about the data breach at Target, and subsequent data
breaches at other major retailers, are reminders that
theft can occur at any time and any place, and
information security experts say that itís also a good
time for people to review how secure they keep their
Target said malicious software took payment card
information at infected point-of-sale terminals at
checkout counters, but later the retailer said
information such as email addresses were also taken
during the breach, separately from the payment
the breach is investigated, consumers need to understand
what it means and how to protect themselves, said Neil
Chase, vice president of education at LifeLock, an
identity theft-protection firm.
that doesnít mean moving to a cabin in the woods with
no electricity or never shopping again, he said.
are a lot of ways to have information stolen, he said,
such as a credit card or debit card falling out of a
wallet and into the wrong hands; someone physically
stealing the card; or a person who goes through garbage
looking for statements.
Target breach also showed that shopping in person isnít
necessarily safer than online or by phone, he said, as
payment information goes through a number of hands, no
matter what the shopping method.
cards offer more protection. If a personís credit card
or debit card has fraudulent activity, their liability
is very low and may be zero, depending on the card.
Federal law says credit card holders wonít be
responsible for more than $50 in charges, but many
companies say they have a zero fraud guarantee, Chase
credit card or debit card companies will notify
cardholders if they see unusual activity and cancel the
card. If the person sees unusual activity on their card,
he or she should call the issuing company right away and
cancel the card themselves.
a credit card, the issuing company usually cancels the
charges and reissues the card, which is generally the
end of the problem, Chase said. With debit cards, itís
a slightly different story.
said federal law says a person doesnít have to pay if
thereís fraud or abuse on a debit card as long as the
cardholder quickly reports an unusual activity, so the
onus is on the cardholder to act fast.
Council of Better Business Bureaus said that because
debit cards donít offer the same protection as credit
cards, cardholders should vigilantly monitor their
accounts, especially since debit card transactions take
money straight from a bank account. Individuals who are
concerned that their data was compromised may want to
pre-emptively ask for new debit card or put a security
block on the account.
agreed, adding: "If someone misuses your debit card
Ö and if they take out as much as you had for the rent
or mortgage payment the day before the auto payment
comes out, yes, the bank will fix it eventually.
Meanwhile, your mortgage company or landlord is mad at
you and you start running into the late payments."
those who use debit cards to avoid racking up debt,
other payment options include using a prepaid card or
cash, but they also carry the risk of loss, he said.
a credit card or debit card is canceled, the next step
is to monitor credit reports, said Chase and Tony
Anscombe, senior security evangelist for AVG
Technologies, an Internet security provider.
can get a free report once a year from each of the
credit reporting agencies ó Equifax, Experian and
TransUnion. The credit reports will show whether new
lines of credit or loans were opened.
said customers affected by the Target breach can receive
free identity-theft protection services, and he urged
they take up Target on the offer. Identity theft
protection looks beyond just credit reports and sees if
a thief is building a new identity based on the personís
data. By piecing together information such as a
birthday, email addresses and so on, thieves can start
to get more aggressive and do greater damage, such as
creating fake IDs or perhaps using information for
medical treatment, he said.
Target is offering identity-theft protection, scammers
are trying to piggyback on the news by sending out fake
emails, known as phishing scams, the experts said.
will tell you that your card was compromised and suggest
actions to "fix" the problem, the Better
Business Bureau said.
of these emails will have deceptive links, or ask for a
Social Security number or other personal information.
Instead of clicking on the link or calling a phone
number in the email, Anscombe said to go the official
Target.com website and call the company if youíre not
sure if the email is legitimate.
are other simple steps to take to prevent identity
theft, Chase and Anscombe said. Leave the Social
Security card at home; have more than one email address
in case hackers get access to the primary email address;
and donít use the same password for all accounts.
Regarding passwords, add capitalization or punctuation
to make them harder to crack. If itís a password for a
bank account, make it as cryptic as possible. Donít
use common passwords like "123456" or
"password," they said.
Anscombe said, realize that personal data is important
and safeguard it. Question why someone needs it.
should value your information highly. If itís for a
loyalty card, do they need your phone number or birthday
so you can get $10?"