If you recently shopped at a Target store, beware your credit card may have been stolen.
It’s always wise to be vigilant about protecting your personal identity and credit card info, but in light of the recent Target breach it is now paramount and extremely urgent.
What happened?
Find out what's happening in Stonington-Mysticwith free, real-time updates from Patch.
Consumers that used their credit or debit cards at any of the 1,797 Target stores in the U.S. (close by in Waterford, Warwick, Killingly, and Lisbon) between the dates of November 27, 2013 and December 15, 2013 could have had their credit card info compromised. Target confesses that 40 million credit cards were stolen from their stores during this time period. It appears that every store had evidence of breach.
So, if you shopped there, your credit card may still be in your wallet but a copy of all your information from your card may be for sale on the black market as you read this. Although your credit card is still physically in your wallet, the information on the magnetic stripe on the back of your card is what was lifted from the stores.
Find out what's happening in Stonington-Mysticwith free, real-time updates from Patch.
Hackers that lifted the credit card data started selling them at underground website who sell stolen credit cards for fee by non-traceable currency such as bitcoins.
Which Cards May be Sold
Although the full extent of the breach is unknown and will now be kept under wraps since the Justice Department and Secret Service are in a full scale investigation, it’s not fully known if the 3 digit CVV codes were also lifted as well as debit pin numbers.
Assuming that the 3 digit CVV code on the back of the cards were not able to be copied, that will mitigate or altogether prevent the cards from being used on internet sales. Most E-Commerce websites require the CVV code to complete a transaction, no CVV code, no sale.
So that means the bad guys will have to clone a credit card with the stolen information. That’s really easy to do because the equipment to produce replica credit cards are readily available. So, they would have to shop at brink & mortar stores and attempt to buy items that can easily be sold for cash on the black market or fenced on the white market.
Additionally, bells and whistles will go off if the stolen card is from, say, Connecticut, and its’ attempted to be used in California. So, the bad guys, knowing the address of the Target store the card was stolen from will shop that stolen card in that geographic area.
Are You Liable?
Rest assured, in the long run, you are not liable for any fraudulent purchases made as a result of your credit or debit card info being compromised as a result of shopping at Target. Both Target and the major card issuing banks have said as much. However, it can be very disruptive to your life if suddenly your credit line was maxed out, or your bank account depleted. So, it’s best to be proactive now.
Debit cards are particularly vulnerable. The owners of debit cards could potentially have their entire bank accounts drained. Sure, you'd probably get the money back eventually after a fraud investigation, but for the weeks or more of that investigation checks could bounce and bills might not be able to be paid…ugly.
What Are The Credit Card Issuing Banks Doing?
Believe it or not, some banks are going to the online website where stolen cards are posted and actually buying back their customers cards. Most banks are scanning their database of credit cards and determining which have Target transactions and proactively contacting card holders and re-issuing new cards.
In the case of Chase and Santander, they have lowered the ceiling as to how much cash can be pulled from an ATM and the maximum sale per day on a card. I called Santander and there is a $310 daily limit on ATM withdrawals and $1,500 in POS purchases per day.
Obviously all banks are monitoring credit and debit cards for evidence of suspicious activity. Normally a spike in credit card use would be a flag, but the hackers were brilliant to do the theft during the high volume Christmas shopping period when all cards have high volume.
What Actions Should You Take?
There are 5 steps which you can take to protect yourself. Step one is strictly for those of you who shopped at Target during the vulnerability window. Steps 2-5 are just sound practices for all credit and debit card holders.
1. Immediately Call Your Bank, Cancel Your Current Credit or Debit Card and Request a New One.
If you shopped at Target during those dates, whether a debit card or credit card, I would unequivocally advise calling your credit card issuing bank and cancelling your card and getting a new number. Be prepared for them to try and talk you out of it, it costs the bank between $4 - $5 to replace a card, so times that by 40 million cards and you’re talking a tidy piece of change.
Are the odds 100% that your stolen card will be used for fraud, no. But why risk it. You’ll only be without a card for about a week, and the Christmas shopping season is hopefully over. And, yes, you’ll have to update your card information at your favorite shopping sites, think Amazon.
Alright, the bank talked you out of replacing your card what else can you do?
2. If You Use a Debit Card, Change Your PIN
This is quick and easy. Call your issuing bank and request to changer your PIN. The hard part is to change it to a number you can remember, but it’s not yours or anybody in your family’s birthday.
Never, ever write down your PIN on anything. That’s just too easy for the bad guys.
I would recommend thinking up a personal 4 word phrase that you will never forget, a couple of examples:
“My Dear Aunt Sally”
“I Love My Bulldog”
Then pull your cell phone out of your pocket, look at the letters associated with the numbers and you’ll know your PIN without having to memorize a rote random number that has no meaning. In the examples above:
“My Dear Aunt Sally” 6327
“I Love My Bulldog” 4562`
It is difficult for a hacker to write a program to crack the randomness of this approach.
3. Request Email Alerts to All Transactions
Most banks have the means of emailing you the details of every transaction on your credit or debit card. If you have email on your mobile device, you will be immediately alerted that a transaction went through, you can then inspect such to see if it is legitimate or not.
4. Monitor your Online Card statement
Start a new habit of going online and checking your credit or debit card statement every day or two. Sorry, sounds like a hassle but this is the new normal.
Obviously, check for any charges you didn’t make and immediately call your credit card issuer. But, here’s a little secret, hackers will often ping an account with a micropayment, like 10¢. That way they can see if the card is still active without setting off any alarms. If you see that, call your bank and be prepared to cancel.
5. Subscribe to Fraud Monitoring Service
Call your credit card company, since most generally offer customers fraud monitoring services at no cost, and customers aren't on the hook for any fraudulent charges.
Or, sign up for a fraud monitoring service. If you're concerned about credit card theft going forward, LifeLock and other similar threat detection services claim that they can monitor your card activities and alert you when your account has gotten into the wrong hands.
In God We Trust
Now that we’re rapidly moving from cash and checks, is the credit and debit card system safe? I believe so, it’s a cat and mouse game between the big banks, Visa, MasterCard, American Express, and the whole credit card industry vs. the hackers. Once a breach is exposed it will be closed until the next breach is found. The last really mega hack was in 2007 when TJX Company (TJMaxx and Marshall's) had 90 million cards compromised. So, certainly within the next 6 years there will be another major attempt. But at least now you know how to protect yourself just a little bit better.
