Buyer beware: How data breaches change holiday shopping for consumers
FARGO — While some may be looking for an identity to steal, according to area fraud officers, other holiday shoppers are looking for the best deal. Before the holidays hit — and you start zipping around town or surfing the internet — you might want to evaluate if your personal information is at risk and decide how to protect yourself.
"About six years ago, my own parents had a trip to the Philippines on one of their cards," says Dan Hendrickson, communications manager at the Better Business Bureau of Minnesota and North Dakota. "They haven't ever been to the Philippines. I don't even know how this information gets out there in some cases."
Stacy Iverson, a fraud and bank secrecy act officer at Bell Bank, agrees.
"Personally, I think we are going to see a rise in fraud due to the information stolen during the Equifax breach," she says. "I think it's going to affect anyone and everyone."
A data (or security) breach occurs when confidential information is copied and transmitted by an individual not authorized to do so. This summer, Equifax — one of the country's leading credit bureaus — experienced a major breach where more than 145 million American consumer records were compromised.
"Even if a person has done everything right as far as protecting their information, he or she could still be a victim," Hendrickson says.
Since 2005, there have been more than 9 million records exposed in 7,730 data breaches, according to the Chronology of Data Breaches on Privacyrights.org. Because of this, both Hendrickson and Iverson say it's safe to assume that some — if not of all — of your personal information has been shared.
"All of these breaches like Equifax, Target and Home Depot have exposed people's information to the dark web — a place where bad guys transact 'in the dark' and share stolen information for illicit proposes," Hendrickson says.
However, even if your information is on the dark web it doesn't necessarily mean your identity has been stolen.
Data breaches and identity theft
Data breaches allow sensitive information to be snatched through hacking, stolen devices and documents, and by credit and debit card cloning at a merchant's point of sale terminal. Even employees embezzle personal information and post it online, sometimes by mistake and other times with malicious intent.
Identity theft occurs when a person decides to steal, find or buy another person's Social Security number made available by data breaches. Both Hendrickson and Iverson say identity theft is consistent across the board but can spike during the holidays. Primarily identity theft occurs through two different fraudulent activities.
One way is through existing account fraud which occurs when a person uses your current credit or debit card information to make purchases.
"Scammers are more likely to try their luck during this time of year, and think 'if I tuck one more transaction here or there it may not get noticed,'" Hendrickson says. "And unfortunately, they are probably right. In 2016, North Dakota had 495 cases of credit card/ATM fraud according to Crime stats.nd.gov.
The second way occurs through new account fraud, or application fraud, where the perpetrator uses information like a SSN and other identifying factors to set up a new account in his or her name. Most often victims are not able to find these "fake accounts" before running their annual credit report.
Iverson says financial institutions witness a rise of debit card fraud rather than new account fraud.
"Many people thought the new chip cards would keep them safe from fraud," Iverson says.
At each store, a card with an embedded chip will generate different codes when used at distinct locations.
"Each time the card is inserted into a merchant's terminal that chip generates an unique code for each purchase," Iverson says. "The only issue with the chip card is that it doesn't work for online purchases."
Iverson recommends using services such as CardValet, a mobile app that notifies of users of any transactions on their debit card.
"Unfortunately, the only sure thing a person can do to guard against identity theft is to stay vigilant," Hendrickson says. "During the holidays, you should check your debit and credit card statements every couple of days."
Before visiting a register, either online or in-store, complete these three steps to gauge the security of your personal information.
1. Check your credit.
"Each year a person can receive a free credit report from each of three credit bureaus," Hendrickson says. Visit annualcreditreport.com and fill out the short form to see current scores. Both Hendrickson and Iverson say it's beneficial to request a report before holiday shopping to see a complete list of current accounts including loans and store credit cards.
2. Check if you are affected by Equifax's breach.
Equifax is offering all U.S. consumers identity theft protection and credit file monitoring through Jan. 31, 2018. Check if your information may be at risk at equifaxsecurity2017.com. If the results say that you were impacted, then enroll and activate its complementary identity theft protection. Also, reach out to your bank to double-check current accounts.
3. Scan the dark web for your information.
A consumer credit reporting agency is offering a free scan of the dark web at experian.com. After requesting the scan, a link to its dark web findings will be shared with you via email.
Still, Hendrickson reminds consumers to be vigilant throughout the year.
"In this day and age — with all the data breaches I think most people's information is out there, be it partially or in full," Hendrickson says.
5 tips for safe cyber shopping
Consumers spent more $3 billion last year on Cyber Monday, according to Fortune.com.
Iverson says cyber shopping requires consumers to provide more sensitive information like a card's number, expiration date and its security code. If you plan to do holiday shopping by the light of your computer screen, remember these guidelines to keep to keep your personal information safe.
• Ensure your computer is protected. Check the anti-virus and spyware software on computer and verify that your computer's firewall is working.
• Purchase items with a credit card. "When I shop online, I don't use a debit card. I use a credit card just because the funds don't come immediately out of their account," Iverson says. "The bank will usually reimburse you for any unauthorized charges, but it might take a little bit of time."
• Cross-check prices between sites. Hendrickson suggests asking yourself, "How could this business offer this product at this price?" He reminds us that "If the deal seems too good to be true, it probably is."
• Stick with trusted sites. If unfamiliar with the site, visit the bbb.org to research the seller's reputation and track record for customer satisfaction. When on the site, look in the address box for the "s" in "https://". When purchasing, look for the "lock" symbol in the lower-right corner of the screen.
• Keep documentation of purchases. Always save confirmation emails, and record the date of sale and any contact information.