(Corrects to say "debit" cards in paragraph 5, 12 and 15 not
By Richard Leong
NEW YORK Jan 12 Changing the security code for
your debit card may be as easy 1-2-3 following a widespread data
breach at Target but guarding your personal information from
hackers is a longer-term battle, according to experts.
Even though the government protects consumers from this type
of fraud, you are not guaranteed the store or bank whose
computer system is hacked will tell you about the theft of your
State laws vary on notifying consumers about such theft.
So it's ultimately up to the consumers to make sure their
personal data don't fall into the wrong hands or at least limit
the damage if were to happen.
Report unauthorized charges as soon as possible to your
credit/debit card companies and monitor regularly your credit
activities via the three major credit bureaus, experts say.
Most importantly, don't answer calls and emails from people
posing as agents of banks and card companies because they are
scamming for more information about you, they say.
"Consumers are freaked out about it but as long as you
report suspicious activities right away, you have zero
liability," said Greg McBride, senior financial analyst at
Bankrate.com in North Palm Beach, Florida.
Target, the No. 3 U.S. retailer, said hackers stole the
personal data of at least 70 million customers including names,
mailing addresses, telephone numbers and email addresses during
the year-end holiday shopping season. Earlier, it had said data
from 40 million credit and debit cards were stolen.
Neiman Marcus on Friday said it was too a victim of hackers
but it was unclear how many of its customers were affected.
Sources familiar with these attacks told Reuters hackers
broke into at least three other well-known U.S. retailers'
financial networks during the same period.
A first step for consumers, particular those who used their
personal identification numbers (PINs) with their debit card
purchases during Christmas, is to change the PIN, but make it
that makes the combination tough on hackers.
"Don't use your birthdate or your dog's name. Use a
combination of letters, numbers and symbols like hashtags and
question marks. Make your PIN harder to crack," said Ed
Mierzwinski, consumer program director at U.S. PIRG, a
Washington-based consumer group.
Even a tough PIN combination is not foolproof against
hackers who have becoming increasingly sophisticated. "If they
got it, they got it," Mierzwinski said.
Rather than changing your security code and risk another
hacking, request for a new credit or debit card.
As the fallout of this latest cyber attack mushrooms, banks
might end up issuing millions of new cards anyway because they
could be on the hook for millions of bad charges.
"Fraudulent transactions could pile up pretty quickly. We
might on the verge that card issuers might issue a lot of new
cards and accounts," Bankrate.com's McBride said.
Changing your PIN and getting a new card are quick fixes.
You still need to make sure hackers haven't racked up purchases
under your identity, analysts said.
Watch for suspicious purchases online and notify your card
issuer right away. Don't ignore even small charges because the
scam artists might be testing to see whether they could get away
bigger ones later.
Consumers are entitled to a free annual credit report from
each of the major bureaus, Experian, Equifax and TransUnion.
These credit reporting agencies also offer monitoring
services for a monthly fee, but PIRG's Mierzwinski said they are
pricey and unnecessary.
In cases of breaches like Target, a company often buys them
for its customers for a period of time, according to experts.
Perhaps most important of all, high-tech con men who already
have some information on you will likely want more.
Don't give your PIN, birthdate and Social Security number
over the phone or email, which are vital data to open new card
accounts and apply for loans. These "phishing attacks" often
pose as inquiries from bank and card companies.
If you get such type of calls, hang up, call the number on
your card and tell the bank you received a phishing call.
Or it comes via email, don't open it because it might
contain a computer virus that is created to retrieve personal
data. Just delete it, said PIRG's Mierzwinski said.
While Target's data theft which is still unfolding is
unsettling, "don't panic, you are protected," Mierzwinski said.
(Reporting by Richard Leong)