LADING

The Woes of Credit Cards

By David Shaw, CEO CBA Inc.
dshaw@cyberba.net

Last Saturday I was making a regular review of my bank accounts and discovered an unauthorized activity. Someone claiming to be me had made a fraudulent credit card purchase at a Victoria’s Secret store in El Paso, Texas that very morning, about an hour before I checked on the account. I immediately called my bank fraud department and reported the theft. Likewise, I called the company’s fraud department and reported the theft to them, informing them that two crimes have been committed, identity theft and theft of over $300 in goods at the store, now unpaid for.
My loss at the bank is insured and law enforcement in El Paso was engaged for the store theft. Unfortunate for the thief, a woman with my credit card data, all in-store transactions are captured on digital media. However, this is only a Class B Misdemeanor in Texas, so it will unlikely be pursued directly.
Lesson learned: Each of us are responsible for our own personal cybersecurity. I have fraud alert protection from my bank and other sources that did not engaged for this incident, which was over the designated alert threshold. Had I not discovered the theft until much later, I suspect that the card thief would have pulled more out of my account, which then may have triggered an alert. However, once I engaged the fraud protection, the card was rendered useless and the funds recovered.
The residual question remains, how did the ID thief get my card data…the card was relatively new because of a recent store breach. We frequently swipe our debit and credit cards for purchases, sometimes out of our visual presence. Protection of that data is therefore tenuous at best and for the most part, unless using a chip reader (modest protection) we are wide open for that credit card data to be exfiltrated, sold and/or used to steal goods and services at our potential loss.
Advice:
1. Establish a security protection plan and incident response plan with your bank for your debit and credit cards as well as other of your financial assets.
2. Establish a routine, but irregular vigil on your bank accounts and immediately rectify any unauthorized activity by contacting your bank and law enforcement.
3. If you have purchased third party protection, I still strongly recommend that you not totally rely on these resources for alerts. You are ultimately responsible for the protection of your funds, not them.
4. Whenever possible, use chip readers for your credit and debit card purchases. If you shop at a store without a chip reader, insist the store management install a chip reader as soon as possible.
5. If making purchases where your card is out of sight for a few minutes (restaurants) or making on-line purchases, just be aware that the card data is highly vulnerable for theft.
6. And, lastly, if you are banking virtually (deposits, transfers, etc.) use secure devices. Cell phones are convenient, but not secure. Likewise, carrying bank account information on your personal devices without adequate protection is asking for losses at your expense.

dshaw@cyberba.net