3 steps to take if your credit information is stolen in a data breach
Over the past week, three major data breaches have impacted the personal information of tens of millions of people around the world, some of which saw payment data stolen or compromised.
Since Friday, MyFitnessPal has warned customers that 150 million accounts had been breached; Saks Fifth Avenue and Lord & Taylor revealed that the financial information of five million customers had been hacked; and Panera Bread revealed that up to 37 million customers may have had their accounts and credit card numbers stolen.
WATCH: Massive data breach at Saks, Lord & Taylor stores
While it’s getting harder and harder to keep up with data breaches, experts advise consumers to quickly identify whether their financial data has been compromised, and subsequently take steps to protect their credit.
1. Have I been breached?
If you wake up to the news that your favourite retailer or coffee shop has experienced a data breach, the first thing you should do is check your credit card statements for suspicious purchases, said Symantec Canada’s general manager Ajay Sood.
“Obviously the first thing you should do is check your credit card statements,” Sood said. “It sounds like the obvious approach, but you should look for suspicious transactions.”
WATCH: Should companies be penalized for data breaches?
Sood explained that it’s important to look for anomalous purchases — things you don’t remember buying. Furthermore, these may not always take the form of large, obviously-fraudulent payments. Those concerned about breaches should also examine their statements for small, repetitive transactions as well.
“They will siphon off $5 or $10 at a time. They’ll try to cut off thin pieces for a while before they take a big bite out of the victim,” Sood said.
In addition, if you’re concerned about a particular data breach, pay attention to notices from the company that state when the initial hack took place. In the case of Saks Fifth Avenue/Lord & Taylor, for example, the breach dates back approximately a year.
Customers of that retailer should go through their credit card statements back to the date of the initial hack to ensure they don’t miss any nefarious activity. Experts warn consumers not to ignore smaller purchases they don’t recognize.
While it may seem insignificant, “in reality, it’s go-time for fraudsters,” explains Paige Hanson, identity education lead for Symantec. Oftentimes, she said, these purchases indicate that the hacker is testing the waters to make sure the card works — and that the cardholder isn’t watching — before making any major purchases.
2. What do I do now?
So you’ve gone through your credit card statements, and you’ve noticed several payments that don’t add up. What do you do? That depends on how you made those payments.
Immediately report any suspicious activity on your account to your bank or credit provider. If these purchases were made on your credit card within the past 60 days, credit companies and banks will often reimburse you for the payments with little difficulty.
WATCH: Hudson’s Bay Company says Saks 5th Avenue, Lord & Taylor stores affected by data breach
However, if these payments were made on your debit card, consumers are required to report the missing funds to their bank, which will then need to conduct an investigation into the issue before restoring the funds.
Sood adds that at this point, it’s crucial to change your credit card number and your pin number. Furthermore, it’s prudent to change the passwords for your banking accounts and financial accounts as well.
3. Can I prevent this?
While there isn’t a long list of things consumers can do to actively avoid credit card breaches, experts do recommend taking certain precautions to lower the possibility.
Firstly, Hanson urged consumers to talk with their bank about placing an account threshold on their banking account, which will alert users if purchases over a preset amount are made on the account, and if any suspicious activity occurs as well.
She also advised against setting up automatic payments on credit card bills, as they make it easier for consumers to go months without looking at their statements, thus increasing their chances of missing a breach.
WATCH: Bell data breach lost personal data for 100,000 customers
Furthermore, Sood recommends that users keep a close watch on their credit card statements “the way you’d keep an eye on your cash,” and to try to do business only with trustworthy retailers.
Lastly, both Sood and Hanson agree that mobile payments are oftentimes more secure than physical credit card payments because the transaction is always encrypted, and will usually involve multiple steps of authentication (for example, Apple Pay encrypts payment data, and requires two-factor identification).
© 2018 Global News, a division of Corus Entertainment Inc.