At Chosen Payments, we care about the businesses we serve,
but we also care about their clients and customers as well. With data breaches, computer hacking and
credit card fraud prevalent in the news. We wanted to make sure our customers’
customers are as protected as can be. If
an online company with which you have an account has been hacked or you have
received a notice informing you that your personal information, or your
credit-card number, was stolen in a data breach – would you know what to do?
If you’re personal information has been compromised, you're
definitely not alone. In the past few years, dozens of companies, including
Target, Home Depot, Neiman Marcus, Michael's Stores, LinkedIn and the giant
health insurer Anthem have suffered data breaches that compromised tens of
millions of accounts and payment-card numbers.
If you're among the millions of consumers whose sensitive
information may have been exposed in a data breach, here's what to do to
minimize your chances of becoming the victim of identity theft or credit-card
fraud.
1. Determine what was
stolen.
You'll need to pin down exactly what kind of information was
lost in the data breach. Sensitive information falls into three general
categories:
Least sensitive:
Names and street addresses. Such information was pretty harmless when it was
printed in the phone book. Today, a name typed into a search engine can yield
data useful to online marketers and nosy neighbors, but probably not enough to
cause serious trouble.
More sensitive:
Email addresses, dates of birth and payment-card account numbers. (Payment
cards include debit cards, credit cards and charge cards like an American
Express card.)
A stolen email address may result in increased spam; a
stolen credit card will often result in fraudulent charges, but the card holder
is generally protected from liability (see below). A date of birth by itself is
useless, but when combined with a name, it's more valuable than an address,
because it never changes and is often used to verify identity.
Most sensitive:
Social Security numbers or (in Canada) Social Insurance Numbers, online-account
passwords, financial-account numbers and payment-card security codes (the
three- or four-digit number printed on the front or back of payment cards).
An online-account password, combined with an email address,
can be used to hijack online accounts. A card security code lets a thief use a
stolen card number for online and telephone shopping. A bank account number
lets snoops track your financial history and even move money into (but probably
not out of) an account.
The company that suffered the breach may tell you that even
though email passwords or credit-card numbers were stolen, those items were
encrypted and hence "safe." Don't take their word for it — hackers
and cybercriminals can "crack" many forms of encryption. If your
password was less than 10 characters long or used words that can be found in
the dictionary, consider it stolen.
Possibly the worst piece of personal information to have
stolen is your Social Security or Social Insurance number. With that and your
name, almost anyone can pose as you. Unfortunately, it's very difficult to
replace an old Social Security or Social Insurance number with a new one. For
more on what to do, read our primer on what to do if your Social Security
number is stolen.
2. Change all
affected passwords.
If an online account has been compromised, change the
password on that account right away. If you used the same password for any
other accounts, change those as well, and make up a new, strong password for
each and every account.
Don't reuse the password for a second account. That way,
you'll be limiting the damage next time there's a data breach, and you won't
have to go through this process again.
If creating and remembering all those new passwords is
difficult, use a password manager to handle it all for you. With a password
manager, you'll need to remember only one password; the software will take care
of the rest. The downside is that if the "master password" is compromised,
all your accounts will be as well.
3. Contact relevant
financial institutions.
If a payment-card number has been stolen, contact the bank
or organization that issued the card — immediately. (Most credit cards have
toll-free customer-service numbers printed on the back.) Make sure you speak to
a live human representative. Explain that your account is at risk of fraud, and
ask the card issuer to alert you if it detects suspicious activity on your
account. The bank will almost certainly cancel the card and issue you a new one
straight away.
Professional credit-card thieves often try to "bust
out" stolen card numbers with many purchases in a matter of hours, often
on weekends when banks are not fully staffed, before the banks can cut off the
card. Nevertheless, federal rules limit the customer's liability for fraud. If
you alert the banks or card issuers before any fraudulent transactions take
place, you're covered.
Debit cards have much less protection if fraudulent charges
are rung up before the bank is notified. To get the $50 limited liability, the
customer has only two business days after learning of the fraud to tell the
bank. After that, you may be liable for up to $500; if more than 60 days go by
and you still haven't told the bank, you could be on the hook for the whole
thing.
4. Contact the
credit-reporting bureaus.
Contact the major consumer credit-reporting bureaus and ask
each to place a fraud alert on your name. This way, if anyone tries to steal
your financial identity — for example, by trying to open a credit-card account
in your name — you'll know. (You'll also learn when anyone tries to look up
your credit.)
Fraud alerts, also known as credit alerts, are free and can
be renewed every 90 days. Once an alert is requested, the customer will get a
free credit report.
You can also take a more drastic step of requesting a credit
freeze, also known as a security freeze.
A credit freeze won't allow anyone to run a credit report on
you, or open an account in your name, without your explicit authorization, so
it's pretty solid protection. But it may cause unforeseen complications when
you apply for new credit cards or a mortgage, or even switch cellular carriers
or cable-TV companies.
5. Sign up for a
credit- or identity-monitoring service.
Many services, both free and paid, will help monitor your
financial accounts and sensitive personal information. Contact Chosen Payments and we’ll be happy to
refer a service to you. Personally, I use Safe Id Trust and have found that both Tim and Mike to be very helpful and knowledgeable. It is important to know that starting a program like this is a lot more effective when used proactively.
Many large companies that suffer data breaches provide
affected customers with one or two years of free identity protection. You
should take advantage of the offer, but read the fine print for what kind of
protection you'll get. A service that doesn't monitor financial accounts won't
be of much help if your credit-card number, but not your personal information,
was stolen.
What if your identity
DOES get stolen?
All of the above steps are meant to make sure your identity
doesn't get stolen.
If identity fraud does occur — if someone else indeed
pretends to be you for any purpose — you'll need to file a report with your
local police precinct as soon as possible. That may seem useless, but it's
extremely important, as it will establish a legal basis with which you can
dispute any future fraud.
Next, you'll need to file a formal report of identity theft
with the federal government. You can do this online with the Federal Trade
Commission. Like the police report, the government report will be essential in
disputing and resolving future fraud.
You may also want to institute a credit freeze with the
credit bureaus, as described above. You know the fraud is happening and need to
stop it — the inconveniences resulting from a credit freeze may be worth the
peace of mind.
In the worst cases, clearing your name can take years. Make
sure you document each phone call made, and each email message and letter sent,
during your efforts.
If you would like more information on the above information
or if you have a topic you would like to see addressed in a future blog,
contact us!
Zach Allen Regional Vice President at Chosen Payments
Credit Card Processing | ACH | Gift/ Loyalty Cards | Mobile & Ecommerce Payments | ATM
Toll Free: 1.855.424.6736 x. 116
zach.allen@chosenpayments.com | www.ChosenPayments.com
www.facebook.com/ChosenPayments | Twitter: @ChosenPayments
http://chosenpaymentskc.blogspot.com/
Credit Card Processing | ACH | Gift/ Loyalty Cards | Mobile & Ecommerce Payments | ATM
Toll Free: 1.855.424.6736 x. 116
zach.allen@chosenpayments.com | www.ChosenPayments.com
www.facebook.com/ChosenPayments | Twitter: @ChosenPayments
http://chosenpaymentskc.blogspot.com/
No comments:
Post a Comment