Credit, debit cards prime targets for identity theft
Nearly everyone uses them.
Whether we're going to the grocery store, the gas station or Walmart, we're more likely to whip out a debit or credit card than cash.
They're convenient, easy to use and accepted virtually everywhere. But as recent news reports have shown, they are also prime targets for identity theft.
And the fallout has been massive.
At least 110 million consumers were affected by the recent hacking of Target and Neiman Marcus.
And there's always a chance that millions more could have their identities stolen in the coming months due to security breaches at other stores, according to identity theft recovery expert Scott A. Merritt.
Merritt should know. His personal information was stolen in 2006 and the situation wasn't pretty. During the time he was disputing financial charges and dealing with business problems related to the ID theft, he was stopped for a traffic violation and arrested on a false, outstanding felony warrant.
"I had to enlist my U.S. congressman and convince the state police, the National Crime Information Center, the FBI and the Secret Service that I didn't commit the felonies," said Merritt, who authored the book ‘Identity Theft Do's and Don'ts.'
"For a few years, I had to prove that my (finger) prints did not match the false record in question. After legal action, however, I was able to have this corrected."
Merritt's situation shows how bad things can get when your personal information is stolen. And a growing number of Americans are at risk.
Identity theft is the fastest growing crime in the U.S., with more than 12 million victims each year, according to NextAdvisor, an independent research firm.
Javelin Strategy & Research's 2012-2017 Retail Point of Sale Forecast reveals that cash is no longer king. As of June 2012, debit cards were the most used in-store, point-of-sale method of payment.
Debit cards accounted for 31 percent of payments, followed closely by credit cards at 29 percent and cash at 27 percent. The remaining 13 percent paid with paper checks, pre-paid debit cards, gift cards and mobile phones.
"I think this Target thing will force new technology," said Phil Lempert, a Southland expert of consumer behavior and marketing trends. "Most of the European countries have microchips in the cards which adds another level of protection, but there are privacy and cost concerns here that have discouraged that."
Lempert said the increasing use of debit cards -- which immediately deduct funds from a user's bank account -- has allowed consumers to rein in their debt, despite the security concerns.
"That's the good news that we know," he said. "The problem is, without all of these advanced technologies we're always going to have these kinds of issues."
Pasadena resident Evelyn Allen has had her identity stolen two or three times.
"I had my debit card number stolen a couple of years ago," she said. "I had used it at an Arco station in West Covina, and then I noticed a new charge on my card of about $200 or more."
After talking to her coworkers, Allen discovered that they had also been hacked. And all of them had purchased gas at the same Arco station.
Those thefts were likely accomplished via a skimming device. Thieves often place them on card readers at gas station pumps to record credit and debit card information and PIN numbers. The devices blend in so well with ATMs and gas station card readers that the average consumer never notices them.
"You have a sense of violation just knowing that there are people out there who would want to take from you," Allen said. "But when I shop now I've changed how I use my debit card. I only use it where you just have to provide your Zip Code, so they are not able to get your PIN number."
Scores of other consumers have had their information stolen by hand-held skimming devices. It often occurs at restaurants or bars when a customer gives the waiter or waitress their credit card. When the employee disappears into the back to process the transaction they also swipe the card with their portable skimming device, which downloads all of the card's information.
Merritt said shoppers would be better off using pre-paid debit cards, which aren't directly linked to their checking accounts.
"The pre-paid cards are also reloadable," he said. "But regular debit cards are linked to your checking account. That opens you up to fraudulent activity on multiple levels because all of your information is on that magnetic strip on the back."
Merritt offers seven ways to guard against ID theft:
Most thefts occur in places where you do business every day. Either a place of business is robbed, a bad employee acts improperly or a hacker breaches the office through the computer.
Secure your wallet's information. Photocopy everything in your wallet: photos, credit cards (front and back), membership cards -- everything. Put the copies in the order the cards are arranged in your wallet, staple the pictures and place them in a strong box or safe.
Make sure your information is consistent. Discrepancies such as using your middle initial on some documents and not others, or having different addresses, can wreak havoc in proving your identity and can compromise your credit score.
Change your passwords at least twice a year on a non-scheduled basis -- don't be predictable.
While in the bank, keep account numbers and other data out of sight and avoid stating account numbers, Social Security numbers and similar information out loud.
Every time you speak to someone you do business with, write down the time, date, name and the purpose or outcome of the call. If an identity theft occurs on the vendor's end, you'll be able to reference those prior conversations effectively.
Don't carry around your birth certificate or Social Security card. If you know someone is going to need a copy of your tax returns or your driver's license, for example, make the copies ahead of time. This avoids the need for a firm's employee to leave the room with such information.
Teri Williams, president of OneUnited Bank, said customers who use pre-paid debit cards that were not issued by their bank often have a tougher time recovering funds that have been stolen.
"When you use a card that was issued through your bank you already have a relationship with that bank," she said. "So they would be more apt to alert you to problems and provide you with more and quicker information about the fact that your card has been compromised. Our concern is with individuals who don't have that kind of relationship."
Boston-based OneUnited operates nine banking branches, five of which are in the Los Angeles area.
"We had a couple hundred customers who were affected by this recent compromise with Target and Neiman Marcus," Williams said. "They were identified by the retailers and we are issuing new cards to those customers."
On Wednesday, Target spokeswoman Molly Snyder said the cyber criminals who breached its system used credentials they stole from one of the retailer's vendors.
"The ongoing forensic investigation has indicated that the intruder stole a vendor's credentials, which were used to access our system," Snyder said in a statement.
Williams said her bank has a variety of fraud-detection measures in place that are designed to protect customers.
"We monitor our customers' card usage on a day-to-day basis to see how they are being used," she said. "If there are anomalies we'll bring that person to the phone and alert them. There are things we do to ensure that the cards are in the hands of the actual holders."
Allen suffered a more recent ID theft when someone stole her Netflix information and used that to rent movies using her credit card number. Fortunately, her bank was quick to react and restore her funds in both that incident and when her debit card information number was stolen at the gas station.
"It was a hassle for sure, but the bank handled it very well," she said. "They deposited the funds back in my account within 24 hours. All I had to do was sign an affidavit to explain it."
TALK TO US
If you'd like to leave a comment (or a tip or a question) about this story with the editors, please email us. We also welcome letters to the editor for publication; you can do that by filling out our letters form and submitting it to the newsroom.