I'm only 21, and I've had my debit card hacked twice. Your first reaction might be to think I'm young and foolish. But hear me out.
I use my debit card to make purchases at pretty standard places -- Subway, H&M, CVS -- and I only make ATM withdrawals at my bank ATM. I've also tried to follow best practices on my PIN number. My PIN isn't my birthday (or my mom's), and I haven't written it down or saved it somewhere in the virtual cloud.
In short, I do everything I can to protect myself from fraud.
Relate: What hackers know about me
First time unlucky: In 2014, my debit card was declined when I tried to buy a small plate of $4 fries at Pommes Frites in lower Manhattan. How could I not even have $4 in my account?
It had be a glitch in the system, right?
After six swipes, I gave up and my friend paid for me.
While walking out of the store, I logged into my bank account on my phone and jokingly said, "Watch my balance be like negative $2,000 because someone stole all of my money."
The "joke" wasn't far off: My account came up overdrawn for almost that amount.
As a student on a shoestring budget whose big spending item is $8 on meals around New York University's campus, I found it difficult to understand why HSBC's fraud detection department hadn't called me about multiple $500 charges from Dubai that had flooded my account.
Related: Irony Alert: Password-storing company is hacked
Two hacks in two years: It was a headache to fix, and it took almost two weeks for HSBC to credit back my account. But I thought it was behind me until earlier this month, when my account got hacked again.
This time, HSBC detected a fraudulent charge. They called me and stopped the payment. HSBC mailed a new card to me in a few business days, although not without a lot of phone calls, trips to the bank and several days where it was difficult to get cash from my account.
"That's not the service we strive for. Apologies for your unsatisfactory experience," said Eesh Bansal, executive vice president of HSBC's Customer Value Management, when I explained the situation for this article. HSBC is introducing more secure "chip and PIN" debit cards to fight hacking.
Hacking is an industry-wide problem -- and even goes beyond the banks, as people who went through the Target card breach can attest.
Related: Half of American adults were hacked in 2014
Still, getting hacked twice is too many times. I spoke to CNNMoney's tech expert Jose Pagliery to ask for recommendations. He said:
1. Don't use your debit card to pay at businesses you don't trust. In fact, some would go as far as saying ditch your debit card. Don't use it for shopping -- physically or online. Jose says your safest option is payment via your phone -- Apple Pay or Google Wallet. If not, use a credit card.
2. Only take out money from your own bank's ATM.
3. Check your account often and call your bank immediately if you suspect fraud.
Those were the expert tips. Now for some "experience" tips from someone's who's been there ... twice. Whether I stay at HSBC or look for a new bank, I am going to be asking some harder questions.
Related: Overdraft fees top $1 billion at the big 3 banks
1) How quickly your bank will react? JP Morgan Chase (JPM) and Bank of America (BAC) issue new debit cards at a branch and Wells Fargo (WFC) gives temporary cards. HSBC didn't give me either of those options.
That sounds minor, but without a debit card, it's hard to get your money. You have to physically go to a bank branch with ID. If you work on weekdays, it's difficult to get there.
Having a backup option of cash or another card is step two. Step one is to be aware of how your bank will respond in these crises. Ask questions before hand and call them as soon as you suspect fraud so you can stop it before it happens.
Related: Debit vs. Credit card. which is safer to swipe?
2) How "premier" is your bank's service? When your account has been hacked, you just want to get it solved and get some money. Easier said than done.
During my second hack experience, I asked if HSBC could release the temporary hold on my card so that once I reached an ATM, I could withdraw some funds and then they could cancel the card.
No one picked up my call for 35 minutes to help me with that.
The low point was when I finally got connected and told the HSBC representative about the issues I've had with the bank, and she cuts me off and says something along the lines of: Ma'am I can't take your complaints. But I will give you the address to send a complaint to our office in Buffalo, New York.
"None of that is acceptable behavior and the experience that we strive for," says Bansal, the HSBC spokesman.
Reply: Four things to do after your credit card has been hacked.
3) Should you have a backup option? The funny thing is, during my odyssey, one bank representative asked why I didn't have other accounts. It raised an interesting point: Should you have another way to get money?
I think that's a good idea, and I now keep $150 in a safe place for emergencies.
If reading this has made you more paranoid, I'm sorry. But it's probably a good thing for you to check your account now ... and often.