For Target's Shoppers, a New Holiday To-Do List
As posted on December 19, 2013 on www.nytimes.com
By Elizabeth A. Harris
Target confirmed on Thursday that hackers gained access to credit card and debit card information for 40 million of its customers during the crush of the holiday shopping season. The company encouraged everyone who shopped in its United States stores from Nov. 27 through Dec. 15 to be vigilant about monitoring their accounts and their credit. Here are some tips on how to do so.
Q. If you shopped at Target during that period, what should you do now?
A. The first thing you should do is go online and check your credit card or bank statement. If everything looks fine, make a note to go back and check the statements again every few days.
If you see suspicious charges, contact your credit card company or your financial institution right away.
Q. What should you look for, and for how long?
A. With lots of extra purchases being made for the holidays, this can be a tricky time of year to remember what you bought, so it’s important to be extra vigilant.
According to John Ulzheimer, a consumer credit expert for Credit Sesame, the “smart fraudster” won’t go out and buy a dozen big-screen TVs. They will make small purchases, like something for $29, at an inconspicuous venue like a drugstore, to try to avoid any notice.
“What that does is it lets them know they’ve got a valid card that’s still in play, and then they can pepper you to death with it,” Mr. Ulzheimer said. “So even if it’s a small dollar amount, it doesn’t hurt to verify to make sure it was really you.”
A thief might also sit on the card information for a period of months, maybe even years, Mr. Ulzheimer said, waiting for an initial spurt of vigilance to subside, so it is important to pay attention in the long run.
Q. If a thief makes a purchase, will I be liable?
A. In most cases, federal law limits consumer liability to a maximum of $50 in the case of credit card fraud. The ceiling for debit card liability is higher, up to $500. Another concern, according to Beth Givens, director of the Privacy Rights Clearinghouse, is that if money is drained from a consumer’s bank account, it can take weeks for the victim to be made whole again. This can cause a great deal of strain for somebody without a financial cushion.
Q. Should I cancel my credit or debit card?
A. While Mr. Ulzheimer says that at this juncture, people do not need to cancel their cards, other experts disagree.
Eva Velasquez, chief executive of the Identity Theft Resource Center, a nonprofit that helps victims of identity theft, suggests that people who shopped at Target when the data was breached cancel their credit card and get a new one. If shoppers used a debit card, she said they should get a new card and change their PIN — PINs should be changed periodically anyway, so now is a good time to do it.
Q. How do I monitor for identify theft?
A. While experts emphasize that a data breach and identify theft are different, Ms. Velasquez says that the former can increase your chances of the latter.
You can receive a free annual credit report from each of the three major reporting bureaus at AnnualCreditReport.com. You can also add a 90-day fraud alert to your credit file so creditors will know to take extra precautions before approving any credit applications.
Often, Mr. Ulzheimer said, companies that have experienced similar breaches will buy credit monitoring services for affected customers. And people who think they may have been affected can also sign up for free credit monitoring.
The most aggressive thing you can do is put a freeze on your credit, which will make it impossible for anyone — including you — to open new lines of credit. But this can be inconvenient, Ms. Velasquez said, and is not always something that can be undone immediately.
Q. Is it safe to shop at Target now?
A. While Ms. Velasquez says that at this early stage, the answer to that question is a personal decision, others, like Mr. Ulzheimer, say it is perfectly safe to go ahead and do so. If you use cash, experts agree that the answer is yes.