Other than spending too much, one of the biggest risks facing holiday shoppers heading into Cyber Monday is the security of their personal and financial information, say cybersecurity experts.
A year after a pre-Christmas data breach at Target Corp. that affected 40 million debit and credit card records, the chance of another large retailer suffering an attack is high, said Chris Hart, operational risk director for Cincinnati-based First Financial Bancorp. Michaels Stores Inc., Home Depot, JPMorgan Chase & Co. and others followed in Target’s wake with their own security lapses in 2014.
Because of the magnitude of compromised data this year, the bigger concern for holiday shoppers than the next hack is how their already stolen information — such as credit card numbers, usernames and passwords — will be used during the busy spending season, Hart said.
“What we’ve seen with the breaches announced by Target and Home Depot and JPMorgan Chase is that we’ve put in jeopardy millions of consumers’ personal information,” he said.
“That loss of personal information is now going to be leveraged by fraudsters who will combine different pieces of that information in opening up unauthorized lines of credit and leveraging it for highly profitable fraudulent endeavors.”
Shoppers should be on high alert for suspicious activity on their bank accounts during the weeks between the Thanksgiving and Christmas holidays.
The number of breaches tracked by the Identity Theft Resource Center, a nonprofit that provides counseling services to identify theft victims, has risen 25 percent in 2014 from the year before. The counseling center compiles media reports and records obtained from state attorneys general, and found 679 data breaches nationwide so far this year.
Data breaches are when fraudsters break into computer systems to steal consumer names, payment card numbers, medical records and other information. Personal cellphones, tablets and computers infected by malware from phishing emails and other scams can also be breached, Hart said.
In fact, Hart says the next big data breach has already happened, but the affected company doesn’t know it yet because it can take weeks or months to detect.
Retail breaches are attention-grabbing, but according to the National Retail Federation trade group, more breaches occur at government agencies (13 percent) and financial institutions (34 percent). According to the association, 10 percent of breaches are at retailers, and 11 percent are at hotels and restaurants.
The Kroger Co. has to constantly modify its systems because the “bad guys” are highly skilled, said Rachael Betzler, a spokeswoman for the Ohio grocery company.
“Data security and privacy are very important to our customers, and Kroger pledges to protect the security and privacy of any personal information customers provide to us, including credit card information,” she said. “Constant vigilance is required to stay ahead of criminals who want to misuse customer payment information.”
Some tips on how consumers can better protect their information:
▪ Online shopping is riskier than brick-and-mortar sales. Online shoppers should be wary about whether the website they are browsing is legitimate. Today, a lot of imitation websites look like the real thing.
Make sure the hardware and software being used to browse haven’t been compromised by a virus or malware.
At an online checkout, one thing to be aware of is that the session with the retailer is secure. The way to tell is to look for “https” in the website address and look for the “s” at the end. If there’s no “s,” don’t add any personal information or credit card number through that website.
▪ Activate online banking alerts to receive notifications by email or text message of account activity.
▪ Especially online, pay with a prepaid card or credit card because there are more protections. With credit cards, there’s zero liability or minimal liability for customers from fraudulent charges. Also, the Fair Credit Billing Act gives customers the right to dispute credit card charges and temporarily withhold payment while the dispute is investigated.
▪ Review financial statements to make sure debit and credit card transactions are reconciled accurately. Shoppers are encouraged to keep receipts for all purchases, in-store and online, including order numbers and warranties.
That way, when it comes time to reconcile purchases with a statement, those records are available.
In previous data breaches, criminals have tried to post a small charge to check for live accounts or to see whether a consumer is monitoring an account. Larger fraudulent charges could occur hours, weeks or months later.
▪ Alert the bank or credit union immediately if fraudulent charges or debits are suspected.
▪ Take advantage of free credit monitoring services if provided by affected retailers. While doing so, deal directly with the retailer to avoid falling prey to phishing scams or other fake credit monitoring offers.