Did you open a new bank account recently? You may have if like me, you are one of the over 100 million Target shoppers whose information was stolen during the holiday season.
Then, also like me, you probably got a new bank account or at least a new card. In the days immediately after Target’s disclosure of the information theft, it was popular for a lot of people including the press to hold Target responsible for the theft. But, in case you were thinking you could avoid cyber attacks such as the one at Target by avoiding shopping at Target, you should be aware that the FBI says otherwise.
U.S. retailers represent a $5 trillion industry. For the world of shady characters and no-good dirt balls, cyber crime is like owning the key to the candy store. The bad guys use “memory-parsing” malware that interferes with point-of-sale (POS) terminals. That’s the scanner at the checkout that allows you to slide your credit or debit card and enter your pin in order to purchase items. The off-the-shelf malware scrapes credit and debit cards from the POS devices while the information is still unencrypted. The malware then allows the hackers to create cloned credit cards which can then be sold underground.
The FBI found 20 similar attacks in 2013 and warned retailers to expect more of the same sorts of attack in 2014. The warnings are not new, they’ve been warning retailers for years that POS systems were at risk. In a September 2011 report they advised that millions of credit and debit cards in the U.S. had been defrauded.
At least part of the problem, according to Visa, is the magnetic strips used on American cards. In Europe and Australia, embedded chips within the cards hold information. That information is then encrypted before the information is transferred to POS systems. But an upgrade to the new cards would cost a purported $10 billion and banks and retailers within the U.S. have dragged their feet over who should bear the cost.
Tips for consumers
Unless you happen to be the owner of a major retail organization or a major bank, you likely feel that there is very little you can do to protect yourself from this sort of fraud but there are practical steps for all of us to take while we wait for a solution.
• Use cash. Good old-fashioned cash can be stolen or lost but it has the benefit of not containing enough information about you to become a cudgel to your financial health.
• Keep regular and constant checks on your banking and financial information. An online banking account can allow you daily monitoring of your transactions. Some banks and credit card companies allow you access to e-mail alerts whenever suspicious transactions occur. Here’s a list of action steps I recommended in 2012 that are still relevant.
• If your information is stolen, the breached company may offer free credit monitoring for a time—usually a year. Only about 20 percent of victims take advantage of it but it’s an extra layer of protection.
• Check with the three credit report companies. They are required to provide you with one free credit report each year. You have the option of having them all do it at the same time or spacing their use over the period of a year. The three credit companies are Experian, Equifax and Transunion You can also call them at 877-322-8228 toll-free.
• Beware of phishing scams. Immediately after the Target debacle, my mother received an e-mail notifying her that her information was breached and that they needed her personal information in order to do a credit check for her. It looked very official. It might even have been real. If you’re worried your information is breached, call the company (don’t use the number from an e-mail or click on website or other links or information provided in fishy e-mails) or otherwise contact them directly.
• If you are not considering opening up a new account or applying for a new credit or insurance policy in the near future, consider putting a security freeze in place.
• Don’t leave your card in someone else’s possession for longer than necessary and carry a minimum of personal information on you. Your wallet or purse should not contain your Social Security card, anything with your mother’s maiden name, PINs or Passwords. Don’t divulge your personal information online or on the phone.
• Secure your paper trail. Don’t leave mail in your mailbox. Notify the Post Office if you will be gone for a time so you don’t leave mail in your box and properly dispose of mail when it’s no longer needed by shredding mail and other documents containing personal information. Take transaction slips from ATM machines, gas stations or POS sites and shred them when you get home.
• When you are filling out or putting together all of the rest of your legal documents, make sure that you include your digital assets in the process. To read a story about this, go here.
If a loved one has recently died
Identity theft doesn’t end when a life does. It takes a lifetime to create a credit profile and that information doesn’t just disappear when someone expires so to protect your loved one from becoming a victim after their death you’ll need to erase that data trail. Each year there an estimated 2.5 million cases of identity theft occur among the deceased. The deceased are targeted because it can take up to six months for all the governmental, financial and credit bureaus to share or register death records and during that time their surviving family members often fail to monitor their credit records. You can help by taking things into your own hands and reporting the death yourself. There is no timeline for doing so but obviously the longer you leave these things active, the greater the risk that your loved one will have their identity stolen.
• Contact the Social Security office. The majority of who you are relates to that Social Security number. Notifying the Social Security office that someone has died will add that person to the Death Master File (a file that is used by financial institutions and others to prevent identity theft). Sometimes the funeral home will notify Social Security in which case, they will ask you for your loved one’s Social Security number. Even if the funeral home does notify Social Security, you should do it as well because there are some survivor benefits for family members and loved ones that you may need to know about. Contact Social Security by visiting their website at www.socialsecurity.gov or call toll-free, 1-800-772-1213.
• Contact the department of motor vehicles to cancel the deceased’s driver’s license.
• Contact the three credit report bureaus. Each bureau has different requirements so it’s best to have a list of needed documents prior to sending anything to any of them. Experian, Equifax , and Transunion
• Contact every bank or financial institution that the deceased may have done business with, including every credit card, personal loan or other debt company. If you close the account, ask them to list it as: “Closed. Account holder is deceased.”
• Void the deceased’s driver’s license and change any vehicle registration papers.
• Notify insurance, annuity, membership-orientated businesses, libraries, Veteran’s Administration, Immigration Service (if the decedent was not a U.S. citizen), alumni clubs, professional organizations, and rotary or lions organizations.
• Limit the amount of information provided in the obituary. AARP reported that with as little information as a name, address and birth date in hand and a ten dollar bill, crooks can obtain a Social Security number. In 2011, $5.2 billion in tax refunds was collected from the IRS.
• Keep copies of all correspondence, noting date sent and any response(s) you receive.
• Delete or memorialize social media accounts.