Target's (TGT) massive security breach seems to grow bigger by the day. First, it was credit cards. Then, PIN numbers. Next, it became clear data theft was involved. Now, it’s emerging that more retailers were also affected.
While the may make some shoppers feel helpless against faceless thieves, there are steps you should take to protect yourself against fraudulent charges and identity theft.
The bad news for consumers? The expanding scope of the theft raises the danger that someone could be victimized. As a result, consumers must continue to be vigilant in monitoring their credit-card and bank accounts, as well as to be suspicious of any emails or calls from people claiming to represent retailers or banks.
It’s also important to remember that a retailer’s legal responsibility is only to report the data loss to consumers, credit bureaus and state regulators. Retailers aren’t legally required to offer credit-protection services to consumers, Brian Lapidus, managing director and information security practice leader at Kroll, told CBS MoneyWatch in an email.
But consumers do need to be prepared for the worst, said Yaron Samid, CEO of financial planning software maker BillGuard. “It seems like right now there’s almost an epidemic of malware at point-of -sale terminals,” he said.
In today’s environment, “It’s just a matter of time before your information is compromised.”
Below are nine tips gleaned from three security experts interviewed by CBS MoneyWatch on how to protect yourself amid the growing security threat.
1. Check your credit card and debit card statements on a line-by-line basis. “There is absolutely no substitute for being vigilant,” Samid said. Thieves may place a small charge — just a dollar or two — to check if the card is active. Because of this, report any questionable charge, no matter how small.
2. If you notice an unauthorized charge, ask your financial provider to cancel the card and issue you a new one. “This is most advisable with a debit card,” Kroll’s Lapidus noted.
3. Consider tools for monitoring both your credit profile and your card activity. Target is offering a credit-monitoring service for customers, which Lapidus believes affected individuals should enroll in. Consumers may also want to use a bill-monitoring service such as BillGuard, which uses crowdsourcing to flag suspicious charges. The service has caught $60 million in fraudulent charges during the past two years, Samid said.
4. Be suspicious of correspondence claiming to be from your bank or the retailer you shopped at. Because Target’s security breach also included theft of personal data, it’s more likely the thieves will use “phishing” to convince you to part with even more sensitive information, such as passwords.
5. Phishing isn’t only done via the phone and email. Scams also abound on Twitter and Facebook. For instance, already a “phishing” tweet purporting to offer a link to check if you were a victim of the breach has surfaced, Samid notes. Once you click on it, it asks you to re-enter your Twitter password. This could end up as a major financial problem if you use the same password for your bank accounts.
6. Double check the URL of the bank or retailer in any correspondence you receive. If it doesn’t look right, don’t click on it. Better yet, enter your bank’s URL in a separate browser window, to ensure you are reaching your bank and not a scam site.
7. Change your passwords. An astounding number of people use simple passwords like “password” or “1234” for their accounts, notes Neil Chase of Lifelock, which offers identity-theft protection services. Some consumers may want to use a password generator, although for most people changing their passwords to include capital letters, symbols or numbers may be enough.
8. Shred documents. While the focus in Target’s security breach has been on electronic theft of data, criminals still steal physical documents, Chase notes. Remember to keep all your data secure, not just your online information.
9. Be aware if you start receiving strange pieces of mail, Kroll’s Lapidus said. While it might mean nothing, it could also “be a sign that data has been compromised.”
The bottom line is that credit-monitoring is only part of the solution, noted Kroll’s Lapidus. “Passwords, PINs, etc., have nothing to do with credit monitoring. Consumers need other tools outside of monitoring,” he wrote. “Commerce is safe, but vigilance is paramount.”
Some may believe that living off the grid may be the only solution, but that's not so easily done these days. As such, consumers need to realize that data security requires them to be prepared and not to rely only on banks and financial institutions to protect them.
“Realistically, we want to live more freely, do our banking from the coffee shop via Wifi," Chase said. “We want to put our birthdays on Facebook even though” that can help thieves sniff out your complete birthdate. He added, “It’s a balancing act to be as safe as you can be.”