Pardon us for sounding all doom and gloom, but a seemingly never-ending number of breaches and incidents proves that your sensitive financial and personal data isn’t necessarily safe. Look at some recent stats. Fast-food restaurant Wendy's was hit by a massive malware-based credit and debit card breach in 2016 that leaked customer payment information at more than 1,000 different locations. The Home Depot data breach back in 2014 affected some 56 million credit and debit cards. The well-known Target breach from 2013 affected more than 40 million consumers, and if you want to see the many other breaches – some even larger – in a depressing, graphic format, take a look at this chart.
Why do cyber thieves take the time to wreck havoc in such large proportions? Because it pays. On the black market, your credit card information is worth anywhere between five to 110 dollars, according to credit reporting agency Experian.
Data breaches are certainly part of life, and you need to know how to protect yourself. Since hackers are going after the companies that hold your information, it’s hard to stop them from getting it. All the same, you can take a number of steps to minimize the damage.
Even if you haven't been hacked yet, many of the seven moves described below can make your information less easy to find and less usable if you are caught up in a breach.
1. Get a Replacement Card
If you've been told you're in a data breach, don’t ask…tell the company that you either get a new card or close the account. You’re not likely to get any pushback from the already embarrassed company. If you do, don’t back down.
2. Check Your Account Online
Don’t wait to check it when the statement arrives — check today. Keep checking daily for at least 30 days after your new card arrives. If you find a suspicious charge, dispute it immediately.
3. Freeze Your Credit
If you are caught up in a data breach, call each of the three main credit bureaus and request that your credit report be frozen. Freezing doesn’t allow anybody to access your credit report without your approval. Creditors probably won’t approve an application without having access to the person’s credit report.
If you're deeply worried about potential breaches, you can also freeze your accounts proactively — you don't have to be a fraud victim. However, this step makes getting any kind of credit exceedingly cumbersome for you and and the potential lender, so you may want to think twice about taking it.
4. Order Your Credit Reports
You get one free credit report per year from each credit reporting company by law, but you’ll probably be eligible for more frequent free reports if you were already a victim of fraud. Even if you haven't been targeted yet, be proactive and take a look at your free reports. Ideally, you can order one every four months by staggering the requests across the three main credit reporting agencies, so you can be better covered across the entire year.
5. Watch for Phishing Scams
Just because thieves have your credit card number doesn’t mean they also have the expiration date and the three- or four-digit CVV number. Beware of phishing, a scam where the thief might send an e-mail or call in an attempt to gain the rest of the information. Don’t give your information to anybody unless you call them. If somebody leaves a message, go to the company’s website and find a contact number to make sure it matches what the person in the message provided. For even more security, call the company directly and make sure the person who called you is legitimate.
6. Don’t Sign Up for High-Priced Fraud Protection
In the panic of the moment, you might be tempted to shell out hundreds of dollars per year for credit monitoring services. Don’t do it. By closely reviewing the information you get free of charge, you can monitor your own accounts. If a company provides the information to you free of charge, make sure to cancel the service before the renewal date.
(For more, check out Identity Theft Protection Services: Worth Having?)
7. Be Smart About Passwords
You aren’t going to prevent a breach by employing all of the password rules, but you don’t know what kind of information thieves were about to steal. Use strong passwords (those random letters and numbers) and change them frequently. Remember, if it’s easy for you to remember, it's probably easy for a savvy cyberthief to crack.
You may also want to take advantage of additional digital security measures such as two-factor authentication that deliver a special one-time code to a trusted device, such as a mobile phone. This provides a secondary layer of protection that requires physical possession of your device before allowing an unknown sign-in to your accounts. Newer types of authentication such as Face ID and Touch ID on iPhones are slowly replacing passwords as a legitimate means to grant a person access to sensitive financial information.
The Bottom Line
If you haven't been a victim yet, act proactively to make yourself less vulnerable. If you have, don’t panic. It’s going to take time to clear everything up, but you won’t pay for any charges that weren’t yours. Call your credit card company, tell them about any incorrect charges and be patient as it works to clear them from your account.
In the meantime, continue monitoring your credit report and credit card bills for any further signs of unauthorized activity.
(For more information, see Credit Card Breaches: How to Stay Safe.)