In the US, a credit card holder can only be held liable for a maximum of $50 in fraudulent charges, per the 1974 Fair Credit Billing Act ($0 if you have reported the card compromised prior to the unauthorized charges. In practice, most card issuers do not hold the cardholder liable for any fraudulent use, as the most they would get would be $50 and a pissed off customer.
My wife checks our card transactions EACH Morning via the bank's online portal. Just last month I got gas at a local (Saint Augustine, FL) Sunoco station and within 2 hours there was a $499 charge made at a Sunoco in Philadelphia. How this was done is unknown, but we had to get new cards but did not lose a penny--Sunoco did not seem especially concerned about this and pretty much blew us off, last time I get gas from them.
Prior to the FCBA, and because credit card transactions are a loan, courts had held that under the 1968 Truth in Lending Act it was the card issuer's responsibility to prevent fraudulent use. The FCBA was technically an amendment to the TILA, which was part of the 1968 Consumer Credit Protection Act (a reaction to the direction the lending industry headed in the 60s.
There are only modest protections for fraudulent debit card use, just $50 for 2 days after the first use, $500 for 2 to 60 days hence (and good luck on actually getting that). Once 60 days have passed since you received your statement your money is gone.
Bottom line, if it's your debit card that's been hacked you're screwed...