What can consumers do about data breaches?

Posted on

Home Depot, come on down. You are the next contestant on The Security Is Not Right!

Okay, so maybe that’s not confirmed just yet, and Home Depot is staying sort of quiet because they don’t want everybody to stop buying things from them, but Krebs has a pretty good hunch, and his hunches usually turn out to be right. Like Dumbledore.

But even if it turns out the breach was from somewhere else, it still leaves a question hanging in the air: what do we, as consumers, do about point-of-sale data breaches?

The first step is to not freak out about identity theft. I’ve always maintained this distinction, and it’s very relevant here: the theft of debit or credit card information is NOT the same thing as identity theft.

With your card credentials, thieves can make fraudulent charges (at least until your card processor realizes what’s going on and blocks transactions). Without your Social Security number and date of birth, they’re not going to be able to open new accounts or any of the other actions associated with identity theft.

[Optional Cynical Rant: This also goes to show something about the corporations hit by these data breaches: when they so-magnanimously promise they’re going to give all their customers “twelve months of FREE identity theft protection” against any identity theft that results from the data breach, they already know they won’t have to deliver anything, because nobody is going to have their identity stolen with just a card number, expiration date, security code and their name. You can’t commit identity theft with only those details.]

Okay, so you’re not freaking out about identity theft, but you’re still freaking out about the possibility of fraudulent charges. You have my permission to do so. Fraudulent charges are, at best, still a major irritant that can cause you to be late paying bills and other hassles. You don’t want them to happen at all if you can help it.

You could stop paying with cards altogether, sure. Start carrying cash for every single transaction. Like grampaw done. But remember that cash has its own set of disadvantages. If you lose it, it’s gone. If someone steals it, it’s gone. You can’t buy anything online with it. You can’t buy anything on credit with it. Heck, it’s dirty.

So if that’s not your favorite option, what’s left?

Being vigilant.

(Like I’ve been saying for years.)

First, don’t give your information to someone just because they ask, whether in person, by telephone, email, text message, instant message, semaphore, telegraph or cave painting. That’s RULE ONE for the prevention of all forms of fraud.

Second, for every card you have, credit or debit, have online access and check it regularly. Your debit cards are issued by your credit union or bank—they will be happy to set you with online banking. Use a good password, follow RULE ONE, and check your accounts regularly. Sometimes they will catch fraud first, sometimes you will.

If you’ve shopped at a store that has its customers’ data compromised, look through your account history online and make note of when you used your card at that retailer, and be extra-watchful.

Third, be prepared if you’ve used a card at a retailer that was compromised. Have another form of payment handy, because if your card issuer detects possible fraud, they will probably deactivate the affected card immediately. If they don’t have a chance to notify you, and you’re already trying to make a purchase with that card, your transaction could be declined. And if you were trying to buy something important (like, I dunno….GAS) you could end up stranded (or at least white-knuckling it while you drive home on fumes…I’m not going to confirm whether I speak from harrowing personal experience or not).

Don’t freak out, follow RULE ONE, be vigilant and be prepared. That’s what you can do about data breaches as a consumer.

Further reading/sources: