Just in time for the holiday season comes the enormous disclosure that 40 million credit and debit cards used at Target stores have had their magnetic information compromised, swiped by identity thieves who now have an enormous data load of personal information to play with.
NBC News on Thursday carried a few simple and common sense steps to take if you believe that your card was ripped off. Target confirmed that the breach occurred between the dates of Nov. 27 and Dec. 15, including the highly shopped Black Friday.
Target’s Chief Executive Officer Greg Steinhafel confirmed Thursday morning that the reports of the brazen data mining are indeed real.
In a statement, Steinhafel said: “Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue.”
At the heart of the theft is the absconding of all the tiny bits of information carried on a credit or debit card’s black magnetic stripe on the reverse of the card. The stripe is made up of tiny iron-based magnetic particles, each one only about 20 millionths of an inch long.
The information in these stripes in “written,” or magnetized, in a specific code which contains the carholder’s name, credit or debit number, and includes the all-important three-digit CVV number (Card Verification Value), which is layered in as an extra tier of protection and needed to complete almost all online sales.
What should you do if you used your card at a Target store during the dates above?
Consider canceling the card and reopening another one with a different number. This will render the card numbers that were thieved as meaningless, and no charges after the cancellation date will be allowed to process.
“If it was my debit card, I would probably cancel it,” said Avivah Litan, a fraud analyst at technology research company Gartner. “I don't like anyone going into my bank account.”
The hassle of fighting unexpected charges, fees, bounced checks, etc. is likely worse than the inconvenience of simply resetting your card’s numbers. Especially considering the theft of the card info can potentially be combined with other online data in order to perform far more ruinous misdeeds – opening credit lines, purchasing cell phones, taking out home loans, etc.
Another tip: Always use your debit card as “credit,” if given the option. At the very least, your PIN number will be protected during data breaches, and the thieves will not be able to turn your card into their personal piggy-bank by using it as an ATM withdrawal card.
NBC also recommends the following:
“Contact one of the three credit reporting agencies and put a security freeze on your credit report. That means no one can access your credit information without your prior written authorization. It can also mean a hold-up for you when trying to apply for a job, mortgage, or if you like to get a discount by opening an in-store credit card. A less drastic approach is a fraud alert, which will let the agencies know to give requests for your credit report information more scrutiny without outright stopping it.”
The three major credit reporting bureaus are Equifax.com (800) 525-6285, Experian.com (888) 397-3742, and Transunion.com (800) 680-7289. Consider requesting your free credit report as well at annualcreditreport.com.
Litan says the chances that your card will be used fraudulently among the millions that were hacked is only in the range of 1 in 100 to 1 in 500. “They steal a lot more of these cards than they can use,” said Litan.
Moving forward, Target says the issue was “identified and resolved.” For some, the financial nightmare may just be starting. Better to cancel the card now and reopen another.