Credit card data breaches: How worried should you be?
Black Friday, Cyber Monday, holiday sales, and, finally, year-end sales — so many shopping opportunities!? It’s also a tempting time for cybercriminals who want your card data.
The answer lies on the magnetic strip, or magstripe, on the back of your card. The most common card breaches involve theft of information off the magstripe. Of course, if you’ve moved on to EMV chip cards, you’re a step ahead. More on that below.The actual data on your card
If you’re still using magstripe cards, you might be surprised to know that the information on the magstripe is fairly basic. But don’t let your guard down just yet.
Your name, card number, and the expiration date are visible on your credit or debit card. The magstripe will also contain these three pieces of information and, in some cases, the card’s security or CVV number that you use when making online or phone payments. The remainder of the magstripe information is there to enable payment processing, and isn’t personal.
Name, account number, and expiration date — that’s it. Detailed information such as your SSN, date of birth, and address are not on your payment cards.
The good news is that credit card breaches, while potentially costly for the companies involved, don’t open victims to rampant identity theft. Instead, cybercriminals who use stolen card information want a quick pay-off by selling the magstripe data to other criminals who either use it to make online or phone purchases or to create counterfeit cards to use in stores.
Once a victim reports the breach, the card number can be cancelled, and that stolen magstripe data is worthless. End of story.Steps for protecting credit card information
Which is not to say merchants, consumers, and financial institutions should not protect card data. That is what the EMV conversion is all about.
If you haven’t moved to EMV chip cards yet, here are some simple steps to help prevent your cards being compromised:1. Monitor your debit and credit cards. Go online and take a look at your bank and card accounts to make sure you recognize all the transactions. Take a close look at your statements to ensure all payments are legitimate.
2. When making online purchases from your computer or phone, make sure the web address starts with https:// rather than http://, as these sites are more secure.
3. Be wary of making online purchases on a public Wi-Fi connection, as they can be more easily hacked.
4. Shred bank and credit card statements and anything that has your card numbers or personal information on it.
5. If you ever fall victim to a data breach, call your bank or credit card issuer right away to report the incident. New EMV chip technology makes fraud more difficult
As I’ve mentioned in a previous post, many card issuers, including Bank of the West, have issued or are in the process of issuing new credit and debit cards to their customers. The new cards use EMV chip technology to reduce the chances of fraudsters stealing card information to create counterfeit cards.
However, the FTC has warned that scammers are emailing people, posing as a card issuer who needs their personal information in order to send out a new EMV chip card. They ask people to provide personal information or click on a link to continue the process.
Don’t do it! Don’t respond to this type of email, and don’t click on any links in this sort of email. There is no reason a card issuer would contact you before sending you a chip card.
Don’t help the scammers by giving away your personal information or enabling them to install malware that opens you up to identity theft.
Here’s a link to my earlier post about some steps you can take to protect your business from card fraud if you haven’t yet upgraded to the new EMV technology.
Finally, if you’d like to know more, go to Bank of the West’s Personal Security Center to find out more about protecting yourself from identity theft.