The massive Target credit card hack is going to create a mess for a lot of people, and there’s a good chance you might be one of them. But it’s important to keep things in perspective. Security is always balancing act — whether it’s your personal security, a bank’s security, or an airplane’s security. Sometimes, the cure is worse than the disease. Weigh the real risk that you’ll suffer from fraud against the risk that overreacting might make you miserable — and cost you money — during the next few days. As a Target customer, you should make some rational choices during the next few days. As is often the case, pausing for a moment to let the dust settle might be your best strategy right now.
DON’T: Cancel your credit card
For starters, I think it’s premature to insist on canceling your credit card. This is a terrible time of year to physically take delivery of a new card, especially if you are traveling, and to port over all of you automatic payments. Not to mention banks will be deluged with replacement requests, and it’s hard not to imagine they’ll be slower than usual. So if you call and cancel your card, it’s easy to imagine you’ll find yourself on an airplane without your card. I believe the risk is higher from the fees you’ll have to pay if you screw up an automatic payments than any liability you would have if your credit card is used fraudulently.
There’s something really strange about this heist which I hope will become a mitigating factor. The bad guys here stole a lot of cards very quickly, unlike the famous TJX theft, when millions of cards were stolen during several years. It’s not easy to turn millions of stolen credit cards into cash: criminals must use sophisticated networks of mules, sell and re-sell the cards in small batches, and spread the cards thinly around the world, all the while staying a step ahead of bank fraud systems and account watch lists. Because this happened to fast, and apparently was detected relatively quickly, I think fewer of the Target cards will ultimately be used for fraud than in other hacks. But right now, that’s just an educated guess. And I wouldn’t be surprised if some of those “facts” change as forensic investigators get inside Target’s systems.
DO: Go online right now and figure out what card or cards you’ve used at Target.
Scour your statements and see which of your accounts “touched” Targets systems. Even a single transaction is enough to “poison” the account. Then, just as a bank would, put those accounts on a personal watch list for extra vigilance.
DO: Check your online statements early and often.
Once you are sure which cards are “poisoned,” t’s not overkill to go online every two or three days for the next month and make sure there’s no fraud on the card. That’s a good idea this time of year anyway.
DON’T: Cancel your debit card
Canceling a debit card can be even worse than canceling a credit card; it might leave you without access to cash. This advice comes with caveats, however. If you bank at an institution that makes getting new debit cards very easy – some say they can do it in 5 minutes — that’s probably a good idea. Because when a criminal uses your debit card for fraud, the impact is much worse than a fraudulent credit card incident. With debit cards, your checking account will be missing money until you convince the bank to give it back. That could leave you without access to cash, or could lead to bounced checks. Remember, a criminal doesn’t need your debit card PIN to use the card as a credit card. Ultimately, consumers get their money back after debit card fraud, but the hassle factor is far higher. (And strictly speaking, the federal law that protects consumers affords less protection to debit transactions, though in reality most consumers won’t notice the difference).
DO: Stop using your debit card online.
Because of the above, debit cards should not be used online. That’s just asking for trouble. Can’t say it enough: limit the places you use your debit card for purchases.
DON’T: Stop shopping online.
That wouldn’t make any sense. In the case, it appears the data was stolen from retail stores. Plus, in reality, even if you only shop in the “real world,” retailers take all your data and put it online anyway. So there’s no way to avoid putting your credit card number at risk, other than simply paying cash all the time
CONSIDER: Putting a fraud alert or credit freeze on your credit report.
That would be an overreaction to this event – putting an alert or freeze on your account have any impact on a criminal trying to commit fraud with your credit card number, and as we know it now, there’s not enough data in the set that’s been stolen to open new accounts in your name or otherwise do anything that would impact your credit. However…your name, address, and accounts numbers are a pretty good start for a bad guy. And watching your credit report carefully is jut good digital hygiene.
DO: Look at your credit report at http://AnnualCreditReport.com. It’s free, and you should do that every 4 months anyway. But don’t bother doing it now. Wait a month or so, before any potential mischief might show up in the credit system.