. The point of locking your accounts down — a couple of settings, one memorized phone number, a habit of pausing on urgent messages — isn’t to live in suspicion. It’s the opposite: a little protection, set up once, lets you stop worrying and get back to what the money is actually for.

Key vocabulary

Term	Plain-language meaning
Unauthorized transfer / charge	A transaction you didn’t make or approve — for example, a stolen card or account being used by someone else.
Regulation E (EFTA)	The federal rule that limits your liability for unauthorized debit-card and electronic transfers, based on how fast you report.
Fair Credit Billing Act	The federal law that caps your liability for unauthorized credit-card charges at $50 (often $0 with issuer “zero liability”).
Two-factor authentication (2FA)	A second login step (like a code to your phone) so a stolen password alone can’t open your account.
Phishing	A scam message pretending to be a trusted institution to trick you into handing over passwords, codes, or card details.
Identity theft	When someone uses your personal information (name, SSN, card numbers) without permission, often to open accounts or make charges.
IdentityTheft.gov	The FTC’s free official site for reporting identity theft and getting a step-by-step recovery plan.

A beginner-friendly example

Marcus, age 29. (A hypothetical example — not a real person.)

Marcus’s phone rang during a busy afternoon. The caller said he was from Marcus’s bank’s fraud department, that a $700 charge was being attempted right now, and that to block it Marcus just needed to read back the six-digit code the bank had texted him “to verify his identity.” The story was urgent and the caller sounded calm and official. Marcus’s thumb hovered over the text. Then something snagged: he remembered the rule that a real bank never needs you to read back a code. So he said he’d call back, hung up, and dialed the number printed on the back of his debit card. The actual bank found no charge and no alert on his account — the call had been a scam, and the code, if he’d read it out, would have let the caller log in or approve a transfer.

Notice what Marcus did and didn’t do. He didn’t argue with the caller or try to figure out if it was “probably fine,” and he didn’t let the urgency rush him — he just refused to share the code and verified through the one channel he knew was real: the number on his own card. The scam relied entirely on him acting fast and trusting the voice; the defense was simply to slow down and use the official number. That pause is the whole skill, and it works against nearly every version of this scam.

This week’s actions

Small and concrete. Partial counts.

Turn on two-factor authentication for your banking app, and set a strong, unique password you don’t use elsewhere.
Set up low-balance and large-/unusual-transaction alerts, if your bank offers them.
Save your bank’s lost-or-stolen-card number in your phone — before you need it (it’s on the back of your card).
Say the safe response out loud once so it sticks: “If someone contacts me asking for a code, PIN, or password, I hang up and call the number on my card.”
Bookmark IdentityTheft.gov so you know where to go if your information is ever stolen.

Check yourself

I understand how credit-card and debit-card fraud protection differ.
I know how to contact my bank immediately if my card is lost or stolen.
I can recognize the “confirm your code/PIN/password” scam and know the safe response.

0 of 8 done · saved on this device

This week’s worksheet

Fill it in and it saves on your device. Estimates and blanks are fine.

Open →

Discussion prompts & self-check

Use these on your own or in a group. Knowledge checks have a model answer you can reveal; reflections have no right answer.

Knowledge check

If your debit card is lost or stolen, why does it matter how fast you report it?
Someone calls saying they’re from your bank’s fraud department and asks you to read back a verification code to “stop a charge.” What’s going on, and what should you do?

Reflect — no wrong answers

Your reflections save privately on this device. Nothing is sent anywhere — unless you press “Done” with an API key set, which sends that one reflection to Google to write a response.

Have you ever gotten a message or call you suspected was a scam? What tipped you off?
Need a nudge?
think about the signals — urgency, a request for a code or password, contact that came to you out of the blue. Naming the pattern makes it easier to catch next time.
Which of the safety settings (2FA, alerts, a unique password) do you already use, and which is one small step away?
Need a nudge?
pick the single easiest one to turn on today. One setting now beats a perfect plan later.
Do you know, right now, the number to call if your card were stolen this minute?
Need a nudge?
if not, that’s this week’s easiest win — it’s on the back of the card, and saving it takes a minute.

Homework

Complete the Account Safety Review. If you do just one thing, turn on two-factor authentication and a large-transaction alert, and save your bank’s lost/stolen-card number in your phone — that trio prevents or catches most card fraud early.

Did you know?

The word “phishing” is a deliberate misspelling of “fishing” — the image of dangling bait on a hook and waiting for something to bite. The odd “ph” was borrowed from “phreaking,” a 1970s word for hacking telephone systems (itself a mash-up of phone and freak). The term surfaced in the mid-1990s, when scammers on America Online used a tool that impersonated AOL staff to trick users into handing over their passwords and credit-card numbers. Three decades later the technology has changed completely — email, texts, fake websites, AI-written messages — but the core trick has not: pretend to be someone you trust, add urgency, and ask for something you should never give out. Which is oddly reassuring, because it means recognizing that one pattern is most of the defense.

Mark this lesson as readThis is what counts the lesson on your progress — just opening it doesn’t. You can uncheck it anytime.

← Week 5 Open the worksheet Week 7 →