Target security breach: Bottom line is to cancel that card
DULUTH, Minn. — If you swiped any type of credit or debit card at a Target store from Nov. 27 to Sunday, close the card. That’s the advice Dale Lewis is telling customers at Duluth’s Park State Bank. The president and CEO says people shouldn’t take any chances on their financial identity being stolen now or into the future.
“The proper step to take is to close that card,” Lewis said.
Other banks are giving similar advice as they are flooded with phone calls from customers.
Target Corp. announced Thursday that as many as 40 million credit cards of all stripes are in jeopardy because of a security breach at point-of-sale registers in its stores. The company told its customers across the country that they should look over transactions made on their cards during the 19-day period and report any sales they didn’t initiate.
Target isn’t saying how the theft happened. Industry experts note that companies such as Target spend millions of dollars each year on credit card security, making a theft of this magnitude particularly alarming.
Avivah Litan, a security analyst with Gartner Research, says given all the security, she believes the breach may have been an inside job.
Litan says Target’s breach suggests that current security standards aren’t working.
“It’s really a wake-up call to the banking industry,” she said, “but they never seem to wake up.”
James Lyne, global head of security research for the computer security firm Sophos, says something clearly went wrong with Target’s security measures.
“Forty million cards stolen really shows a substantial security failure,” he said. “This shouldn’t have happened.”
While changing cards sounds drastic, taking a chance that your identity won’t be stolen is a bad bet, Lewis said.
“This is a major identity theft and it can take years to clear it up,” she said. Even though Target said it stopped whoever was hacking into its system from taking any more numbers, cardholders shouldn’t let their guard down, Lewis said.
“That information is definitely out there,” she said. “This is a serious breach.”
Rick Haney, the compliance officer at North Shore Bank of Commerce in Duluth, said Target already is releasing information to banks on who might have had numbers stolen. Customers need to see if they “recognize the transactions” made on their card. And if they can go without a card for a while, they should deactivate it and order a new one.
Haney said numbers that were stolen probably will be sold and buyers will make fake cards with the information.
“They’ll use it until they get stopped,” Haney said.
“This could be something that hits your card months from now, so you need to continue to be vigilant,” said Yaron Samid, chief executive officer of BillGuard, a company that offers a free service monitoring credit and debit cards for unusual activity.
Don’t look for crazy, big-ticket charges, Samid said.
Sophisticated hackers are more likely to make small purchases, sometimes aimed at checking the viability of an account.
“These folks are not going to put a $10,000 charge on one card,” Samid says. “They’re going to put a $1 charge on 10,000 cards.”
“If you discover any suspicious or unusual activity on your accounts or suspect fraud, be sure to report it immediately to your financial institutions,” the warning from Target read.
“Whether you are sure or unsure your financial information has been compromised, one of your first calls should be to your bank,” Eric Skrum of the Wisconsin Bankers Association said. “Your bank has a variety of resources available to customers that can help with situations like these. Their staff is knowledgeable and more than willing to help.”
The Federal Trade Commission or local law enforcement agencies are other places identity theft can be reported. The FTC can be called at 877-438-4338.
Park State Bank will remain vigilant in checking transactions against customer habits, Lewis said. The bank looks for purchases made out of state, out of the country and other abnormal patterns in spending, she said. The bank takes measures such as daily limits on a card.
“We’re just trying to protect customers’ accounts,” Lewis said. “We should all be diligent right now and into the future.”
“These are not nice people,” Haney said of those selling and using filched credit card numbers. “They’ll keep finding ways.”
The Associated Press and Reuters contributed to this report.