Scam of the day – September 30, 2017 – Sonic suffers potentially massive data breach

Fast food chain Sonic, which has more than 3,500 locations in 44 states has acknowledged that it had a data breach in its credit card processing systems at an undisclosed number of its restaurants potentially affecting what appears to be at least 5 million credit and debit cards.  As is often the case in massive data breaches, such as this, the hackers are now selling the stolen credit card and debit card numbers along with the zip codes of the card holders on the Dark Web, which is that part of the Internet where criminals buy and sell things.  The website Joker’s Stash is selling five million credit and debit cards for prices of between $25 and $50 per card, depending on various factors including the level of the credit card and whether it is a debit or credit card.  The fact that zip codes are including in the information being sold makes the card more valuable to a criminal who may use the card for fraudulent purposes in the geographical area where the victim lives in order to avoid having the purchase look suspicious, such as in the situation where the card holder lives in New York City and a credit card purchase occurs in Singapore.

Like many credit card and debit card data breaches, this one was made possible due to the fact that Sonic stores affected do not yet use the more secure EMV chip credit card and instead still use the old style magnetic strip credit card.

TIPS

If you have used a credit or debit card at a Sonic restaurant during the last six months, you should carefully review all of your credit and debit card purchases for indications of fraudulent use and if you find such use, report it to your credit card company or, in the case of a debit card, to your bank.

Until businesses that take credit cards switch to the newer EMV chip cards, this story will continue to occur again and again. There is no law requiring companies to switch to the EMV chip cards.  The mandate of retailers to do so is only a trade group regulation.   As for us, as consumers, the best thing we can do is to refrain from using our debit cards for anything other than as an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  Frankly, even if you were not a Sonic customer you should regularly monitor your credit card statements for indications of fraudulent use.

Scam of the day – December 5, 2016 – Online credit card fraud increasing

Anti-fraud company Iovation is reporting that credit card fraud for online shopping during the first shopping weekend of the holiday shopping season that began on November 25th increased by 20% over last year and 34% over 2014.  This is not surprising because safer EMV credit cards with a chip that issue a new authorizing code every time the card is used cannot use the chip capability when shopping online,  leaving them more vulnerable to hackers accessing the victim’s credit card number which can then be used by the criminal for online purchases.  Victims may become victims of this type of identity theft through either security weaknesses in their own devices or at websites where they shop.

TIPS

This year 55% of online shoppers used their smartphones and other portable devices to make their online purchases and while many people have security software installed and regularly updated on their computers, many people do not take the same type of precautions with their smartphones or other portable devices, leaving them in greater danger of being hacked.  The key is to protect all of your devices with security software and keep it updated to protect you from the latest strains of malware as well as to prevent the malware from ever being installed on your devices.  The best thing you can do to prevent the malware from becoming installed on your devices is to never click on links in emails or text messages unless you have absolutely confirmed that the communication and the link are genuine.  Clicking on tainted links in specifically tailored spear phishing emails and text messages are still the most common method that malware is spread.

It is also important when shopping online to use your credit card rather than your debit card.  The consumer protection laws are stronger in regard to credit cards than debit cards and the inconvenience of having your debit card hacked is much greater than the problems you encounter when your credit card is hacked.