Are you a data-breach dummy?
These days, it seems like you can’t go more than a month, if that, without hearing about a big data breach.
However, despite the onslaught of news regarding these infiltrations (or perhaps because of it), consumers appear to be suffering from breach fatigue. According to a recent report from credit bureau Experian, 32 percent of consumers will do nothing if a company notifies them of a breach.
“People are desensitized,” says Becky Frost, senior manager of consumer education for Experian’s ProtectMyID.
They either believe that breaches are inevitable and there is nothing they can do to stop one or that the negative consequences associated with one just won’t happen to them. They’re also confused about when they may (or may not) be protected.
Avoid the confusion and secure your identity by understanding these common data breach myths.
EMV chips are a cure-all
Financial institutions will start to aggressively roll out Europay, MasterCard and Visa, or EMV, chip-embedded credit and debit cards this year ahead of new network rules set to go into effect in October.
These cards — which, unlike traditional magnetic-stripe cards, contain a dynamic security code — are undoubtedly more secure. But don’t consider that little chip on your card a guard against all data breaches.
EMV “is not a panacea,” says Patrick Peterson of Agari, a data security technology provider. The chips guard primarily against counterfeiting; they’ll do little, if anything, to keep any personal information a company may have collected out of a hacker’s hand.
“They’re still able to get names, email addresses” or anything else on file if a database gets infiltrated, says Steve Weisman, a professor at Bentley University in Waltham, Massachusetts, and founder of Scamicide.com.
Plus, your payment information is going to be protected only if you actually swipe the chip — and not the magnetic stripe — at the point of sale.
As such, those with EMV chip-embedded credit cards still need to utilize best practices when they learn of a breach. Monitor financial statements for fraudulent charges and be particularly vigilant when shopping online, where the chip cannot be utilized, Peterson says.
Running debit as credit gives more protection
Credit cards generally have better fraud protections than debit cards, thanks to nuances in federal law. But don’t think you can fool the system.
Many merchants give you the option to run a debit card as a credit card at the cash register. But that won’t change the way the card is ultimately treated if fraudulent charges appear.
“The fact that you may, in some cases, select credit at the point of sale refers only to the means by which the transaction is authenticated, routed and processed,” says Jason Oxman, CEO of the Electronics Transactions Association. “Unless your bank has agreed to extend you credit through your debit card, pushing ‘credit’ doesn’t transform the card.”
However, pushing “credit” over “debit” allows you to sign for the transaction instead of entering your personal identification number, or PIN, which could preclude thieves from getting their hands on that valuable piece of information, should a skimming scheme be at play.
Data breach dates are set in stone
Companies often release a list of locations and dates a breach may have occurred following an infiltration. But don’t forgo proper precautions if you’ve shopped at an affected store outside of that window.
“Exposure dates (are) very loosey-goosey,” says John Buzzard, manager of product management and fraud operations at FICO.
Consider the massive Target data breach in December 2013. The company initially disclosed that 40 million credit card and debit card accounts had been accessed from Nov. 27 to Dec. 15. A few weeks later, it added that the names, addresses, phone numbers and emails of 70 million customers had also been compromised outside of that window.
“Sometimes when breaches are really new, something gets overlooked,” Buzzard says, so you’ll want to take all early information released by a compromised company “with a grain of salt.”
Be wary of quick announcements that say a breach has been removed or contained.
“In early stages we should consider those (statements) close to a myth,” Buzzard says. Continue to monitor financial accounts closely if you’ve shopped at an affected company around the time a breach occurred or if you shop at a retailer immediately following one. Reset email passwords if personal information was obtained.
Only retailers are targets
Big-box retailers, including Target, Home Depot and Staples, certainly generated some of the biggest headlines when it came to data breaches in 2013 and 2014. But they weren’t the only ones hit by hackers.
Health care providers, universities and even entertainment companies were big data breach targets. In 2014, hackers broke into the computer system of multistate hospital chain Community Health Systems and stole 4.5 million patients’ names, addresses and Social Security numbers. They also breached the Obamacare website HealthCare.gov, though no personal information was obtained.
Expect more of these infiltrations.
“Health care is going to continue to be a trend,” says Michael Bruemmer, vice president of Experian’s data breach resolution group. He predicts we’ll also see “more incidents with cloud providers” and third-party breaches of technology, particularly wearables that store a lot of household data.
As such, consumers need to be mindful of how much personal information they are storing and sharing, especially since fraudsters aren’t after only your payment information.
“We are seeing a lot more synthetic identity theft taking place because of big data,” Bruemmer says.
There’s nothing you can do to protect yourself
Given our increasingly data-driven society, it can be difficult to completely ensure your personal or payment information won’t fall into the wrong hands.
“You can move away from credit cards and carry a big wad of cash,” Peterson says, but that presents a host of other problems you’ll have to worry about.
But you certainly can — and should — take steps to lower the odds of having your data compromised.
“You absolutely need to be engaged in protecting yourself,” Frost says.
These steps include shredding financial statements, remaining vigilant while shopping online and regularly monitoring financial accounts for fraud.
You should also regularly check your credit report for suspicious activity. Unrecognizable line items, such as applications for loans you never filled out, are a sure sign that identity theft is occurring.
Be sure to lock smartphones and other devices. And don’t be afraid to get stingy with your personal information.
“Ask to use an alternate identifier,” Frost says, if an organization, such as a university or health care provider is asking for something particularly sensitive, like your Social Security number.