Still confused about what the chip embedded in your credit and debit cards is all about?
Here’s what that security enhancement is supposed to protect against:
The Madison Square Garden Co. announced last week that between Nov. 9, 2015, and Oct. 24, 2016, criminals stole card data from consumers who swiped their credit or debit cards to purchase food, beverages or merchandise at five venues operated by the company. Those venues are Madison Square Garden, The Theater at Madison Square Garden, Radio City Music Hall and Beacon Theatre, all in New York, and The Chicago Theatre.
It’s worth reiterating: This was data stolen when cardholders swiped their cards, not when they dipped them. The company didn’t say whether their venues even accepted chip-enabled payments during the dates in which the breach occurred.
“Traditional magnetic-stripe payment cards are more susceptible to cloning than newer ‘chip cards’ that have been rolling out in the U.S. over the past year. It’s not clear if these MSG venues had been allowing customers with chip cards to dip them in payment terminals rather than swipe them.
“A spokeswoman declined to provide that information, choosing instead to elaborate on a part of the company’s statement that said, ‘Not all cards used during this timeframe were affected.'”
FREE TOOL: Check your credit report for signs of fraud today at myBankrate.
Stolen data included “credit card numbers, cardholder names, expiration dates and internal verification codes,” the company said in a statement. That’s enough information to be able to clone a credit or debit card.
Cards used on Madison Square Garden websites, the venues’ box offices or on Ticketmaster were not affected. The company did not say how many cardholders were victimized.
How the breach occurred
The card data was stolen via “external unauthorized access to MSG’s payment processing system,” according to the company statement. Someone or a group of people installed a malware program that extracted card data as it entered the company’s payment system for authorization.
MSG learned of the breach only after a number of banks noticed a pattern of card fraud that occurred after victims visited the venues.
How to protect yourself
Kurt Baumgartner, principal security researcher at security software firm Kaspersky Lab, called this type of breach “fairly preventable” if both chip-enabled cards (also known as EMV-enabled) and chip readers are in place.
“EMV is a real benefit to travelers, tourists and folks looking for a good show without the risk of easy credit card fraud,” Baumgartner said in a statement. “On the downside, even people with chipped cards need to review transactions in their accounts — unprotected, striped card readers were and are still in use.”
CARD SEARCH: Grab a great new rewards credit card in time for the holidays.
You can review transactions on your monthly statement or you can set up an alert through your card issuer’s app to notify you anytime your card is used. This way you can catch fraud immediately.
Since this was an internal breach, it doesn’t appear there is anything cardholders could have done to prevent their data from being stolen.
If you find signs of fraud on your credit or debit card, report it to your issuer immediately. While federal law favors credit cards a bit more than debit cards, if you report the fraud as soon as you discover it, you likely will not be held liable for any losses.