Like me and millions of other consumers, it sounds like you used a credit card at Target sometime between Nov. 27 and Dec. 15, 2013. During that time, one or more fraudsters gained access to Target's point-of-sale database and collected payment card details from as many as 40 million customers. It's one of the largest data breaches ever, but it also underscores the fraud protection features included in most American credit cards.
According to security researcher Brian Krebs, credit card numbers from Target's database started showing up on "dark web" bulletin boards within days, enabling criminals to purchase account details they can use for a variety of purchases. Even if your bank elects to send you a completely new card, you can take some precautions to ensure that nobody's using your personal information to abuse your credit.
1. Enable purchase alerts on your credit card accounts.
Most credit card issuers now offer automatic alerts by text message or email whenever your card gets used in a variety of settings. For instance, you can request alerts for transactions triggering international credit card fees, for transactions over a specific dollar amount, or within certain other parameters that you choose. Your bank may already scan your account for unusual usage patterns, but a real-time alert can grind a crook's shopping spree to a halt.
2. Take advantage of free credit card monitoring services.
Target has announced it will provide free credit monitoring subscriptions for consumers affected by the data breach. Although criminals can't do much to steal your identity with just your credit card number, they can combine your stolen card details with information collected from other databases. Actively watching your credit reports for any new, unauthorized accounts can help squash identity theft before criminals can gain control of your file.
3. Avoid clicking on links in email sent from your bank.
Some fraud rings try to phish for additional information they can use for identity theft. You might receive email about the breach from your bank, or from an unfamiliar bank that claims to have an account in your name. Don't click on any links within these messages. Instead, use your Web browser to navigate directly to your bank's secure online customer support system. Forged links can fool you into giving up valuable passwords or personally identifiable information.
4. Discuss account details only with agents at a number you call.
Likewise, some scammers try to use social engineering tricks to make you believe you're speaking with your bank. If it's really your bank calling, they will never ask for your account number or PIN -- they have that information already. Should a fraud investigator call you about your account, ask for their name and direct extension. Then, call the customer service number on the back of your card and ask an operator to reconnect you. It's cumbersome, but the process assures you'll speak only with legitimate bank personnel.
5. Place a security freeze on your credit report.
As a last resort, if you find yourself anxious about identity theft, you can request a security freeze from all three major credit reporting agencies: Experian, Equifax, and TransUnion. Although the 90-day freeze will prevent you from responding to any automated, instant approval credit card offers, the freeze will also block criminals from opening any new accounts with your information.