By Michelle Singletary
The Washington Post
— One of the best parts of my job is helping address readers' financial concerns. The data breach at Target had a lot of people really worried.
During my last online discussion of the year, a number of people were concerned that information on about 40 million credit and debit card accounts was accessed between Nov. 27 and Dec. 15. This included customer names, credit or debit card numbers, expiration dates and security codes. The data breach only affected in-store purchases, according to Target. Here are some of the readers' questions:
Q: How can the information about one credit card lead to identity theft?
Singletary: The Federal Trade Commission says identity theft is the No. 1 complaint it gets from consumers every year.
There are many forms of identity theft. If identity thieves have your personal information, they can access your bank account, buy a car, open utility or mobile phone accounts, get medical treatment using your health insurance or commit a crime. Identity thieves can use stolen debit or credit card information to create counterfeit cards or use the card information to make online purchases. Brian Krebs, who runs the KrebsOnSecurity website, has found credit and debit card accounts with stolen information from Target customers have already been selling on the black market from $20 to more than $100 per card. In a blog post, Krebs, a former Washington Post reporter, details how the cards were being sold. It's quite scary.
More than 12 million people were victims of identity fraud in the United States in 2012 and criminals stole nearly $21 billion, according to Javelin Strategy and Research, which tracks identity fraud trends. Here's something to consider. Javelin found that consumers who had their Social Security numbers compromised in a data breach were five times more likely to be fraud victims.
We become more aware of identity theft when big breaches are disclosed. But many people make it easy for the theft of their information by identity thieves. When I do seminars on identity theft, I ask participants: "What's in your wallet?" It never ceases to amaze me how much personal financial information people carry around. One time a mother pulled out of her purse her children's birth certificates, Social Security cards and passports. She had registered the kids at a new school a few months earlier and had forgotten to put the information back in her file folder at home. Many people had laminated Social Security cards in their wallets. Others had old mortgage bills with them. Information about your lenders can be used in security checks to verify your identity.
Q: It is time for the credit card companies to come up with something new to protect their customers. Short of millions of customers canceling their credit cards, what can we do to protect ourselves? Just because crooks have the information doesn't mean they will use it right away. It could be months before they use anyone's information, so checking now for activity could miss it.
Singletary: In its most recent identity theft report, Javelin said one in four people notified of a breach ended up becoming a fraud victim. So if you shopped at Target during the period its system was compromised, you need to take steps to protect yourself. If you see any unauthorized activity, contact your credit card company or your financial institution. In addition, contact the FTC at 877-438-4338. You can find information about other steps you can take at www.consumer.gov/idtheft.
Most importantly, you will need to monitor your credit reports from all three major credit bureaus -- Equifax, Experian and TransUnion. You should be checking your reports as a routine precaution. You can get free copies of your credit reports from www.annualcreditreport.com or by calling 877-322-8228. You are entitled to one free report from each bureau every 12 months. Additionally, identity theft victims are entitled to a free credit report from each of the credit bureaus. If you do become a victim or are worried about your information being stolen, you can place extended fraud alerts or credit freezes on your credit files. To find out more how each works, go to www.ftc.gov and click on the link for "Tips & Advice." Under the consumer section, you will find an identity fraud link, which includes information on placing both extended fraud alerts and credit freezes on your credit reports.
Every time we hear of one of these data breach cases, the companies involved tell their customers they deeply regret the inconvenience it may cause. They pledge to enhance their security procedures. But no matter how many firewalls are built to protect our information, the con artists and hackers are actively working to outsmart the companies that store consumer data.
Readers can write to Michelle Singletary c/o The Washington Post, 1150 15th St., N.W., Washington, D.C. 20071. Her email address is email@example.com. Follow her on Twitter (@SingletaryM) or Facebook (www.facebook.com/MichelleSingletary). Comments and questions are welcome, but due to the volume of mail, personal responses may not be possible. Please also note comments or questions may be used in a future column, with the writer's name, unless a specific request to do otherwise is indicated.