October 15, 2014
Troy Wolverton: With breaches on the rise, time to protect your data
One of the things that has become crystal clear in recent months is that consumers’ personal information is at great risk of being stolen.
Security breaches at Target, JPMorgan Chase and Home Depot over the past year exposed the personal data or credit card numbers of tens of millions of people. Less well-known hacks potentially exposed millions more.
Last year, an estimated 700 million to 800 million personal records were exposed in data breaches, said Neal O’Farrell, a security and identity theft expert at Credit Sesame, which offers consumers credit-monitoring services.
“You have to assume now that you are constantly at risk,” said O’Farrell.
The dangers range from simple inconvenience — having to replace compromised credit cards, say — to major disruptions. The personal information being stolen can be used directly or indirectly to compromise bank accounts or steal users’ identities, potentially throwing their lives into chaos.
And that danger is on the rise. Among consumers who were notified that their information had been compromised in a data breach last year, more than 30 percent reported that they had also been the victims of identity fraud, according to a survey from Javelin Strategy & Research, a market research firm. That was up from around 11 percent in 2010.
“For a consumer it’s a bad position to be in,” said Al Pascual, senior analyst and director of fraud and security at Javelin.
Among the worst breaches are those that have compromised Social Security numbers, because they are attached to people for life and can be used to gain access to all kinds of records, including bank and health-care accounts. More than a third of the top 50 banks allow individuals to gain access to account information by providing a Social Security number, according to Javelin.
But even seemingly less-risky data such as a person’s name or email address can be dangerous when accessed by criminals, security experts say. Vast amounts of personal data are being exchanged online by criminal networks. That information can be compiled to create detailed profiles of individuals that can be used in sophisticated phishing attacks to compromise consumers’ financial accounts, their computers or their employer’s networks, experts say.
Say a criminal knows not only your name and address, but also that you have a mortgage account at a particular bank. An email they’d send you based on that information “becomes far more effective,” O’Farrell said. “It’s far more likely for you to believe it’s the real thing.”
Consumers do have some protections. Banks typically limit consumers’ responsibility for fraudulent charges and oftentimes swallow all the costs. In response to the Target breach, some credit card companies replaced customers’ cards. And many of the companies that have suffered data breaches have offered affected consumers free access to credit monitoring services.
But the protections are by no means complete. Banks typically will cover fraudulent charges only if customers alert them to the transactions fairly soon after they occur. They also may balk at covering such charges in certain cases or if they exceed a certain dollar amount, O’Farrell said.
That’s why experts argue that consumers need to be vigilant and take steps to protect themselves and their data. Among their recommendations:
–Keep a close eye on financial accounts. Scrutinize them for bogus charges. Even small sums of a $1 or so can be a red flag, an indication that a card has been compromised and fraudsters are testing to see if the account is active, say experts. Many banks now allow consumers to set up alerts sent to their mobile phones when particular kinds transactions or suspicious activity occur.
–Order and regularly check credit reports. You are entitled to a free report each year from each of the three major credit reporting firms. And you may be entitled to more additional free reports in certain circumstances. Such reports can tell if any new accounts have been opened in your name or alert you if people have checked your credit recently without your knowledge.
–Be on guard for phishing attacks. Think twice — or more — before clicking on links in emails or visiting sites you don’t recognize. Go directly to the Web pages of your financial institutions rather than clicking on an emailed link.
–Limit access to your personal information. Some businesses ask for Social Security numbers without really needing it; you can and should push back. By putting a credit freeze in place, you can block people for opening accounts in your name — although it may prove an inconvenience to you also. Services such as MaskMe generate one-time-use email addresses and credit card numbers that cloak your actual accounts. And new payment services promise to never transmit consumers’ actual account numbers.
“Consumers don’t want to hear about their own behavior, but they really do have to get paranoid,” O’Farrell said.
©2014 San Jose Mercury News (San Jose, Calif.)
Visit the San Jose Mercury News (San Jose, Calif.) at www.mercurynews.com
Distributed by MCT Information Services