THE DATA breach at Target has a lot of people worried. Information on about 40 million credit- and debit-card accounts was accessed between Nov. 27 and Dec. 15. This included customer names, credit- or debit-card numbers, expiration dates and security codes. Only in-store purchases were affected, according to Target. The company has denied a Reuters report that customers' personal identification numbers, or PINs, were compromised.
Q: How can the information about one credit card lead to identity theft?
A: The Federal Trade Commission says identity theft is the No. 1 complaint it gets from consumers every year.
There are many forms of identity theft. If identity thieves have your personal information, they can access your bank account, buy a car, open utility or mobile phone accounts, get medical treatment using your health insurance or commit a crime. Identity thieves can use stolen debit- or credit-card information to create counterfeit cards or use the card information to make online purchases. Brian Krebs, who runs the KrebsOnSecurity website, has found that credit- and debit-card accounts with stolen information from Target customers have already been selling on the black market from $20 to more than $100 per card. In a blog post, Krebs, a former Washington Post reporter, details how the cards were being sold. It's quite scary.
More than 12 million people were victims of identity fraud in the United States in 2012 and criminals stole nearly $21 billion, according to Javelin Strategy and Research, which tracks identity-fraud trends. Here's something to consider: Javelin found that consumers whose Social Security numbers were compromised in a data breach were five times more likely to be fraud victims.
We become more aware of identity theft when big breaches are disclosed. But many people make it easy for the theft of their information by identity thieves. When I do seminars on identity theft, I ask participants: "What's in your wallet?" It never ceases to amaze me how much personal financial information people carry around. One time a mother pulled out of her purse her children's birth certificates, Social Security cards and passports. She had registered the kids at a new school a few months earlier and had forgotten to put the information back into her file folder at home. Many people had laminated Social Security cards in their wallets. Others had old mortgage bills with them. Information about your lenders can be used in security checks to verify your identity.
Q: It is time for the credit-card companies to come up with something new to protect their customers. Short of millions of customers canceling their credit cards, what can we do to protect ourselves? Just because crooks have the information doesn't mean they'll use it right away. It could be months before they use anyone's information, so checking now for activity could miss it.
A: In its most recent identity-theft report, Javelin said one in four people notified of a breach ended up becoming a fraud victim. So if you shopped at Target during the period its system was compromised, you need to take steps to protect yourself. If you see any unauthorized activity, contact your credit-card company or your financial institution. In addition, contact the FTC at 877-438-4338. You can find information about other steps to take at consumer.gov/idtheft.
Most importantly, you will need to monitor your credit reports from all three major credit bureaus - Equifax, Experian and TransUnion. You should be checking your reports as a routine precaution. You can get free copies of your credit reports from annualcreditreport.com or by calling 877-322-8228. You are entitled to one free report from each bureau every 12 months. Also, identity-theft victims are entitled to a free credit report from each of the credit bureaus. If you become a victim or are worried about your information being stolen, you can place extended fraud alerts or credit freezes on your credit files. To learn more, go to ftc.gov and click on the link for "Tips & Advice." Under the consumer section, you'll find an identity-fraud link, which includes information on placing extended fraud alerts and credit freezes on your credit reports.
In every data breach, companies tell their customers that they deeply regret the inconvenience. They pledge to enhance their security procedures. But no matter how many firewalls are built to protect our information, the con artists and hackers are actively working to outsmart the companies that store consumer data.