The cyber thieves who broke into the computer systems of giant merchant Target Corp. timed their scam perfectly. Beginning just before the Black Friday shopping extravaganza and continuing through Dec. 15, they stole information from as many as 40 million credit and debit cards at the peak of the holiday selling season. Customer names, card numbers, expiration dates and card security codes were compromised.
Companies and government prosecutors will do what they can, but consumers will have to become more vigilant about watching for the handiwork of tech-savvy crooks. U.S. law protects consumers from most of the financial responsibility for fraudulent transactions, but there’s still some risk … and a lot of hassle.
It pays to regularly monitor your credit and debit accounts. Anyone who used plastic to shop at Target stores between Nov. 27 and Dec. 15 should make a special effort to search their records for unauthorized charges. It’s common for thieves to test stolen cards by first making small purchases, so watch for those. Immediately report unauthorized charges to the card issuer. If fraud is detected, the accounts involved will have to be closed and replaced.
You can sign up for online alerts or other card-monitoring services that many issuers offer to give customers immediate notice whenever a card is used. It’s a good idea to periodically change the PIN associated with cards (although Target said no PINs were accessed in its data breach). Watch out for scammers who pretend to be with Target or a card issuer: Don’t give out personal information over the phone or online without confirming who is on the receiving end.
Pain in the neck? You bet.
It is incredibly frustrating when criminals manage to stay a step ahead of sophisticated companies and their customers. Target and its corporate peers have plenty of motivation to continually upgrade their security safeguards — the retailer is feeling the heat from understandably anxious customers. Fraud-resistant cards equipped with smart chips instead of magnetic strips are starting to appear in the U.S. Yet these scams occur with disturbing frequency and, as in the Target case, on a mind-boggling scale.
It was good to see federal prosecutors bring charges this summer against a brazen ring of alleged foreign card thieves. Four Russian nationals and a Ukrainian were accused of stealing 160 million card numbers from more than a dozen companies, including 7-Eleven, JetBlue and J.C. Penney. Losses ran into hundreds of millions of dollars. One of the defendants was among those charged in a separate indictment with hacking into New York financial institutions, including the Nasdaq stock exchange.
The attackers used a sophisticated division of labor to hide their tracks, with no single person hosting a Web server, breaking into a site and fetching the valuable data. That decentralized style of operation is typical of Russian organized-crime syndicates, prosecutors allege. When an attack on the supermarket chain Hannaford was noticed, according to the indictment, one alleged accomplice in the case messaged a defendant to say that, “Hannaford will spend millions to upgrade their security!! lol.” The reply: “They would better pay us to not hack them again.”
It pays to watch your own accounts.