NEW YORK (MainStreet) It is on you. The slap in the consumer face - a wake up call - that came with the big Target and Nieman Marcus credit card data breaches, where tens of millions of customers had their information pilfered, is that self-defense starts with you.
And it ends with you.
You cannot rely on the credit card companies to protect you, and you certainly cannot rely on the merchants. Your financial well-being is entirely on you. You slide your credit card in good faith, you assume they will protect the data - which by law they are obligated to - and then you get a letter in the mail that says, oops, it appears your confidential information may have been stolen and that information could be used to manufacture bogus credit cards, with your info, and open new accounts, in your name!
When it is your money and your credit score that are at stake, you are the one with real skin in the game. Forget about the merchants and the banks. It's on you.
That is the take-away. The good news is that there are concrete steps that are easily taken that will let you sleep easier, knowing that your finances are not in ruin at the hands of a cyber criminal.
Here are the to-dos and never-dos:
- Set up activity alerts on your bank and credit card accounts. Almost all let customers set up free SMS alerts that will shoot TXT messages to you when charges are made over a trigger amount, checks over a trigger amount are cashed, or when balances reach certain levels. A criminal can empty your account in minutes. Checking activity once a month is so 1990.
- Up this ante by signing in and closely eyeballing activity on all key accounts at least once weekly, urged multiple experts. An aggregator - like Mint.com - may save a little time by pulling in data from various accounts. But, either way, check in regularly and if there's a worry, immediately send up a loud S.O.S. In financial fraud cases, delay can cost you dearly.
- Never use public WiFi for financially oriented online sessions. That means coffee shops, airport, hotel hotspots, urged Marilyn Prosch, a data privacy researcher at Arizona State University's W. P. Carey School of Business. Note: 4G cellular data (on your smartphone) is much safer, use it when in those locations.
- Use "virtual credit card numbers" - available on request from many financial institutions, these are disposable, onetime use numbers - "when dealing with online merchants for the first time," advised Joseph Steinberg, CEO of SecureMySocial. If that merchant is breached, it doesn't matter. The account info is worthless.
- Sign up for a credit report freeze with the big credit reporting agencies, suggested e-commerce expert Kee Nethery. What this means is that - without your explicit permission - the agencies cannot send out your credit info to anyone. That is a bullet to the head of identity theft fraudsters who want to use your info to open accounts you are unaware of. "It's fun to say 'yes' at the store when they want to give me a store credit card," Nethery added. "They take my details and then eventually tell me they cannot open a store card in my name. YES!!!"
- "Sign up for Credit Karma," urged Gregory Meyer, community relations manager at Meriwest Credit Union in San Jose. He added that CreditKarma.com will monitor your credit score and send you updates when there are changes. "But they do it for free," said Meyer. Other outfits charge $10 per month and higher.
- Use multi-factor authentication wherever available, urged Bill Rand, assistant professor of marketing and computer science in the University of Maryland's Robert H. Smith School of Business. Typically this involves "something you know" - a password - augmented by "something you have" (a cellphone, for instance, that receives a onetime use password via SMS). It's a bother, but the alternatives are much more bothersome.
Do all this and will you be safe? There are no promises, but know that the harder a target you make yourself, the likelier cyber criminals are to move on to other, softer targets.
--Written by Robert McGarvey for MainStreet