As if the target data breach was bad enough, experts say it is almost inevitable this kind of thing will happen again.
“There’s already a lot of breaches related to the target breach that aren’t being disclosed,” Gartner analyst,AvivahLitan, says there is roughly an 80 per cent chance another big data breach like the target mess will occur in the future, according to http://business.time.com.
It is especially frustrating because the big fixes to improve security are not the kind of thing ordinary consumers can do, aside from calling your bank and asking for a new card (if you have not been issued one already). Although EMV (chip and PIN cards) are more secure and used pretty much everywhere in the world, experts say it will take months if not years to switch our infrastructure.
In the meantime, we are stuck with outdated technology that leaves our cards vulnerable. While you can’t eliminate it, financial security experts say there are a few steps you can take to at least cut down on your risk. These include:
Use credit if you can: Credit cards have two big advantages over debit cards when it comes to fraud. “You don’t have the same protection you have got with a credit card, and your bank account is at risk,” says Scott Dueweke, senior associate in the virtual identity and anonymous payments division of Booz Allen Hamilton. The other issue is that there is a much shorter window of time (just two days!) for cardholders to report a suspicious transaction made on a debit card versus a credit card before their liability climbs. (And if you wait more than 60 days, you can be left holding the bag entirely.)
Sign instead of keying in your PIN: Opt for signature over PIN transactions with your debit card. Merchants would prefer that you use your PIN because it is cheaper for them, which is why most payment terminals are set up with a PIN prompt as a default, but it is riskier because it gives data thieves the option of creating a fake debit card and hitting the ATM to take out your money.
Keep watching your statements: Monitoring your statements for any unfamiliar activity is basic advice, but let’s be honest, many of us don’t, maybe figuring if our information was compromised, we would have found out by now. But if you shopped at the supermarket during the period when the breach occurred and you haven’t been issued a new card, keep a super-close eye on your account activity at least through to the end of the month, Dueweke says.
Criminals who steal batches of payment card information usually sell it right away, and those buyers tend to use those numbers as soon as possible. But in this case, the breach was so big that there is a veritable bumper crop of stolen card data floating around the black market. In other words, it could take a little while for the bad guys to get around to yours.
Disable automatic transfers to linked accounts: Many banks offer customers the option of linking a savings account or line of credit to their current account, with an automatic transfer of funds if a transaction will trigger an overdraft. (There’s usually a fee for this, so most banks charge for overdrafts.) If your debit card is used by thieves, this means they can wipe out both of your accounts, so consider temporarily disabling this function.
Use more and better passwords: “These database breaches often include online username and passwords, and if you are one of the 55 per cent of all consumers who use the same username and password for all of your online relationships, then a data breach at a retailer can also result in the bad guys getting access to your online banking accounts,” says Julie Conroy, a research director at the Aite Group, a consulting company.
Compounding the problem, most of us still use really lame passwords: SplashData, a company that makes tools to help people manage their passwords, put together a list of 2013’s worst passwords. No-brainers like “123456,” “password” and “qwerty” were among the top five. “Even passwords with common substitutions like “dr4mat1c” can be vulnerable to attackers’ increasingly sophisticated technology,” the company warns.
Set up account alerts: Most banks let customers set up alerts, generally sent via email or text, that tell customers if certain types of transactions are made. “The alert parameters are often configurable, so consumers can choose to be alerted on what is truly out of pattern for them, and not have to put up with a lot of noise,” Conroy says. You can set a naira amount or a geographic range as a trigger to receive an alert, for instance.