After the huge credit and debit card breaches at Target and Neiman Marcus, it’s time for some consumer action.
While no Social Security numbers have been hacked so far, the retailers said, data including card numbers, expiration dates, three-digit security codes, names, mailing addresses, phone numbers and email addresses of about one-third of the U.S. population have been exposed.
Even if you don’t have one of those retailers’ credit or debit cards, you may have been exposed when you used your bank debit card at one of the stores, said Bill Hardekopf, president of LowCards.com.
That’s why Chase announced that it’s replacing 2 million debit cards for its clients and Citibank is replacing all its debit cards, he said.
“The debit card is a gateway to your bank account,” he said. “If I had shopped at one of those stores with my debit card, I would get it replaced.”
Susan Grant, director of consumer protection at the Consumer Federation of America, said people who used their credit or debit cards at Target during the holidays should ask for new accounts.
“Why wait to see if there is fraudulent activity on your account? Consumers should be proactive to protect themselves,” Grant said. Even with limited liability, “dealing with fraud after the fact can be a hassle, especially for debit card holders whose bank accounts have been raided by crooks.”
Besides getting new account numbers, people should consider taking these nine other steps recommended by consumer advocates.
Change your password. This is an easy way to keep thieves out of your online accounts. But put some thought into it. The most popular password of 2012, “password,” was replaced with the even simpler “123456” last year, according to SplashData, a California provider of password management applications. The survey was based on the large number of passwords from Adobe users posted online after Adobe’s security breach last year. Third on the list for 2013: “12345678.”
SplashData recommends creating more secure passwords that are easy to recall by using passphrases — short, random words separated by spaces or other characters, such as “smiles_light_skip?”
Avoid using the same username/password combination for multiple websites and consider using a password management app like SplashIDsafe, 1Password or Diceware.
Change your debit card PIN. Another easy fix that can be done on the account management page. Consider having a separate checking account to handle just your debit card purchases so your entire bank account is not at risk.
Set up email or text alerts. Target and Neiman Marcus credit card holders can set up alerts to be informed by email or cellphone every time their card is used. Banks also have instant access to transactions. It’s an easy way to monitor your activity in real time.
Watch for scam emails. I have received several emails that look legitimate but are from scammers posing as Target and wanting me to sign up for a free credit-monitoring service for a year. I know it’s not from Target because it came to an email address I didn’t give the company. If you get one of these, don’t click on it or you will be giving away further personal information, Atlanta consumer advocate Clark Howard said. Target has been sending emails about the free service, but scammers are copying them. If you want the offer, go to the Target website to sign up.
Credit monitoring. Grant, of the Consumer Federation of America, said Target’s free offer monitors only one of the three major credit bureaus, Experian, so its effectiveness is limited. While it will alert people to new accounts opened in their names, she said, it won’t tell them about takeovers of existing accounts or other types of identity theft, such as using information to falsely obtain employment or tax refunds. The fraud assistance and insurance in the offer are also limited, and no ID theft protection service can prevent information from being sold or used.
Consider a credit freeze. It seals your credit reports so no new credit applications can be initiated in your name without your knowledge. When you set up a credit freeze, you get a personal identification number that only you know. You can use it to “thaw” your credit when you need to. The freeze does not affect your existing lines.
In Texas, people can apply online for a security freeze at the three bureau websites. The cost for all three in Texas is $30.38. It’s free if you can prove that you’re a victim of ID theft.
Consider a fraud alert. This isn’t as permanent as a credit freeze but can be placed on your credit report. Fraud alerts, which you can obtain by calling one of the credit bureaus, also let you know when a new account is being set up. It can last up to 90 days and help stop illicit activity.
One problem with the alert is that you may not be available when a company calls, and a new false account may be opened without your approval. And some companies advertise that they open accounts without checking credit reports, Grant said.
Free ID monitoring. One source is AllClear, an Austin-based service by Debix, a respected data security company used by corporations and government agencies. It monitors identities through Internet surveillance of thousands of databases, including networks where ID thieves trade data. It also instantly tells consumers about data breaches at companies and offers a free ID repair service. Signing up requires only your full name, address, email address and birthday. If you want more protection, you can add your Social Security number, but it isn’t necessary. The service doesn’t expire and can be found at www.AllClearID.com.
More information. The Consumer Federation of America provides information and links to resources at www.IDTheftInfo.org and has tips and a video about phishing at www.consumerfed.org/fraud. Information from Target about its data breach and tips for customers are at www.target.com/databreach.
Don’t wait till you’re a victim. Take action now.