So it’s starting to look like Home Depot got breached. Nobody knows yet how bad it is. I decided to be proactive and call my credit card company because I shop at Home Depot a lot, and they just read me a canned script. OK, they don’t want to know if I think my card was among those breached.
Here’s what I’m doing in the meantime.
This morning I bought half a tank of gas using that card. I bought it close to home. If I remember, I’ll buy another half a tank or so on Friday. This establishes that I’m not traveling right now. It’s also not terribly unusual–I rarely buy full tanks of gas if I’m not traveling–so it helps establish normal. We’re in the data age, so the more normal data I can produce about myself, the more abnormal data–someone using a breached card–sticks out.
Someone using a breached card will look very different. Initially it’s likely to be for a small amount, and it will be online. If that transaction goes through, then they’ll buy something big. But my big purchases tend to be in person, and if you’ve been reading me long enough, you can probably guess what kind of stuff I buy. It’s generally not the kind of stuff a crook is going to buy with a stolen card. That will stick out too.
The other thing I’m doing is gathering together the contact information for my automatic payments, because I’m going to be changing those yet again soon. Those companies are used to it and probably would be understanding if I were late for a payment, but I don’t want to be late for a payment.
Home Depot will be offering identity protection if the breach is confirmed; if you’ve shopped there and used a credit card, take them up on the offer.
Large companies are playing a cat and mouse game with hackers, and the problem is that it doesn’t matter how often the hackers lose. A passing grade for the hackers is anything higher than 0%, and a passing score for companies is 100%.