Credit card
Image via Wikipedia

Lisa Bertagnoli on Creditcards.com has produced a list of the 9 things you should do if your credit card is hacked/stolen/cloned or otherwise dealt with in a criminal fashion.

As a checklist it contains some excellent advice, not just for credit card security but for all your data.

1. Make sure there’s really been a breach. “When you get the scary communication, make sure it’s legitimate,” says Steven Weisman, a Boston-based attorney and author of “The Truth About Avoiding Scams.” “People get phony security notifications and that can turn into identity theft,” he says. His advice: Don’t trust email, the U.S. mail or even a phone call. Call your bank yourself to confirm a breach.

2. Find out exactly what information was stolen. “There’s a big difference between a credit card and checking account,” says Jeremy Miller, director of operations for Kroll’s Fraud Solutions, a division of Kroll Inc., a Nashville-based security company. With a credit card account, consumers are responsible (in most states) for only $50 of unauthorized charges. However, most banks will forgive that, particularly if the breach is their fault. “But a checking account is different — you might get your account cleaned out,” Miller says.3. Find out what your bank will do. In late June, thieves breached CitiGroup’s database, accessing 360,000 records and stealing a total of $2.7 million from 3,600 credit card holders. The bank agreed to compensate the cardholders. Other banks may offer a free credit monitoring service that alerts customers about activity over a certain dollar amount. Use them, advises Ed Bellis, CEO of HoneyApps, a Chicago-based data security firm.

3. Find out what your bank will do. In late June, thieves breached CitiGroup’s database, accessing 360,000 records and stealing a total of $2.7 million from 3,600 credit card holders. The bank agreed to compensate the cardholders. Other banks may offer a free credit monitoring service that alerts customers about activity over a certain dollar amount. Use them, advises Ed Bellis, CEO of HoneyApps, a Chicago-based data security firm.

“The best thing consumers can do is have alerts and triggers on their credit card and bank statements,” Ed Bellis says.

Such alerts will tip you off to fraudulent activity before it spins into major trouble. Keep in mind that the free alert offer will expire; find out when so you don’t end up paying an automatic monthly fee.

4. Cancel your cards. If the bank didn’t do so automatically after the breach, do it yourself. Cancel your credit cards and debit cards that were issued by the institution that suffered the breach. Be sure to notify companies that have your card on file for automatic monthly fees, say for website hosting or a newspaper subscription, that your card was cancelled.

5. Reset your passwords, and make them challenging. Weisman  says that “123456” and “password” are the most common passwords: Easy for good guys to remember, easy for bad guys to steal with.  Avoid choosing easily findable information, such as your birthday or street address. Choose something more obscure, and make the password a mix of letters and numbers. For extra security, create a different password for each account. Just make sure to write them down and store them in a safe place, such as a home lockbox.

6. Monitor credit card statements closely. Bellis says thieves love to test the viability of accounts with a small purchase, say a 99% iTunes download. Review every statement, each purchase, each charge,  to make sure you or a household member with access to your card made that purchase. If you see an unauthorized charge, report it to the card issuer immediately.

7. Pull your credit reports. Federal law requires the three main credit bureaus, TransUnion, Equifax and Experian, to give you a free credit report if your account information has been stolen. Review each report carefully for errors or fraudulent activity; if you find any, go to the reporting institution and fix them. If there’s a chance your Social Security number has been stolen, put a security freeze on your files. At minimum, issue a fraud alert, suggests Sheila Adkins, spokeswoman for the Council of Better Business Bureaus, Arlington, Va.

8. Beware of email asking for personal, financial or account information.

“Legitimate companies you rely on for your online shopping, financial needs and college tests will not request this information, they already have it,” Adkins says.

If you want to communicate with an online company, find its website and use that website’s contact information.

9. Tighten up your own security. This won’t keep your data safe if someone hacks into your some other company’s database, but it’s a smart move anyway. Update your home computer’s security. Don’t click on links sent by strangers; such links can contain invisible malware that will monitor your computers’ keystrokes and thus steal passwords. If you bank online, dedicate a browser to online banking, and use it for nothing else. “You have to have data and information discipline,” says Daniel Mohan, president and chief operating officer of ID Watchdog, a Denver-based data monitoring, detection and resolution firm.

The original article is here.

.

Advertisements