It started slowly just before Christmas with Target Stores disclosing that ‘some’ credit card information had been compromised. Within hours ‘some’ cards became 40 million which subsequently grew to 70 million and is now reported to affect some 110 million customers. The breach is believed to be the largest data fraud ever perpetrated against an American company (so far). That may seem like typical hyperbolic newspaper headlines to you but to 110 million people across the country, including several right here in the Temecula Valley, the breach and credit threat is very real.
While many banks, including Chase and Citi are issuing new debit and/or credit cards and Target is offering credit monitoring services for the next year, millions of people previously unaware of the scope of the problem in today’s digital economic marketplace are wondering what this means to them and how to avoid becoming a Target (pun intended). It’s important to remember that a retailer’s only legal responsibility is to report the data loss to customers, credit bureaus and state regulators. Taking the extra step of offering credit protection services is a good PR move for the company, and provides some peace of mind to consumers.
One industry analyst noted that there appears to be almost an epidemic of malware at point-of-sale terminals right now stating ‘it’s just a matter of time before your information is compromised.’ The reason, according to analysts, is that debit and credit card systems used in the United States are based on magnetic strip cards, a technology similar to cassette tapes that became obsolete 2 decades ago because they’re so easy to reproduce.
Credit and debit cards in the United States should be upgraded to the newer encrypted EMV system, initially conceived between Europay, MasterCard and Visa to ensure the security and global interoperability of chip & pin based payment cards. 80% of Canadians and 90% of EU countries currently utilize this technology, which is nearly impossible to hack (so far), compared to just 1% in the U.S.
“The really sad part of these large security breaches is the responsibility for insuring the retail customer does not suffer a loss falls to the individual consumer and their Bank. Commerce Bank of Temecula Valley takes an aggressive approach and immediately cancels affected cards and re-issues new cards. This can be disruptive and irritating for the consumer, however, it is the only way we can assure the Bank does not have to reimburse fraudulent charges. Luckily, were a small bank and we did not have “millions” of customers affected and we contact each one of our customers as soon as we are notified to let them know their cards would need to be canceled and reissued. The large banks will have enormous costs involved in fixing this problem while Target will mainly have public relations problems. Hopefully, this will convince retailers and anyone else entrusted with this critical consumer information to spend the money necessary to do everything possible to help protect the information from these cyber criminals just as CBTV is required to do by federal regulation,” said Don Murray, CEO, Commerce Bank of Temecula Valley.
Why are we lagging? Two reasons. Banks currently earn more processing the old fashioned swipe cards than they would under new standards, and (you’ll love this), US banks have calculated that the amount they lose to fraud is less than what it would cost them to roll out the new cards and terminal readers across the country. U.S. credit card issuers have been told they must fall in line with the rest of the world by October 2015 but we’ll see.
So, aside from giving up your plastic and using only cash (which can also be lost or stolen with little or no recourse), what can consumers do to protect themselves as much as possible in this digital age? Below are eight tips gleaned from three security experts interviewed by CBS MoneyWatch on how to protect yourself amid the growing security threat.
1. Check your credit card and debit card statements on a line-by-line basis. There is absolutely no substitute for being vigilant. Thieves may place a small charge — just a dollar or two — to check if the card is active. Because of this, report any questionable charge, no matter how small.
2. If you notice an unauthorized charge, ask your financial provider to cancel the card and issue you a new one. This is especially advisable with a debit card.
3. Consider tools for monitoring both your credit profile and your card activity. Consumers may also want to use a bill-monitoring service which uses crowdsourcing to flag suspicious charges. One such service has caught over $60 million in fraudulent charges during the past two years.
4. Be suspicious of correspondence claiming to be from your bank or the retailer you shopped at. Because Target’s security breach also included theft of personal data, it’s more likely the thieves will use “phishing” to convince you to part with even more sensitive information, such as passwords.
5. Phishing isn’t only done via the phone and email. Scams also abound on Twitter and Facebook. For instance, already a “phishing” tweet purporting to offer a link to check if you were a victim of the breach has surfaced. Once you click on it, it asks you to re-enter your Twitter password. This could end up as a major financial problem if you use the same password for your bank accounts.
6. Do not click on the URL from a bank or retailer you get via email. Just open a new browser and manually enter the URL to ensure you are actually reaching your bank and not a scam site. Scam sites often mimic the actual business site but their sole purpose is to part you from your data.
7. Change your passwords. An astounding number of people use simple passwords like “password” or “1234” or kids names easily found on Facebook for their accounts. Consumers may want to use a password generator, although for most people changing their passwords to include capital letters, symbols or numbers may be enough.
8. Shred documents. While the focus in Target’s security breach has been on electronic theft of data, criminals still steal physical documents. Remember to keep all your data secure, not just your online information.
Consumers need to realize that data security requires them to be prepared and not to rely only on banks and financial institutions to protect them. Credit-monitoring is only part of the solution – passwords, PINs, etc., have nothing to do with credit monitoring. The ability to do our banking from a coffee shop and adjust the thermostat in our home from our cell phone at the office carries a price tag that is measured in the increased vigilance we should exercise. It’s a balancing act that we often ignore to our own detriment. Commerce may be safe, but vigilance is paramount.