Since Dec. 19 the public has been given confusing and often times inaccurate information about the Target breach by well-meaning but uninformed media, Target executives and experts. Adding to the chaos was Target’s disastrous first notice that did not explain which CVV code was breached and then talked about identity theft and monitoring credit reports. On Dec. 21 more information was made available about the breach and Target started clarifying earlier announcements.
This article will address the major areas of confusion and public concern.
The three areas of most concern involve the security code on the back of the cards, fear that the stolen card information would be used for online purchases, and that true identity theft might occur. A recent email by Target to customers also has created alarm about scams.
First, there are several CVV or card validation codes. The one on the magnetic strip only confirms that the card is a valid card and not a mock-up card. The strip does not and did not have the 3-digit security code printed on the back of the card.
Unfortunately some security experts used by the media jumped to the wrong conclusions based on the inaccurate initial announcement. It has even caused confusion within the industry which resulted in the possibly inaccurate conclusion that this was an inside job.
Second, since the thieves do not have the security code or PINs they cannot use the card information for online purchases unless a merchant does not ask for that information.
The stolen information has to be embedded onto blank credit card stock and then used by a person to make a purchase. That is why the major card issuers and financial institutions are taking immediate action to identify the affected cards and to put a “stop usage” on each of them.
Third, true identity theft involves the use of a person’s Social Security number to open new accounts. Your Social Security number was not stolen and the thieves will not be able to access account information to find out about you.
Some experts and publications have suggested putting a security freeze on your credit. That does not need to be done. Only cards exposed due to the breach are at risk and you have two options. The first is to cancel the card but with just a few more shopping days until Christmas, many people don’t want to do that. Also, just because you shopped at Target doesn’t mean you are at risk.
The other option is to monitor your account online or when you get your bill. Go over every purchase, especially the smaller purchases. Sometimes thieves will make a small purchase to test a card before buying expensive merchandise. You will not be held responsible for any fraudulent purchases.
Adding to the panic are the emails Target is sending out. People who have received them thought they were being attacked by scammers. It is highly probably that scammers will take advantage of this breach and try to trick you into providing information that can be used for identity theft.
Target has confirmed on its website that no one from their company will ever ask for Social Security numbers, birth dates or security codes. Just hand up and notify Target.
Jay Foley of ID Theft Info Source warned about emails or calls from people claiming to be with your credit card company or bank. Again, no legitimate company will call and ask for personal information. These are scams and the best thing to do is hang up or use your "delete" key on the keypad.
As an identity theft expert who has followed breaches since 2000 and helped craft notification letters, Target's first announcement was one of the worst I have seen and the company created their own publicity nightmare. To my readers: I have carefully reviewed all information that has been made available and can reassure you that this is most accurate information as of Dec. 21.