Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

Citigroup

9 steps to take if your credit card data is hacked

Credit card
Image via Wikipedia

Lisa Bertagnoli on Creditcards.com has produced a list of the 9 things you should do if your credit card is hacked/stolen/cloned or otherwise dealt with in a criminal fashion.

As a checklist it contains some excellent advice, not just for credit card security but for all your data.

1. Make sure there’s really been a breach. “When you get the scary communication, make sure it’s legitimate,” says Steven Weisman, a Boston-based attorney and author of “The Truth About Avoiding Scams.” “People get phony security notifications and that can turn into identity theft,” he says. His advice: Don’t trust email, the U.S. mail or even a phone call. Call your bank yourself to confirm a breach.

2. Find out exactly what information was stolen. “There’s a big difference between a credit card and checking account,” says Jeremy Miller, director of operations for Kroll’s Fraud Solutions, a division of Kroll Inc., a Nashville-based security company. With a credit card account, consumers are responsible (in most states) for only $50 of unauthorized charges. However, most banks will forgive that, particularly if the breach is their fault. “But a checking account is different — you might get your account cleaned out,” Miller says.3. Find out what your bank will do. In late June, thieves breached CitiGroup’s database, accessing 360,000 records and stealing a total of $2.7 million from 3,600 credit card holders. The bank agreed to compensate the cardholders. Other banks may offer a free credit monitoring service that alerts customers about activity over a certain dollar amount. Use them, advises Ed Bellis, CEO of HoneyApps, a Chicago-based data security firm.

3. Find out what your bank will do. In late June, thieves breached CitiGroup’s database, accessing 360,000 records and stealing a total of $2.7 million from 3,600 credit card holders. The bank agreed to compensate the cardholders. Other banks may offer a free credit monitoring service that alerts customers about activity over a certain dollar amount. Use them, advises Ed Bellis, CEO of HoneyApps, a Chicago-based data security firm.

“The best thing consumers can do is have alerts and triggers on their credit card and bank statements,” Ed Bellis says.

Such alerts will tip you off to fraudulent activity before it spins into major trouble. Keep in mind that the free alert offer will expire; find out when so you don’t end up paying an automatic monthly fee.

4. Cancel your cards. If the bank didn’t do so automatically after the breach, do it yourself. Cancel your credit cards and debit cards that were issued by the institution that suffered the breach. Be sure to notify companies that have your card on file for automatic monthly fees, say for website hosting or a newspaper subscription, that your card was cancelled.

5. Reset your passwords, and make them challenging. Weisman  says that “123456” and “password” are the most common passwords: Easy for good guys to remember, easy for bad guys to steal with.  Avoid choosing easily findable information, such as your birthday or street address. Choose something more obscure, and make the password a mix of letters and numbers. For extra security, create a different password for each account. Just make sure to write them down and store them in a safe place, such as a home lockbox.

6. Monitor credit card statements closely. Bellis says thieves love to test the viability of accounts with a small purchase, say a 99% iTunes download. Review every statement, each purchase, each charge,  to make sure you or a household member with access to your card made that purchase. If you see an unauthorized charge, report it to the card issuer immediately.

7. Pull your credit reports. Federal law requires the three main credit bureaus, TransUnion, Equifax and Experian, to give you a free credit report if your account information has been stolen. Review each report carefully for errors or fraudulent activity; if you find any, go to the reporting institution and fix them. If there’s a chance your Social Security number has been stolen, put a security freeze on your files. At minimum, issue a fraud alert, suggests Sheila Adkins, spokeswoman for the Council of Better Business Bureaus, Arlington, Va.

8. Beware of email asking for personal, financial or account information.

“Legitimate companies you rely on for your online shopping, financial needs and college tests will not request this information, they already have it,” Adkins says.

If you want to communicate with an online company, find its website and use that website’s contact information.

9. Tighten up your own security. This won’t keep your data safe if someone hacks into your some other company’s database, but it’s a smart move anyway. Update your home computer’s security. Don’t click on links sent by strangers; such links can contain invisible malware that will monitor your computers’ keystrokes and thus steal passwords. If you bank online, dedicate a browser to online banking, and use it for nothing else. “You have to have data and information discipline,” says Daniel Mohan, president and chief operating officer of ID Watchdog, a Denver-based data monitoring, detection and resolution firm.

The original article is here.

.

Epsilon admits to a data breach that could affect millions

On the 1st April 2011 Epsilon reported on their website “On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.”

Whilst there is no immediate financial risk to those individuals who have had their name and email address stolen there is the risk of their information being used for Spam and phishing attacks.

Epsilon is one of the world’s largest “provider of multi-channel marketing services” and claims to have 2,500 clients, including 7 of the Fortune 10. These clients in the words of Epsilon “trust Epsilon to build and host their customer databases”.

It is believed that Best Buy, TiVo, Walgreens, Capital One, JP Morgan, Citigroup and Kroger are among the 2,500 clients of Epsilon who are likely to have been affected.

It is expected that Epsilon’s clients will issue warnings about the lose of data. This in itself will be part of the problem, because as businesses seek to protect their reputations they will become spammers by sending unwanted emails.

The there is the potential for the hackers to introduce phishing attacks disguised as the legitimate business trying to protect their brand, for example, “sorry we lost your information, can you please update your details here…”

Epsilon’s press release is here.

Blog at WordPress.com.

Up ↑

%d bloggers like this: