In the latest hack attack, which was revealed Friday, third-party credit card processor Global Payments (GPN) said that it believes up to 1.5 million credit cards issued in North America may have been compromised, with security thieves potentially stealing "Track 2" information such as the account numbers, expiration dates, and three-digit PINs on the back of customers' cards. Cardholders' names, addresses, and Social Security numbers, however, weren't pilfered, the company says.
While the scope of the Global Payments attack was not as wide as Sony's PlayStation Network attack last year that affected approximately 77 million account holders, or TJX Cos. massive data breach of 2005 and 2006 that affected upward of 100 million credit and debit card accounts, consumers would be wise to take security steps now, even if their card-issuing bank hasn't sent a notice that they were potentially among the Visa or MasterCard accounts that were hit, say security experts.
Before the Letter Arrives
Consumers who access their accounts online should be checking the transaction history of their bank-issued credit cards daily, says Julie McNelley, retail banking research director for Aite Group.
That way, you can catch any unauthorized transactions on the credit card quickly and give the bank a heads-up. (Banks will investigate and reimburse customers for unauthorized transactions on their credit card accounts.) "Consumers should be checking their accounts all the time, anyways, even when there isn't a security breach" in the news, she says.
And for plastic-using consumers who don't haven't set up online access to their card accounts, McNelley highly recommends they consider signing up -- pronto.
After the 'You've Been Comprised' Letter Is Sent
Once the dreaded letter arrives that your credit card account may have been compromised, be prepared: In some states, your bank will block the account and reissue a new credit card and number.
"Usually smaller banks will do this, too, because they don't have the same level of analysts as the big banks do to keep an eye on potential fraud from the attack," McNelley says.
In some cases, state laws or a bank's own internal policy will call for providing free credit reports to help consumers monitor any illicit or unauthorized activity that crops up with the consumer's pilfered personal information. "Those services are useful, but they shouldn't be viewed as a silver bullet," McNelley warns. "There is always a lag in the data."
For example, thieves who have stolen a consumer's name, address and Social Security number may try to open a new credit card account with the information. But it will take some time before the additional credit card pops up on the credit report that the consumer receives.
Preventive steps: Credit or debit?
When given a choice between paying with a credit card or debit card at an unattended point-of-service machine such as a gas pump or video rental kiosk box, always go for the credit card.
Data theives have been known to station miniature cameras in strategic locations to catch images of people entering their debit card PIN numbers into point-of-sale machines. If they place a skimming machine over the real card reader, they can pilfer the account data from the debit card's magnetic strip too. Between those two methods, McNelley warns, they have all the data they need.
"If you use a debit card, they can withdraw the funds immediately from your bank account and you'll be out of those funds until the bank investigates and puts the money back in," he explains.
Motley Fool contributor Dawn Kawamoto does not own any stocks in the companies mentioned. The Motley Fool owns shares of MasterCard. Motley Fool newsletter services have recommended buying shares of Visa.