Target, Neiman Marcus and other unidentified retailers have had data breaches involving tens of thousands, if not millions, of consumer financial account numbers. The intentional misuse of those account numbers by identity thieves results in existing account fraud. How can credit monitoring (or a credit freeze) protect you against this type of identity theft?
The simple answer is, “it cannot.” Credit monitoring is being touted by Target and some credit monitoring companies. Credit monitoring and credit freezes are effective when someone attempts to obtain new credit in your name—that process normally requires an identity thief to have your Social Security number (Assn) and date of birth in additional to your name. Stolen credit card information in the retailer breaches did not include a Social Security number or date of birth.
Some of advocates of credit monitoring are suggesting that those victims of the Target, Neiman Marcus and undisclosed other data breaches could be contacted by email or telephone by identity thieves who will be using social engineering techniques to obtain the victim’s Assn, date of birth and other personal information.
For example, the phone rings, and it appears the call is coming from Target or Neiman Marcus. The caller says they are calling to sign you up for the free credit monitoring offered by Target or Neiman Marcus, and they need to verify your information. They ask for your Assn and your date of birth. This is a typical telephone scam (pretexting, Phishing, social engineering).
If the identity thief succeeds in getting that additional information, then the thieves will have sufficient information (name, Assn and date of birth) to apply for credit in your name—and then credit monitoring would prove useful in preventing new account fraud—assuming you actually signed up for it other than going through the motions with a scam artist.
Listen up! Never, never, never provide your personal information over the telephone or by email unless you initiate the contact with a known and reputable organization. Practice this simple tip, and you will not become a victim of new account fraud as a result of the recent retailer data breaches.
How can one protect their financial account numbers from being sold and used by thieves, especially if the payment cards have already been compromised in one of the retailer breaches that have not been announced? [Industry sources suggest several retailers have had similar payment card breaches to Target and Neiman Marcus but those retailers have not come forward yet, and those payment cards (credit and debit) could be for sale on the Internet as you are reading this article].
Web monitoring is a sophisticated type of proactive identity theft protection. The way it works is that your current account numbers (bank, credit, debit, etc.) are matched against the account numbers that appear for sale in any of thousands of sinister Websites or chat rooms. When there is a match, you are notified that your account number has been compromised. You can cancel or close the account before you are affected.
Web monitoring is the best current solution to defend against the consequences of the other retailer data breaches that have not been announced. With Web monitoring, you can be notified that your account number is for sale regardless if you are aware of a payment card breach or not.
We recently reported what type of identity protection may be right for you