Black Friday, the official launch of the holiday shopping season, is only a few days away. Do you truly know who has your credit card information?
As Columbus-area residents flock to Peachtree Mall, Columbus Park Crossing and other local retail centers this year, that question has become more and more pertinent with the increasing number of security breaches impacting merchants and card issuers.
It was last December that retailer Target suffered a breach impacting up to 110 million of its customers. In September, Home Depot said up to 56 million people who had used their cards at its stores starting in April could have had their card information stolen by hackers.
The card numbers and information are then put up for sale on the black market, with thieves often making purchases online, sometimes in small amounts -- perhaps less than $10 -- to keep the victimized consumers from detecting it unless they scour transactions and statements very frequently and closely.
The issue is even putting financial institutions on edge, with companies such as Capital One recently re-issuing cards to any customer who made a purchase at Home Depot from April through September -- just in case.
The Credit Union National Association also reported that 7.2 million of its member organizations' customers nationwide were impacted by the Home Depot security breakdown, with nearly 135,000 of those in Georgia.
The association said it cost about $8 to reissue each new card and put staff in motion for fraud alerts, account monitoring and notification of credit union members caught up in the hacking web. The organization also took a swipe at other commercial entities.
"Merchants, which allowed the breaches to occur, have no financial responsibility to make the consumer or the financial institution whole," John Kerley, chief operating officer of Cooperative Services Inc., a service group owned by 53 credit unions in Georgia, said of the breaches, including Target. "Financial institutions are the ones who bear the expense for the merchants' negligence. Financial institutions are held to a much higher standard."
The Insurance Information Institute weighed in as well, saying that identity theft is "happening everywhere." It said data held by retailers, hotels, banks and virtually any business is potentially at risk. And it said with the holidays approaching, the threat from stolen information will likely grow.
Citing Federal Trade Commission statistics, the institute pointed out more than 13 million consumers were victimized in some way by identity theft in 2013, with an average loss per incident of $2,294. It noted more than 11 hours on average were spent by individuals trying to clear up the matter.
So where does that leave you this holiday season? There's always cold, hard cash. But most -- out of convenience or necessity -- will pull out their plastic cards this Black Friday and Cyber Monday, and beyond, to make purchases.
Thus, with that in mind, consumers should know how to keep their data and personal information safe, as well as know what to do if they think they've been breached in some way. That's a necessity whether making purchases in brick-and-mortar stores or via a computer, tablet or mobile device.
Here are tips to navigating the retail waters this 2014 holiday shopping season:
Credit card safety tips
Monitor accounts for unauthorized charges or debits: Consumers should regularly review their accounts online if possible, and at a minimum examine their monthly statements closely. Consumers should report even small problems immediately as some thieves may process a small charge or debit just to see if the account is live, or whether the consumer notices. Fraudulent charges may occur many months after information is stolen. Even if consumers think the personal identification number on their debit card was not stolen, they should consider changing the PIN in order to be on the safe side.
Alert bank or card provider immediately if fraud is suspected: Consumers should alert their bank or card provider immediately if they suspect an unauthorized debit or charge. If fraudulent charges appear, the consumer should ask the card provider to close access to the account and issue a new card before more transactions come through. Under federal law and other applicable rules, consumers are generally not responsible for unauthorized debits or charges to credit or debit card accounts, as long as they report them quickly to their bank or card providers.
Avoid scams that ask for personal information over email or by phone: A common scheme, known as "phishing," involves a scammer contacting a consumer over email or phone and asking to verify account information. Banks and credit unions never ask for account information through email. If consumers receive this type of email, they should immediately contact their card provider and report it. If consumers receive this type of phone call, they can ask for a call-back number to verify the requestor is actually their financial institution.
If necessary, make a complaint to the bureau: If consumers are unsatisfied with how their bank or card provider responds to a report of fraudulent charges, they can submit a complaint to the Consumer Financial Protection Bureau, a government agency. Card providers should investigate charges and respond quickly. Consumers have a right to see the results of the bank's or card company's investigations. The CFPB accepts consumer complaints on payment cards and other financial products and services. Consumers can submit a complaint by going online at consumerfinance.gov/complaint; calling the toll-free phone number at 855-411-CFPB (2372) or TTY/TDD phone number at 855-729-CFPB (2372); faxing the CFPB at 855-237-2392; or mailing a letter to Consumer Financial Protection Bureau, P.O. Box 4503, Iowa City, Iowa 52244
-- From the Consumer Financial Protection Bureau
Credit card safety first: Sign the signature panel on the back of your card as soon as you get it. Never keep your PIN code in the same place as your card.
Keep your account number private: Thieves don't need the card to get into your account, just the number. So for the sake of credit card safety: Keep your card close to your vest -- don't let anyone see it when you're out in public. Don't give the number over the phone unless you initiated the call and you're talking to your bank or a merchant you trust. Never answer an email that asks for your account number or personal information -- even if it looks like it's from your bank or a reputable company or organization.
Consider paperless statements to remove your sensitive information from the postal system: Store paper statements and other documents with sensitive information securely and shred prior to disposal. Tell your credit card issuer if you're changing addresses so statements and other notifications about your credit card follow you to your new home. Periodically check to ensure your bank or credit card issuer has your current phone number and email address on file so they can contact you quickly if necessary.
Use online payments where possible to avoid the risk of a lost or stolen check or account number in the mail.
Be careful with your receipts: Extra spaces on the receipt? Draw a line through them before you sign, so nothing can be added later.
Keep your receipts and check them against your billing statements. Don't just toss receipts and duplicates -- shred the ones you don't need and securely file the rest.
Make sure your devices and networks are secure: Make sure your computer is equipped with a firewall, which prevents unauthorized users from gaining access to your computer or monitoring transfers of information to and from the computer. Be sure to download and install any operating system and software updates (sometimes called patches or service packs) in a timely manner. Make sure your browser software is up to date. Equip your computer with virus-protection software. Avoid downloading software or programs from unknown sources.
-- From Bank of America
Use credit, not debit: The first rule of keeping your payments safe is to always use a credit card. They come with better consumer protections against fraud, and your liability's capped at $50. Many cards also have zero-liability policies, so you're even better protected. Debit cards aren't quite as comprehensive, and depending on when you report the card missing, you could be on the hook for the entire amount. Stick to credit. If you have doubts about a transaction, you can even use a one-time use credit card to generate a random card number linked to your actual account. This will make it harder for criminals to steal information.
Check for the "s": When it's time to enter your information, make sure the page's address starts with https:// rather than http://. The extra "s" indicates the site uses an encryption system to scramble your information. The "s" doesn't necessarily guarantee the transaction is 100 percent safe, but it's a fast and easy check that can give you another layer of confidence.
Don't shop in public: This should be obvious. Don't conduct online transactions in public places. Websites often save login information, and you don't want to accidentally leave your accounts open for the next person who hops on the computer. Even if you're good about always logging out, it is possible for hackers to install a "key-logger" program to record your keystrokes. That will give them your user names, passwords, credit card numbers and personal information. Using your own personal laptop or tablet? You're still not safe. A good hacker can snag your information using the public Wi-Fi. Only shop online from your own computer (or that of a trusted friend) with a private Wi-Fi connection. If you tend to make transactions in public places, consider getting a virtual private network (VPN).
Never give out your Social Security number: You never need to give out your Social Security number to make a simple purchase. Don't do it. If a website seems to be asking for more information than is normal, leave immediately and don't look back.
Keep your anti-virus software up to date: Every computer needs anti-virus software. Otherwise, you leave yourself wide open to attacks and security breaches. Install a trusted software and update it regularly. You should also keep your web browser and operating system current with the most recent security patches. For people who aren't tech-savvy, this might seem a little complicated, but most of this stuff updates automatically these days as long as you have the software in place.
Check for a seal: Again, this isn't a perfect guarantee of a flawless security system, but it can help you feel better about your purchase. Most legitimate websites will carry some sort of seal of approval from an organization like McAfee, the Better Business Bureau, VeriSign or TRUSTe. This lets consumers know someone has taken the time to verify the trustworthiness of the vendor. Of course, these seals can be faked, but if there's no seal at all, you may want to reconsider entering your information.
12345 is not a good password: A strong password is essential. You should always have a mix of numbers and letters, both uppercase and lowercase characters and at least one symbol like @ or %. Don't use obvious words like your name, your social security number or the word "password." Make it unique and custom, and don't use the same password for multiple accounts. If someone figures out one of your passwords, you don't want them to have instant access to everything.
Trust your instinct: If a website seems shady, don't use it. You'll probably be safe on websites like Amazon and BestBuy.com. You can usually trust big names. Smaller, lesser-known websites should be treated with suspicion. If a site looks outdated or poorly designed, proceed with caution. If you receive an email with a link to a website, never shop directly through that link, even if it is a big, well-known company. Instead, navigate to the site through your web browser. You can go directly to the site if you know the address or bring it up on Google if you don't. This will help you avoid clicking through to fraudulent links.
-- From Nerdwallet.co