James Marasco, The Daily Record Newswire
In the past few months, major U.S. retailers disclosed data breaches involving credit and debit card data of their customers. The FBI recommends that we should remain vigilant. What does that mean?
What happened?
In December 2013, the U.S. Secret Service and the retailing giant, Target, announced that hackers had compromised Target’s systems and gained access to the personal information and credit/debit numbers of tens of millions of customers. As the investigation continued, it was learned that well over 100 million customers may be affected. In the immediate weeks that followed, banks and credit card issuers began limiting the dollar value of charges and debit withdrawals that consumers could make.
The federal government and Target researched how it occurred; it now appears that a small Pittsburgh heating and cooling contractor may have unknowingly been the conduit to the theft. They recently revealed that they were the victim of a sophisticated cyberattack. Apparently, they had a data connection with Target for the purposes of electronic billing. Whether this incident was related or not, other retailers and a hotel operations company have also recently announced that their systems may have been compromised in the past few months as well.
Who was affected?
As it relates to Target, the cyberattacks have potentially compromised 40 million card accounts and 70 million shoppers’ emails and other personal information. But they’re not alone. Neiman Marcus also announced that they were victimized around the same time.
In the past, companies haven’t always been timely in announcing to the public when a breach was discovered. Each breach affects consumers differently. In some cases, the card data is quickly resold and fraudulent charges immediately appear to the consumers or they experience unauthorized withdrawals in their bank accounts. In other situations, information is sold to identity thieves who will try to establish new lines of credit or loans on behalf of the victims.
Safeguards
The government has reported that consumers should be on alert, but haven’t provided a lot of detail. Using information published by the FBI, FTC and through my own experiences, the following list highlights the major considerations that individuals should be aware:
• Review your credit and debit card activity as frequently as possible. Don’t wait until your monthly statements are mailed or posted. Review for suspicious activity periodically throughout the month through online access, especially if you are traveling or using your cards more frequently.
• Investigate all suspicious charges. It was recently announced that data thieves were charging $9.84 on victim’s charge cards using the initials of a newly created entity, with a legitimate telephone number, etc. If the number was called, the victim was told the charge would be reversed which wouldn’t occur in hopes that the victims would abandon their efforts. Evidently, it becomes disconnected. If you don’t recognize the vendor, dispute the charge with your card issuer.
• If you suspect unauthorized charges are being made, dispute them as soon as possible and cancel the cards affected. Your credit card issuer can still maintain your account by simply reissuing a new card without affecting all of your historical activity, awards credit, etc.
• Monitor that the charges are removed. Most credit card companies will allow you to “short-pay” your bill for that month by the amount in dispute without charging you interest, penalties, etc. It may take several telephone calls, emails and signed statements to file your claim, but be persistent.
• Take advantage of the free credit monitoring that is offered by companies affected by data breaches. Although this service isn’t foolproof, it’s better than nothing. It’s usually offered for one year following a disclosed breach and monitors to see if anyone is opening new lines of credit (loans, credit cards, etc.) with your Social Security number. The drawbacks include usually being bombarded by a barrage of sales pitches from credit bureaus offering numerous other services or offering to renew for a fee.
• Periodically, review your credit report. Under the Fair Credit Reporting Act, it is required that each of the nationwide credit reporting companies (Equifax, Experian and TransUnion) provide you with a free copy of your credit report, at your request, once every 12 months. You can have them run at the same time or stagger between the three throughout the year. Monitor your report for new issuances of credit that you’re not aware of, debt balances and look to see who has made recent inquiries about your credit. Be aware that although these services are free, these companies will try to entice you to order your credit score, which isn’t covered under the act.
• When in doubt, use your credit card. When shopping online or at lesser known vendors, use your credit card versus your debit card or automatic withdrawal. If a problem arises, you’ll have more guarantees under federal law through your credit card. However, if you’re using a company-issued credit card, the protections available through the issuer may be less than what individuals typically receive. Employers should read through their card agreements closely to determine their coverage.
• Consider a theft protection service. Companies like LifeLock and TrustedID market themselves as experts in maintaining your identity and credit. If you believe you’re really at risk, one of these types of companies may be useful. Their most common tools include fraud alerts and credit freezes. A fraud alert places an alert on your account with the three main credit bureaus. This alerts any bank or credit agency forcing them to take precautions before extending credit. A credit freeze prevents any company from accessing your credit unless you have already done business with them.
• Extra insurance? Insurance companies are now offering protection to consumers through riders to their existing policies or a separate one to protect against identity theft and credit fraud. Before purchasing, closely examine what’s covered and the probability of being able to collect against the policy if a theft occurs.
—————
James Marasco, CPA, CIA, CFE, is a partner at EFP Rotenberg LLP, Certified Public Accountants and Business Consultants.
