Can You Protect Yourself From Credit Card Fraud?
By R. Alan Clanton | published Saturday, January 11,2014 |
Thursday Review editor
In early January we learned that the news from Target’s pre-holiday security breach was much worse than originally thought. Target, which operates nearly two thousand stores in the U.S. and Canada, now says that the data stolen by the hackers covers a much wider range of personal information—including email addresses, phone numbers, home addresses, PINs, birthdates, and even social security numbers.
And the time frame of that data theft, which was originally believed to be between November 27, 2013 and December 15, 2013—may have also been greatly underestimated. (see our related article, Target's Woes Get Worse; Thursday Review, January 11, 2014).
Target officials have again apologized, and are working closely with the Justice Department, the FBI and Secret Service agents to track down the criminals who have netted—by some estimates—the personal data of 110 million Americans. (Target has also said it will pay for any fraudulent charges and assist customers with monitoring their data and credit).
But, to add to our concerns, we learned that same week Neiman-Marcus stores were hacked in a cyber-attack similar to that of Target's, though Neiman Marcus has far fewer customers than the big-box giant. The subcontractor who manages Neiman Marcus’s credit card transactions reported the security breach in December 2013, though no announcement was made to the public until early January. Michael's was also the victim of a similar data breach. The costs of the breaches may well run into the billions, with lawsuits, fees, penalties, court actions, and punitive fines, and you can bet the outcome of many of those expensive settlements will be passed along to consumers in the form of higher prices, everywhere.
In the meantime, what can you do—as an individual and a shopper—to make sure you have not become the victim of hacking or credit card theft?
Short of never using a credit or debit card account (and cancelling those accounts you now have), nothing is foolproof or hacker-resistant. However, you do have a few tools at your disposal to give yourself a little piece of mind.
Most security experts suggest that the shortest possible path (especially for current or former Target customers) is to cancel any credit or debit cards used at any Target location during the 18 months ending in late December 2013. Simply request a replacement card with a new account number, and start over. And this includes not just an official Target card, but any card you may have used at a Target location. Debit cards may be the most vulnerable for Americans in the short run, since those funds are generally drawn directly from a bank account, checking or savings. But stolen credit card data can ultimately be used by criminals to quickly run up massive debts, often without the knowledge of the card-holder. If in doubt, check your old bank statements and your credit card statements to see what types of cards you used on your last visits to Target.
Another important step: start checking your bank or credit union account balances frequently. If you do not have access to your bank account online, set up web access as soon as possible. The process is typically easy, but if you feel challenged by computers, call your local bank and have someone help you establish online access. Or have a family member or trusted friend assist you with setting it up. Online access to your checking, savings and debit card accounts will allow you to more closely monitor any spending activity.
And when setting up the account, create a password that would be difficult for any hacker to figure out—never use all or part of your name, names of family members, addresses or towns, or birthdates. If the bank's security steps include what are known as "security questions," such as the name of your first pet or the name of your best friend in middle school, make certain that your responses are difficult for anyone else to answer correctly.
Another valuable and simple step: always check your printed statements each month…closely. This includes statements for cards you rarely use or cards used only for small purchases (such as gas station credit cards). Check the location of all purchases and all the amounts, and flag anything suspicious. Remember that even gasoline credit cards by the larger retailers like Shell and BP may include cash advance options. A smart hacker can use this information to use your gas credit card simply to get cash at an ATM or at the point of sale.
Monitor your bank statements very closely. Some banks have begun charging an additional fee to customers who want to receive a paper statement each month, and, perversely, some banks also charge a small fee for electronic access. Since monitoring your account is important, we recommend shopping for a financial institution which offers the least expensive method for both electronic and printed access.
Again, there may be a small fee involved, but check with your bank or credit union to find out about adding credit-card or debit card protection, or any tool in which your account can be monitored for suspicious activity. Read the fine print to see how far the bank will go in terms of protecting you and your cash once this program has begun, and find out how far they will go in the event that your identity is stolen.
Monitoring your account daily—or at least every few days—will also give you an opportunity to catch suspicious activity even in small increments. Some criminals will use stolen data to test an account first, through a relatively small transaction or purchase—say a small ATM withdrawal of $40, or a small purchase online. If after a few days or weeks those activities have not raised a red flag, the hacker can then raise the stakes, making much larger purchases or withdrawing large sums of cash. For this reason you should be vigilant to watch for anything suspicious on your account, even if the dollar amount is small.
Another valuable step is to be extremely wary of emails—which may look authentic with their official logos and high-end fonts—which ask for you to verify personal information about your account, such as passwords, birthdates and phone numbers. These are most likely attempts by hackers, posing as your retailer or bank, to extract information via email. This process is known as phishing, and it can easily lead to fraud and identity theft. Remember that your own bank, retailer and those companies which provide your credit cards—stores, oil companies, VISA or Mastercard—should never ask you to verify this information via an email (and passwords should never be given out even over the phone).
Any verification of your account information should be done over the phone, and only after you have initiated the call (these customer service numbers can be found on your billing statements, at your account online, and in some cases on the back of your credit card). If the retailer or credit card companies initiate the call, for legitimate business (some calls are merely the work of garden-variety telemarketers), ask for a number—and call them back only after you have verified that the number matches the number on your printed statement or the customer service information online.
Another simple step customers can take: stop using your credit card or debit card for routine activities and small purchases. This may seem obvious to some; perhaps an inconvenience to still others. But by reducing your credit card activity from dozens of transactions a week to only two or three—or less—you reduce your exposure to the potential dangers of large-scale retail hacking. For some consumers, there are advantages to credit card use—earning miles under frequent flyer programs, or earning discounts or rebates—but these perks almost never outweigh the long-term costs of stolen identity or fraudulent activity.
Cash is still accepted at nearly all retail locations. And besides, what better way to carefully manage spending than by watching those greenbacks at the time of each purchase? Save that credit card for only certain purchases or activities, and switch from debit card use to cash. Your bank may have fewer reasons to pass those fees along to you, which could save you money at the end of each month and year.
Still, vigilance is your best strategy: check your statements closely; monitor your cards and accounts; when in doubt, cancel the card.
Related articles at Thursday Review:
<a href="'PasswordSecurity.html" data-cke-saved-href="'PasswordSecurity.html" '"="">Making Your Passwords Secure; Thursday Review, Media Page, June 2013.