According to the old saying, “fool me once, shame on you, fool me twice, shame on me.” Reports have surfaced of yet another major data breach similar to the kind we first saw with Target and repeated regularly since then. As usual, it is not the company that is discovering the loss of data on credit cards and debit cards used at the store, but rather banks that monitor the sale of stolen credit and debit cards on black market websites noting the common thread of the cards having been used at Home Depot. First indications are that the data breach may have affected every one of Home Depot’s 2,200 stores throughout the United States. The potential loss of data may well be far greater than suffered by Target. It also appears that the breach may have been done by the same Eastern European hackers that stole data from Target, P.F. Chang’s and others using the same “backdraft” malware that I have warned you about for a long time and about which the Department of Homeland Security warned retailers on July 31st. This will not be the last major data breach as retailers are still not doing enough to protect the security of their data or the privacy of their customers. In addition, the loss of credit card data could have been avoided had retailers seen the writing on the wall when the Target data breach occurred and advanced the switch over to smart credit cards with computer chips that generate a unique code each time the card is swiped thereby thwarting hackers and identity thieves who would be stealing a number that was worthless for further use. Present regulations put no incentive on retailers to switch to these cards which are used throughout the world, but not in the United States, until October of 2015.
So what do you do?
For starters, do not use your debit card for retail purchases. Limit its use to ATMs. There are strong laws to protect you from fraudulent use of your credit card, but the laws protecting you from liability in the event of fraudulent use of your debit card are not strong and you potentially risk losing your entire bank account to which the card is attached. In addition, even if you report the fraudulent use of your debit card immediately, your bank will freeze your account while it investigates the breach which can be very inconvenient if you need immediate cash or have bills automatically paid from your account. Another thing you should always do is monitor all of your financial accounts regularly for fraudulent use.
Recently, Boris Toumasian was convicted of multiple offenses involving identity theft and sentenced to federal prison for a term of five years. Toumasian, who had worked at a BP gas station, installed skimmers on the gas pumps at the gas station. For those of you new to this website/blog who might be unfamiliar with skimmers, they are small devices that are used to read and store the information from your credit cards. In this case, the skimmers were installed over the legitmate card swiping mechanism on the gas pumps at the gas station where Toumasian worked. Toumasian took the information gathered from the skimmer and transferred it to American Express Gift cards which he then used to make purchases using his victims’ credit and debit card accounts.
Sometimes skimmers are used by identity thieves who are employed in legitimate stores, restaurants and other establishments where you would pay by providing your credit or debit card to the employee. They run your card through the skimmer at the same time that they legitimately charge your card for the service or product purchased. Other times, skimmer devices are installed over credit card swiping mechanisms such as you would find at an ATM or gas pump. When you hand your card to a clerk for a purchase, try to watch your card at all times. When you use your card by way of a card swiping mechanism, look to see if the mechanism appears to have been tampered with in any way. Also, make sure that you carefully check your monthly credit card statements and bank statements each month to discover as quickly as possible if you have become a victim of identity theft. Identifying a loss early is particularly important when using a debit card which does not provide the same level of legal protection that a credit card does.
Using an ATM is a very convenient way to access your bank account. Unfortunately, it is also a very convenient way for scam artists to access your bank account as well, often with your assistance.
The primary way ATM’s are compromised is through the use of a small device called a “skimmer” which fits over the slot where you put your bank card. The skimmer reads the information embedded in your card, which is half the battle to accessing your account. Often criminals will install cameras by the ATM to read your PIN as you input it into the ATM. These cameras may even appear to be the security cameras used your bank. Other times they may even install a keyboard over the regular keyboard to capture your PIN.
Always check an ATM before using it to see if it appears to have been tampered with and when you input your PIN, shield the keyboard from any cameras or prying eyes.