Data breaches put holiday shoppers at higher fraud risk
Notice: Undefined variable: article_ad_placement3 in /usr/web/cs-washington.ogdennews.com/wp-content/themes/News_Core_2023_WashCluster/single.php on line 128
DAYTON, Ohio – Other than spending too much, one of the biggest risks facing holiday shoppers is the security of their personal and financial information, say cyber security experts.
A year after a pre-Christmas data breach at Target Corp., which affected 40 million debit and credit card records, the chance of another large retailer suffering an attack is highly likely, said Chris Hart, operational risk director for Cincinnati-based First Financial Bancorp. Michaels Stores Inc., Home Depot, JPMorgan Chase & Co. and others followed in Target’s wake with their own security lapses in 2014.
But because of the magnitude of compromised data this year, the bigger concern for holiday shoppers than the next hack is how their already stolen information – such as credit card numbers, usernames and passwords – will be used during the busy spending season, Hart said.
“What we’ve seen with the breaches announced by Target and Home Depot and JPMorgan Chase is that we’ve put in jeopardy millions of consumers’ personal information,” he said.
“That loss of personal information is now going to be leveraged by fraudsters who will combine different pieces of that information in opening up unauthorized lines of credit and leveraging it for highly profitable fraudulent endeavors.”
Shoppers should be on high alert for suspicious activity on their bank accounts during the weeks between the Thanksgiving and Christmas holidays.
The number of breaches tracked by the Identity Theft Resource Center, a nonprofit that provides counseling services to identify theft victims, rose 25 percent in 2014 from the year before. The counseling center compiles media reports and records obtained from state attorneys general, and found 679 data breaches nationwide so far this year.
Data breaches are when fraudsters break into computer systems to steal consumer names, payment card numbers, medical records and other information. Personal cellphones, tablets and computers infected by malware because of phishing emails and other scams can also be breached, Hart said.
In fact, Hart said the next big data breach already happened, but the affected company just doesn’t know it yet because it can take weeks to months to detect.
Retail breaches are attention-grabbing, but according to the trade group National Retail Federation, more breaches occur at government agencies (13 percent) and financial institutions (34 percent). According to the association, 10 percent of breaches are at retailers. Another 11 percent are at hotels and restaurants.
The Kroger Co. has to constantly modify its systems because the “bad guys” are highly skilled, said Rachael Betzler, spokeswoman for the Ohio grocery company.
“Data security and privacy is very important to our customers and Kroger pledges to protect the security and privacy of any personal information customers provide to us, including credit card information. Constant vigilance is required to stay ahead of criminals who want to misuse customer payment information,” Betzler said.
The following list of tips can help consumers better protect their information:
• Online shopping is riskier than brick-and-mortar sales. Online shoppers should be weary whether the website they are browsing is trusted. Today, a lot of imitation websites look like the real thing.
Make sure the hardware and software being used to browse hasn’t been compromised by a virus or malware.
At an online checkout, one of the things to be aware of is the session with the retailer is secure. The way to tell is to look for “https” in the website address and look for the “s” at the end. If there’s no “s,” don’t add any personal information or credit card number through that website.
• Activate online banking alerts to receive notifications via email or text message of account activity.
• Especially online, pay with a prepaid card or credit card because there are more protections. With credit cards, there’s a zero liability or minimal liability for customers because of fraudulent charges. Also, the Fair Credit Billing Act gives customers the right to dispute credit card charges and temporarily withhold payment while the dispute is investigated.
• Review financial statements to make sure debit and credit card transactions are reconciled accurately. Shoppers are encouraged to keep receipts for all purchases, in-store and online, including order numbers and warranties.
That way, when it comes time to reconcile purchases with a statement, those records are available.
In previous data breaches, criminals attempted to post a small charge to check for live accounts or to see if a consumer is monitoring an account. Larger fraudulent charges could occur hours, weeks or months later.
• Alert the bank or credit union immediately if fraudulent charges or debits are suspected.
• Take advantage of free credit monitoring services if provided by impacted retailers. While doing so, consumers should deal directly with the retailer to avoid falling prey to phishing scams or other fake credit monitoring offers.
Not all data breaches are created equal, adds Eva Velasquez, chief executive officer of Identity Theft Resource Center, which is based in San Diego, Calif., and was founded in 1999. The inherent risk is different for each disclosure because it depends on what information has been compromised.
“When it’s a matter of simply payment card information, that is generally less difficult to remediate and does less extensive damage,” Velasquez said. “When you have a debit card compromised, there’s potential a thief could go in and clear all your accounts.”
“If there’s a breach where other sensitive personally identifying information is compromised like your Social Security number and date of birth, things of that nature, that can be much more devastating,” she said.
“That actually gives the thief the ability to act as you,” she said. “They can file for government benefits in your name, they can file a false tax return.”
Perhaps most troubling is consumer data are no safer now than in past years, despite increasing reports of security failures, said James Thurston, spokesman for Ohio Bankers League.
“Sadly it isn’t and the reason why not is because the hackers, cyber criminals are getting more sophisticated. We’re talking about organized crime in places like Russia, China and Eastern Europe,” Thurston said.
“The retailers’ defenses have not kept pace with the sophistication of hackers,” he said.
Banks are doing constant real-time monitoring for fraud and suspicious activity, he said. If anything is found that looks suspicious such as a transaction in a foreign country or an amount that is generally out of whack with a customer’s spending profile, they will call a customer to confirm the purchase. In some case, transactions can be blocked in a geographic area or purchases temporarily put on hold until a card is replaced, he said.