Q: It is time for the credit card companies to come up with something new to protect their customers. Short of millions of customers canceling their credit cards, what can we do to protect ourselves? Just because crooks have the information doesn’t mean they will use it right away. It could be months before they use anyone’s information, so checking now for activity could miss it.
Singletary: In its most recent identity theft report, Javelin said one in four people notified of a breach ended up becoming a fraud victim. So if you shopped at Target during the period its system was compromised, you need to take steps to protect yourself. If you see any unauthorized activity, contact your credit card company or your financial institution. In addition, call the FTC at 877-438-4338. You can find information about other steps you can take at www.consumer.gov/idtheft.
Most important, you will need to monitor your credit reports from all three major credit bureaus: Equifax, Experian and TransUnion. You should be checking your reports as a routine precaution. You can get free copies of your credit reports from www.annualcreditreport.com or by calling 877-322-8228. You are entitled to one free report from each bureau every 12 months. Additionally, identity theft victims are entitled to a free credit report from each of the credit bureaus.
If you do become a victim or are worried about your information being stolen, you can place extended fraud alerts or credit freezes on your credit files. To find out more about how those work, go to www.ftc.gov and click on the link for “Tips & Advice.” Under the consumer section, you will find an identity fraud link that includes information on placing both extended fraud alerts and credit freezes on your credit reports.
Every time we hear of one of these data breach cases, the companies involved tell their customers that they deeply regret the inconvenience it might cause. They pledge to enhance security procedures. But no matter how many firewalls are built to protect our information, the con artists and hackers are actively working to outsmart the companies that store consumer data.
Notice two things that aren’t mentioned: the fact that credit cards in the US are insecure compared to those in most other countries:
When Target (TGT) said last week that the personal information of 40 million of its customers had been stolen, it pointed attention toward a quirk in the U.S. credit system: American businesses haven’t adopted widely available technology that would make it far more difficult to commit credit-card fraud. And while the credit-card industry says a solution will be in place in late 2015, skeptics say the U.S. could lag global practices for much longer than that.
The issue is the continued use of magnetic stripes on the back of credit cards. Most other countries abandoned this technology long ago. They’ve switched to cards with embedded chips that generate a new code for every transaction, making cards very difficult to counterfeit. On the other hand, it’s easy to make fake magnetic stripes. It’s not clear how Target was hacked—the company isn’t telling—but the U.S. is a great place to cash in for whoever got that information.
The technology in the computerized cards, known as EMV, has been around since the 1990s. It took off first in Europe, largely because telecommunications costs there were so high. While cards with magnetic stripes are validated by sending information to—and then from—the card issuer, EMV cards are checked at the credit-card terminal itself. As the rest of the world adopted the new technology, the U.S. became the world capital of credit-card fraud. Last year it accounted for 47 percent of global fraud, while processing just 24 percent of the payments by volume, according to the Nilson Report, an industry newsletter.
and it’s up to the consumer to deal with identity theft even if they did nothing wrong:
In addition, credit-card companies and other credit lenders–banks, oil companies, and department stores, among others–rarely exercise significant oversight before signing up new customers. So, when thieves apply for a new credit card using pilfered information, they are rarely turned down.
Finally, and most devastatingly, credit-reporting agencies routinely add negative information to credit scores without checking whether all those unpaid bills might have been the result of identity theft. And they’re slow and uncooperative when it comes to correcting their mistakes.
The credit industry and other data-handlers behave as they do because in many cases, no one but the victim cares about identity theft. Despite the passage of ID theft legislation last year, institutions that handle personal data pay a very small price when that data is stolen. And when credit card companies and others offering credit fail to look adequately into applicants and end up extending credit to thieves, they also go largely unpunished.