If you shopped at a Target store between Thanksgiving and this Monday, using a credit or debit card for payment, your account information has been compromised. This morning, the popular discount retailer revealed that a data breach in their systems had compromised the security of some 40 million credit cards and debit cards that were used by customers over the last few weeks. Target is working with the Secret Service to investigate, and they're urging customers to watch their accounts closely.
The company admitted that card numbers, expiration dates, cardholder names, CVV security codes, and other information were stolen that could allow criminals to create counterfeit cards. Security experts anticipate that bogus cards (but with valid account information) will be "on the street" in the coming weeks, which could result in fraudulent charges on customers' accounts.
"If you used a credit card at Target in the past few weeks, don't panic," Warren Clark of the Better Business Bureau of Upstate New York tells us. He stresses that customers whose card numbers were stolen can expect to hear from their bank. Target, he says, "is working with banks and credit card issuers to alert them to which numbers were stolen."
"You are not liable for any fraudulent charges on your account," Mr. Clark says of credit card holders. Anyone who used a credit card or debit card to shop at Target within the last few weeks should monitor their accounts closely, checking activity online rather than waiting for monthly paper statements. If you discover a charge you don't recognize, call your card issuer immediately to report it. Banks can reverse the charge immediately, and issue a new card.
Customers who use debit cards, either with a Visa or MasterCard logo or using a PIN to access a checking account directly, should "pay very careful attention," the Better Business Bureau says, "as debit cards do not have the same protections as credit cards, and debit transactions withdraw funds directly from your bank account."
The BBB suggests that debit card users may even want to "pre-emptively request a new debit card or put a security block on your account," because of the weaker fraud protection these cards offer consumers.
This situation is still very young, and Target is working this week with security and forensics experts to consider what other measures they could take. Banks who learn of customer accounts that are known to have been compromised in the data breach may reach out to customers to offer a replacement card before any fraudulent uses can occur.
Target says the problem has been resolved, "so guests can shop with confidence," and no future card purchases will expose the customer to the same risk. Shoppers at Target.com or at Canadian stores weren't affected, just shoppers at U.S. stores. Also, if you paid with cash, a check, or a one-time-use gift card that's now used up, you don't need to worry.
If your bank or card issuer offers a replacement card, we suggest taking them up on the offer. It will be a minor inconvenience to update your card information with companies you buy from online, or vendors who bill you automatically each month, but it would be much more inconvenient to chase down fraudulent charges or, worse, identity theft that may result.
Target is encouraging consumers to take advantage of the one free credit report per year that each individual is entitled to request from each of the three major nationwide credit reporting agencies, under federal law. "If you discover information on your credit report arising from a fraudulent transaction, you should request that the credit reporting agency delete that information from your credit report file," the company says. We suggest spreading those requests out over the course of the year. "You may obtain a free copy of your credit report by going to www.AnnualCreditReport.com or by calling 877-322-8228."
If Target offers free credit report monitoring to affected customers, which businesses have been known to do in the event of security breaches, "take advantage of it," says the Better Business Bureau. Such monitoring services, which are usually offered for a fee, offer regular access to credit reports, alerts when credit scores change, and more.
Concerned consumers can also ask the credit reporting agencies to place a security freeze on their accounts. This would require an agency to contact you directly before releasing your credit report, which does provide an extra layer of security, but rules out the convenience of instant credit checks for store credit offers and the like.
The BBB also warns consumers to be aware in the coming weeks that scammers may try to take advantage of this highly public event and pretend to be from Target, from popular banks, or from credit card issuers, telling you that your card was compromised and suggesting actions to "fix" it. Scammers might send "phishing" e-mails with links that try to trick you into providing account info or passwords by masquerading as bank web sites. "Don’t click on any e-mail links or attachments unless you are absolutely certain the sender is authentic," says the BBB.
"The bad guys understand that the data is hot for a year or so," the Better Business Bureau adds. They suggest continuing to watch for two or more years, as crooks may delay using stolen card info until people let their guards down.