As you probably know, Target suffered a major security breach which affected millions of personal credit card accounts. This hacking scheme was not your normal card reader / swipe scam where the bad guys would fix a thin pad on top of an ATM’s key pad, and capture both the credit card number as it swiped in and out through the pad’s card slot plus the PIN as it was punched in on the keypad. Those numbers allow you to create dummy cards from “blank” cards with magnetic strips on them that can be used in ATM’s or online to withdraw cash in exactly the same way a real card works.
The swipe pad only works on the card reader it is installed on. The Target breach affected every in-store card reader in the entire Target Point of Sale network. That means something (a piece of hardware or software – Malware) was installed behind the readers on the network. In this case I am willing to think it was malware. Most malware enters a network via a phishing scheme when a user receives an email with a malicious hyperlink or attachment. It is possible that someone could have purposely sabotaged the network by installing a piece of hardware or directly installing a malware program and but chances are it is a result of a phishing scam. It is one of the most common hacking attacks used by the bad guys. With the phishing scam, a user is tricked into clicking on a link or attachment thinking it is a legitimate request but instead gets infected with a malicious code. In this case, the code intercepted all in-store credit card transactions along with the pin codes.
Target is doing the best it can, the best any company can, by first removing the malware then notifying affected users and providing a course of action (calling the number on your card and monitoring your bank statements).
But, you can and should do more than just monitor.
If the breach is as wide spread and comprehensive as they think it could be, then the bad guys are sitting on nearly 40 million credit card transactions with card numbers and pin codes. They can use or sell this information anytime they wish.
In my mind, monitoring is not good enough. It does not stop fraud. It does not prevent potential damage to your credit rating. It only helps catch it after it happens.
If you think about your credit / debit card as any other online account you have – and you should – you will realize that it has both an account ID and a security password. If you ask any computer techie out there, they will say it is a good practice to change your password on a regular basis. With credit/debit cards there is an account number and a pass-code. Either the security code on the back of the credit card or in the case of a debit card the PIN code you enter every time you use it.
Hopefully if you use a Target Red Card, you signed up for using the debit option and not the credit card option.
Here is why.
Both options, because both credit cards and debit cards use the same banking and credit systems put in place by companies and regulated by the government. Both have the same level of “protection” to the consumer for fraud and illegal use. So the “insurance” is basically the same for either. It is essentially an industry standard. The trick is to catch the illegal use in a timely manner.
This is why Target is providing this consumer information and protection to it’s customers.
But, the main difference between the two is that credit cards encourage you to carry your balance for convenience and to buy more than you can afford. This is dangerous to not only your financial well being but to your credit score because in the end you end up paying more for the same items and you run the risk of not being able to get out of debt. Of course credit card companies and retail stores don’t mind that you end up giving them more money for the same items month after month after month. That is not fraud, just recurring profit.
With debit cards the charge is automatically taken out of your bank account. You don’t pay interest and don’t carry a monthly balance. This means that any charges are instantaneously transferred to both the good guys (retailers) and to the bad guys. But, remember the little bit about consumer protection? If spotted and reported quickly, you are covered. That is why it is good to regularly monitor all your financial accounts.
It is also why it is a good idea to regularly change your password on these accounts just like you are recommended to do with computer and online accounts. In this case, the password is your PIN code.
There are basically two ways to do this.
Go to the issuing bank or financial institution you got the card from and ask to change your pin code. You can physically go to your local bank and do this or you can cancel your card and ask – reapply – for a new one and use an entirely different card and PIN code.
With debit cards, this is easy.
With credit cards, this can be difficult. Most times with credit cards, to actually close and open a new line of credit, banks and stores ask you to pay off the remaining balance on the first account.
With debit cards, there is no balance to pay off. No bill to pay or wait for.
So, here is my recommendation to anybody regardless if they shopped at Target or not. Try to get into the habit of using only debit cards. Try to also get in the habit of changing your PIN code once a year. With the coming new year, this makes it a convenient reminder to start over, to renew you accounts with a new PIN code.
It makes for a great and easy new years resolution.
Fumbled Returns 