Another week brought another massive data breach. Three weeks ago, hackers got into Home Depot main computer and managed to steal information on 56 million credit cards. That was just the latest – but also one of the biggest, breaking the Target data breach of 40 million earlier this year. To paraphrase a quote from the FBI: It’s like having 15,000 bank robberies that can be done from someone’s basement. Plus, it’s a lot more lucrative, and the odds of getting caught or prosecuted are minute.
The crooks installed malware into the Home Depot system and were then able to download all the history of credit cards and transactions. Shame on Home Depot, because it was the same way it was done at Target. They didn’t learn the lesson, or didn’t learn it fast enough. I did learn something: I wasn’t sure retailers were really that interested in protecting their information. But it turns out that they are. Target has spent over $110 million since the breach on fixing the leaks and customers don’t trust them anymore as their sales are down five percent since then. That’s a staggering amount.
And a week ago, JPMorgan Chase was hacked over a two week period impacting 83 million of their customers. The PR speak right now is that they are “not aware” of any confidential client information having been hacked….in other words: they don’t really know yet. Gees, you’d think that if I broke into your house you’d notice it in less than two weeks!
Most people tend to be in two camps on these data breaches: They either get really freaked out, or they’re complacent and just don’t seem to care. In Canada, we’re luckier than our friends south of the border. Our credit cards all have the chip technology. Since a couple of years ago, when you use your credit card, you’ll need to enter a PIN in order to get the transaction through. So for us, it’s OK to not worry. What the thieves stole was a one-off transaction for what you bought at Target, Home Depot, or other stores that have been hacked. That transaction went through, so the information is of little interest to the thieves.
You should always look through all of your credit card transactions. That’s just common sense and just a good precaution against any charges that aren’t yours. If you find any, you’re never liable. Just call the 800 number on the back of your card and the charges will be removed and you’ll be issued a new card.
Thieves steal credit card information in order to make a duplicate card that they can then use in stores to mostly buy electronic stuff or gift cards – anything they can readily re-sell or fence and turn into cash. The other way is to sell these card numbers to other crooks. I bet my American Express is for sale on a bunch of the crooks’ chat rooms as I’ve certainly used it at Target, Home Depot, Marshalls, and a number of other store chains that have been hacked.
Stealing credit card numbers in the U.S. is easy and very profitable for the crooks. In the U.S., card holders there should freak. The U.S. still uses credit card technology that was developed in the 1960s. Swipe and sign and that’s it. No PIN means crooks have a credit card they can use over and over, and not just a one-off transaction.
The big advantage U.S. citizens have is that they can freeze their credit reports. If crooks can’t access your credit files, they can’t commit identity theft and borrow money as if they were you. That’s something that’s long overdue in Canada and would eliminate close to 99% of identity theft.