Target, Neiman Marcus and now Home Depot have all joined the ranks of retailers that have been hacked. Such breaches expose customer data to cyber crooks whose audacity is matched only by their sophisticated hacking savvy. It is estimated that for most Americans, the odds are about 50:50 that their information has been compromised in retailer security breaches over the past six months. The flurry of news on this issue makes a few points clear.
- No system – retailers, banks or credit card companies – will ever be 100 percent secure
- Breaches like the recent attack on Home Depot are likely to occur again
- Ironically many serious breaches – like Home Depot’s – have involved “bricks and mortar” transactions and not e-commerce
What can you do as a consumer to protect yourself if you think your data may be compromised?
- First, pay very close attention to every statement you receive from credit cards, banks and retailers, and look for any charges you don’t recognize. Don’t overlook small (often ridiculously small) items of a dollar or less that are not yours. Cyber crooks often run a test charge, which is usually nominal, to see if they can access account data.
- Contact your bank and your credit card company – there are phone numbers on the back of your cards for you to use. Let the financial services companies know that you have shopped at a retailer that has reported a security breach. Credit card companies won’t hold you liable for fraudulent charges. Many already contact customers if they see unusual activity on an account (and, by the way, this means you should inform them if you are about to take your credit card on vacation, or you might find your card suddenly not working).
- Find out immediately what services the retailer provides for customers whose data might be compromised due to the breach, and sign up for any assistance they offer.
- Get your credit card(s) replaced and change all of your old PIN numbers. This will mean updating all companies where you are set up to pay your bills automatically. This is a time-consuming nuisance, but the price you might pay for not replacing your cards would give you a much bigger headache.
- Use a fraud monitoring service to protect yourself from residual damage from the initial breach and to provide extra security for future transactions. Your bank and credit card companies probably offer fraud monitoring services as a matter of course, but the paid services provide additional protection that usually include online fraud protection.
Savvy cyber crooks have a variety of entry points used to penetrate their targets’ internal and external networks – web servers, file servers, point-of-sale (POS) systems and, in some cases, through third-party contractors whose systems might not be as sophisticated as the larger companies they serve. Addressing the problem of security breaches is going to take a concerted effort by retailers and financial services; both have a lot to lose when customers fear for the safety and security of their personal data. Many companies and individuals would like to see the U.S. payment infrastructure upgraded more rapidly through the adoption of EMV security protocols (Europay, Mastercard and Visa), which would bring us into compliance with systems used in Europe and other parts of the world.