What I’m doing to protect myself after the Target data breach

As you’ve probably heard, Target had a bad month. Between the days of 27 November and 15 December, about 40 million credit card numbers were stolen, making it one of the biggest breaches of its kind in history. As far as we know, the card number and security code were stolen, but debit-card PINs and addresses were not.

Target says they have contained the breach and are cooperating with credit card companies and authorities. Cringely has some analysis, but it has more for people like me to think about how we do things at work than it does for consumers.

And, well, as luck would have it, I shopped a lot at Target between the days in question. And I used both my credit and debit card during that time. Here’s what I’m doing, some of which may be counter-intuitive.

Keep using the cards. Credit card companies have a pretty good idea of normal, so keep doing what’s normal. My debit card rarely worked while I was traveling to D.C., because my small-town Missouri bank regarded that as abnormal. One time, several years ago, my wife bought charged something online right about the same time I charged something at a store, and Discover called us to ask what was going on. So if you’re using your card while you’re out and about, a fraudster trying to use it is more likely to stand out, not less.

Watch my statements. This goes without saying, but what to watch for is important. A fraudster isn’t going to charge a 90-inch TV. At least a smart one won’t. A fraudster will try a small purchase first, to see if the card is good, then buy something bigger. So look for one or two small purchases you didn’t make. If you see any, call your card issuer immediately.

I didn’t change my PIN. PINs weren’t stolen, so fraud on your debit card will be run as credit.

I didn’t call and ask for new cards. It’s tempting, and not necessarily a bad idea, but changing cards is a royal pain. If the card issuer thinks it’s necessary, they’ll send new cards. Discover has done that several times in the past.

I’m going to call and tell them I used my cards at Target. I haven’t gotten through to Discover just yet–Discover’s call volume is through the roof–but at some point soon I will, and I’ll tell them. I’ll also call and tell my bank. I know both watch for suspicious behavior anyway, but knowing my two cards were candidates for compromise will probably make them more vigilant.

If you found this post informative or helpful, please share it!

2 thoughts on “What I’m doing to protect myself after the Target data breach

  • December 23, 2013 at 4:23 pm
    Permalink

    Would requiring a photo I.D. help stop these credit card thieves?
    On line sales could be regulated in some similar fashion.
    The credit card companies are, to a great degree, responsible for this fraud with their lax security.
    The individuals that commit these crimes should be severely punished. Juries of their peers, comprised of their victims, might convince these crime syndicate members to change to another criminal pursuit.
    ….
    “The hacker mindset doesn’t actually see what happens on the other side, to the victim.”
    Kevin Mitnick

    • December 23, 2013 at 7:39 pm
      Permalink

      It would help, but not nearly as much as we would like. Someone would have to counterfeit a driver’s license to go with the counterfeit card. So, pick the state that has the easiest license to counterfeit, and make one that looks believable enough, remembering that it doesn’t have to fool an expert examination, just a quick check by an overworked cashier. Go when the store is especially busy, and then the cashier is even more likely to bend the rules.

      The problem is that we are an affluent country with credit cards that are easy to counterfeit. In Europe, the cards have a chip in them that makes them much more expensive to counterfeit. The problem is that implementing it is expensive. It’s cheaper, easier, and more profitable for the industry to buy insurance that pays out in the event of a breach.

      Most likely the perpetrators are overseas, so depending on the jurisdiction they may be difficult to prosecute. Close allies would be likely to either extradite or prosecute them themselves; nations that have historically been hostile are more likely to turn a blind eye. People who buy the card numbers, make counterfeits and use them will get prosecuted of course, but they’re easier to apprehend than the enablers.

      Both the retailers and the banks want a more secure system like Europe has, but both want the other to pay for it. So it would take government regulation to make it happen. The only way I see that happening is if a large enough number of them are affected by this breach personally. While every politician wants us to think they shop at Target, I’m sure many of them haven’t set foot in a discount store in my lifetime.

Comments are closed.