By Linda Stern
WASHINGTON (Reuters) - By now you know that 40 million credit card
account numbers are flying around the underground economy.
They were set free when hackers implanted a virus in the computers
operated by CardSystems, a Tucson-based credit card processing firm,
and they were actually let loose way before consumers were let in on
the breach recently.
It was the latest in a series of security flubs from companies
including ChoicePoint, which collects and supplies financial data, DSW
Shoe Warehouse and others. It revealed that consumers could not only
lose their financial identities, they could be in the dark about it.
It took almost a month from the time CardSystems said they discovered
the breach until the public was made aware. Somebody could be using
your credit card right now, and how would you know it?
"This news is just the tip of the iceberg," said Beth Givens, director
of the Privacy Rights Clearinghouse, a California-based consumer
information and advocacy organization.
Yet Givens and others do not believe consumers should panic. Instead,
they should seek to maintain that careful balance between recognizing
the possibility of identity theft without overreacting and denying
themselves the convenience of credit card shopping.
"Consumers should not at this time be canceling card accounts as a
preventive measure," said Givens.
Here's how to protect yourself without going back to a cash-only
-- Don't panic and don't stop using your credit card or shopping
online. Credit cards come with two levels of protection: Federal law
prohibits consumers from losing more than $50 to theft or fraud, and
the card issuers step in and cover that $50. If your card number does
get stolen, you won't be out any money. Your issuer can give you a new
-- Don't wait to get your statement to see if your card is being
used. If you haven't already set your credit card accounts up for
online and phone access, do so. Then you can go online between
statement dates and check to make sure nobody else is posting charges
to your account.
-- Look for small, inconsequential charges. Most credit card thieves
test the card with a small purchase to see if it works.
-- Control your own paperwork. Most credit card thefts do not occur
when techies figure out how to hack your card company. They occur when
retail employees or shoppers pull carbons out of trash cans or find
payment stubs and the like. Keep control of your receipts and keep
control of your cards.
If you lose the actual plastic card, check to make sure that you
aren't being charged for gasoline you didn't buy. Many card thieves
make their first purchase a pay-at-the-pump gasoline buy; that way if
the card gets rejected they can hop in their car and leave without
talking to a cashier.
-- Consider giving up your debit card. Those debit cards which look
like VISAs and MasterCards and do not require a pin number, can be
dangerous. That's because they draw directly from your checking
account. And while the banks that issue them tend to guarantee that
they will indemnify you from fraud and will replace any lost money
within hours, it can still take some time to clear up the
account. While it does, you can be bouncing rent checks, car payments
and anything else that comes out of your checking account.
"I've talked to people where the institution doesn't believe them and
the funds take a month," says Givens. "Frankly, I don't advise using
If you have good credit and financial discipline, you can just use a
credit card for your everyday purchases and then pay that off once a
month from your checking account.
-- Check your credit report. Unless you live in the Northeast, you can
already get one free credit report a year. On September 1, even
Northeasterners will be eligible. Find it at
http://www.annualcreditreport.com. If someone has used your card, it
might show up in extra inquiries or mistakes in your credit report.
-- Read your mail. At least one California lawyer, Ira Rothken, is
trying to make a class-action suit out of the recent security
breach. If you are a member of a class that has been wronged, you
should receive notification. Even if you're not in a position to join
a suit, you might get notification from your bank about security
breaches or new procedures.
Linda Stern is a freelance writer. Any opinions in the column are
solely those of Ms. Stern. You can e-mail her at email@example.com
Copyright 2005 Reuters Limited.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new