While consumers may not have direct control over huge credit and debit card information breaches - such the recent disclosure by U.S. authorities that hackers allegedly stole data linked to 130 million accounts from various companies - there are still some ways which people can take precautions.
A grand jury last week indicted three hackers that allegedly conspired to enter into computer networks supporting large retail and financial organizations, among them the Heartland Payment Systems Inc., 7-Eleven Inc, Hannaford Brothers Co. and two unidentified U.S. retailers. The alleged scam had been in the works since 2006 and took place in 2007, according to authorities.
International Business Times contacted online security consultant Tim Petersen of Safe Tested, a company which works with other online firms to test their websites for vulnerabilities and ensure privacy of personal information. He explained what the security breach could mean for consumers and some things they could do to avoid being a victim.
Below are excerpts of an interview edited for clarity.
Q: The average person looking at the report may think 'this is out of my control,' but could still wonder that 'my number could be in there' among all the stolen data. How should a person who doesn't know much about this situation react or what would be the best information to know?
A: Well, in relation to this particular incident, a lot of it happened a couple of years ago, going back as far as 2006 and 2007. So the news [last] week was pretty much only about the indictment, not about the actual crime. With this particular one, chances are if [a consumer] were to have trouble they would have had trouble already. That being said, in general, there are many instances where the average consumer, you're right, does not have any control. But there are a few things they do have some control over. One which I like to do myself and I tell people, especially when shopping online, is that a lot of places will give you the option to Store my credit card for future purposes. I never select that option. That is one thing that the average person has some control over. That's not a guarantee that the company will honor that choice but at least you've made your intentions known.
Q: What can people do with those stolen credit card numbers? Can they be distributed someplace else?
A: What generally happens is that the stolen numbers are resold, usually in lots of about 10,000 numbers and the price of those numbers for resale is pretty much a supply and demand type issue. So you can't really say there's a given spot price for those numbers but the person stealing them in general is not the person using them.
Q: Can somebody do a lot of damage with just a credit card number?
A: Well that is more of a case by case basis. What I have personally seen in the case of a stolen card, is that the card might be used for, a for instance, a one dollar charitable donation. If that succeeds, then it is used for whatever the thief wants. But a lot of time they'll do a small test transaction to see if what they've got is good and then they'll just go wild after that.
Q: Also looking into it, I found some banks have a limit on the amount you can actually lose as a customer.
A: According to law, as I understand it, you are limited to $50 in losses if you report it in a timely manner.
Q: Would there be any additional advice you would add that could help someone?
A: From a consumer perspective, I have one thing I want to add. You know when you hand your credit card to a person at a retail establishment, first you want to make sure that it's only swiped on the cash register. There have been numerous cases where the person might turn around or stoop down to look under the shelf presumably, and they're actually swiping the card somewhere else also. That is much more a case of dishonesty at the employee level than at the company, obviously. So, you want to make sure of that, and that's especially difficult in situations like restaurants where you may hand your card to a waiter, things like that. Fraud has occurred a lot in those types of scenarios.
The other scenario you really want to watch out for, is let's say you're walking up to an ATM or a vending machine like a movie rental vending machine that accepts credit cards. There have been quite a few cases of people placing what's known as a skimmer on the machine. Basically what that is, is in addition to the machine itself reading your card, this other little device that's added on also reads your card. And so if the machine you're going to looks unusual, if it doesn't look the same as the ATM down the street, be very careful about wiping your card through that machine.