Americans are expected to fire up their credit cards this holiday season, spending hundreds of billions of dollars over the two last months of the year. But how safe are these transactions?
Following a year of data breaches at many well-known retailers and eateries, consumers clearly have cause for concern. Dave DeWalt, CEO of cybersecurity company FireEye, recently told "60 Minutes" that while most large companies are spending more on security, "97 percent of all companies are getting breached."
In 2007, the parent company of TJ Maxx and Marshalls disclosed that hackers had stolen data involving more than 45 million cards. And last year -- one week before Christmas -- news broke that hackers had stolen 40 million credit cards from big box retailer Target.
Since then a number of other well-known retailers and eateries, including Home Depot, Michaels, Neiman Marcus and P.F. Chang's, have been hit by hackers.
"Most often what we're seeing in these cases is that it's organized cybercriminals," John Breyault of the National Consumers League told CBS MoneyWatch. "They are breaking into companies' networks. They're scooping up tens of thousands, in some cases like the Target case, tens of millions of consumer credit cards."
According to Breyault, there is a network of cybercriminal markets online and what experts call the "dark web."
"These are forums where cybercriminals go, and it's much like any other market place. They advertise cards or identity information that they may have stolen and have available for sale," he explained. "The methods that you're seeing most often in the media these days are called point-of-sale attacks. These are the terminals that consumers use when they swipe their card. Those networks are connected to the Internet, you have hackers who are breaking in to those networks."
As sneaky as thieves can be in stealing credit card information, consumers can do a lot to protect themselves simply by exercising a little common sense.
First, diligently check your credit and debit statements over the holidays and immediately contest any suspect charges. And one way to avoid fraud in the first place is to shop only on sites offering secure, encrypted transactions.
Also be on guard against scams that "spoof" major retailers, by verifying that "https" appears in the URL. Don't click on any links you don't recognize, especially if they're from an unknown source, and never disclose your credit card information -- online or over the phone -- unless you know who you're doing business with.
Use your smartphone to shop online or conduct other financial activities? Make sure your mobile devices are password- or fingerprint-protected. That reduces the chance of losing confidential data if your phone falls into the wrong hands. Your phone also should be equipped with security software, just like a desktop computer.
Breyault has an additional nugget of advice for consumers hitting stores this season holiday season, and beyond: Use a credit, not a debit, card. Consumers have virtually no liability for fraud on purchases made with a credit card as long as a suspicious transaction is reported promptly, he said. Protections are much weaker for debit cards.
"On a debit card... if your debit card is used fraudulently, those funds may not be available to you while the bank investigates that," Breyault said. "That can be important for consumers who need those funds, for example, to pay bills or things like that. Typically what we tell consumers that you're better off using your card, if you're concerned about fraud, than using a debit card."