PCI-DSS News
Target Breach Impacting 70 Million Consumers and the new Nieman Marcus breach brings Card Security Front and Center - How to Protect Yourself
CREDIT CARD SAFETY 101. As a compliance professional who has worked extensively on implementing PCI-DSS protocols, this series of announcements caused shivers to run down my spine. Even more importantly, the sheer magnitude of this breach on 70 million consumers for Target and now the Neiman Marcus news - plus two more "as of today un-named retailers" could be staggering. You can read about the Target breach article here or yesterday's Neiman Marcus beach announcement here.
While Visa, MasterCard, AmEx and others work with banks and merchants to safeguard protected card data, the bad guys continue to devise more ingenious ways to hack networks, "sneak" data with hidden card readers, take advantage of areas where merchants may be a little lax in their security protocols, or simply prey on vulnerable consumers using pfishing techniques, phone scams and fear.
Here are a few simple steps you can take to protect your card information, your identity and your peace of mind:
1) PHONE/E-Mail: Do not give your card information or sensitive personal data over the phone if a stranger calls you or respond to an e-mail saying there is a problem with your account - your bank or credit card company will NEVER call or e-mail and ask for this information - EVER. Also be careful with passwords. When in doubt, call the customer service number on the back of your card. They will confirm if you have been the target of a pfishing scam. Scammers will use instances like the Target breach to pounce while confusion is high.
2) ONLINE: If shopping online, make sure the site has a certified, secure shopping area. Look for the SSL certificates before entering any card data.
3) PUBLIC Wi-Fi: If possible, only shop online from a secure network. Think twice before shopping online when in public places such as coffee shops and restaurants where you are using wi-fi networks.
4) GAS KIOSKS/ATMS: Be watchful for unusual devices near card slots at gas station payment kiosks, ATMs or other such areas. These are called card skimmers and can log your card information in a single swipe. Read here to understand more about protecting yourself from credit card theft.
5) DINING/SOCIAL: A new concept which is gaining traction is the use of table-top ordering systems at restaurants. In these instances, you can order your meal and also pay for it without your card leaving your possession. You can always ask to pay your bill in person or where the card stays in your sight. Applebee's just recently announced their launch of these new devices. Stay tuned......
You should review your card activity on a regular basis - even between statements of you have online access. Look at the transactions carefully - thieves may start out charging small amounts to see if the item is disputed or not. If you suspect that your card data has been compromised or see fraudulent charges listed, contact your card carrier or bank immediately. Although it will take some effort and hassle, sometimes requesting a new card is the best solution.
While these steps would not prevent the system breach that occurred at Target, they can help minimize other, individual attempts to steal your data. Remember, if it doesn't feel right, it probably isn't. A little caution can save you untold hours or days of headache later.
For more information, check out my blog on PCI-DSS "What's in YOUR Wallet" here.