How banks and consumers protect themselves from credit card security breaches
By Jim Sloan
With more than six companies being victimized by cyber attacks in recent months, it may seem like hackers are enjoying free access to our credit cards and bank account numbers.
These security breaches, such as the one that compromised 200,000 Citigroup credit card customers and up to 100 million Sony Playstation customers, make many of us leery of doing any kind of online banking or shopping with valid credit card numbers.
But the truth is that there are many actions banks and companies are already doing to keep our valid credit card numbers safe. Consumers also have plenty of tools available to ensure that their accounts--from zero interest credit cards to 0 balance transfer credit cards--remain safe.
The size of the problem
Although the Citigroup hackers were able to get valid credit card numbers and contact information, the cyber crooks were not able to get those customers' Social Security numbers, birthdays and credit card security codes. That means the hackers won't be able to make direct charges.
The other good news for Citigroup customers is that the company was able to discover the breach fairly quickly--thanks to routine monitoring of its data network. That limited the breach to just 1 percent of Citi's 21 million credit card customers.
The fact that hackers were unable to get the three-digit CVV codes was another sign of strong security. According to the Associated Press, the bank doesn't allowed CVV codes to be stored on their credit cards' magnetic stripe, and merchants aren't allowed to store those codes after a transaction.
Two out of three banks in the U.S. have made encryption--a way to protect digital data--a top priority. Overall, it seems that banks and businesses see cyber security to be a high priority. AP also reported that a recent survey showed that the number of companies who say they aren't spending enough on security dropped from 56 percent in 2009 to 36 percent in 2010.
According to Reuters, the top 25 financial institutions in the U.S. use multiple levels of authentication for telephone banking and two-thirds employ secondary authentication for online banking.
What you can do to protect yourself
Consumers whose credit card information is breached often don't lose any money. They do, however, go through some inconvenience, including the trouble of updating their online accounts with new valid credit card numbers.
With that in mind, here are some steps you can take to protect yourself:
- Check your credit report regularly to make sure no one has opened new accounts in your name. You can get your free fico score or a free annual report from three sources--Experian, Equifax and TransUnion--at annualcreditreport.com. Stagger the reports from each source every four months to stay abreast.
- If an account of yours has been hacked, make sure to never again use the same user name and password. In general, toughen up your passwords; avoid using family names and predictable number sequences, and use special characters.
- Report any instance of identity theft on the federal security site onguardonline.gov.
- Don't respond to suspicious requests from your bank for additional information about yourself. This is likely a "phishing" attack and is the most likely outcome from a limited breach such as occurred at Citi.
Another way to protect yourself is to log in to your bank's website by entering the web address in your browser to ensure you're going to the bank's actual site and not a replica.
Using fraud protection while shopping
Banks and credit card companies have also started offering fraud protection services for consumers shopping online, including issuing fake credit card numbers linked to your credit card in order to protect your valid account.
An example is Bank of America's ShopSafe, which allows you to create a temporary card number each time you make an online purchase. The service is available to customers using the bank's online banking service. Discover Card also offers temporary card numbers so your real account number is not revealed during a transaction.