It Is the Season for Breaches, Account Takeovers and Card Thieves — so Beware

When it comes to identity theft, there is no time like the holidays.

Christmas and New Year’s are prime times these days for thieves to gain access to credit cards, debit cards, bank accounts and a host of other personal information through security breaches or simple scams.

No matter how they get one’s information, they can really hijack a holiday.

So, what does one national expert, who lives locally, say to do?

Don’t worry about it.

“As far as all these big data breaches go, one of the first things I tell everyone is don’t worry about it,” said Robert Siciliano, a McAfee Online security expert who lives locally in the Boston area. “That advice sounds counterintuitive really, but worrying cannot help the situation. You don’t have to worry, but you do have to do something. It’s like baking a cake. Don’t worry about baking the cake, just put all the ingredients together and go to town making it.”

Christmas season has been compromised for several years in a row with the increasing sophistication and complexity of identity theft, with the chief case being that of the Target store breach last Christmas. Whether it’s retail shopping or online shopping, thieves focus in on major events, and therefore it’s certainly a time to be extra cautious.

Lisa Mandel, senior vice president and chief information officer of East Boston Savings Bank (EBSB), said identity theft is so prominent during the holidays because there is so much activity.

“I think it’s more the propensity for people to be shopping and it increases the opportunity for the customer to be defrauded,” she said.

Added Siciliano, “Just like the news media has an editorial calendar, so do bad guys. They focus on Christmas, Valentine’s Day and Easter. They focus on tragedies, weather events, world news or celebrity deaths. They focus on whatever is happening now, whatever is fresh or whatever is hot that day.”

One of the scariest parts of identity theft, particularly during the holidays, is that once a person’s debit card, credit card or bank account has been compromised – major financial damage can happen rather quickly.

Both Siciliano and Mandel said it is extremely important to keep constant tabs on all accounts. At a minimum, consumers should read their bank statements every month. However, those who are savvy with mobile phones, laptops or computers can have alerts sent from their credit card or bank accounts alerting them electronically to any activity.

“Mainly, you need to read your paper credit card or bank statements,” Siciliano said. “A lot of people don’t read them. Some nine out of 10 people don’t read them. Those nine end up paying for the lifestyle of an identity thief with their own monthly payments. Most banks or credit cards have an app that will allow you to monitor your account or even to get alerts, which are e-mails or text messages that notify you of every action that is made. If there is a deposit or a purchase or any other activity, I know immediately when it happens. That way I’m fully in tune at all times as to what’s going on with my bank account and credit cards.”

He said it is essential to catch identity theft quickly. The quicker the problem is caught – just like with one’s health or automobile – the less damage that can been caused and the easier it is to fix.

“It is very similar to your health,” he said. “If you’re not getting things checked on like your blood pressure, cholesterol or routine check-ups, it’s just a matter of time when something bad happens. When something bad happens, it will be too serious and too late. It’s the same with your health and your identity. The sooner you get a handle on it, the better it will turn out.”

Once a thief does get a hold of, for instance, a bank card or debit card, banks are faced with repairing the damage. It has become a greater challenge and a greater drain on resources for banks.

Mandel said there are so many breaches that they cannot replace all the cards anymore. Typically, such as with Target last year, they will notify a customer that their card is on a compromised list. That alerts customers to watch out for bad transactions and to be vigilant. Once a card has been used or a bank account accessed, that’s when the bank begins taking action.

Mandel said she often recommends people try to avoid using their debit cards during times such as Christmas. If a card is compromised and being used, customers can sometimes have to get a card re-issued and, in the interim, not have the convenience of being able to use a debit card.

“I generally recommend people use a credit card because they have a limit,” she said. “The debit card is access to your cash and there’s not a limit. You may not want to go without your cash or access to it…In these breaches, it’s gotten to a point where we can’t reissue all the cards all the time. The industry is very good about notifying us on what cards are compromised. We have different ways of dealing with a card that has been compromised and nothing has happened than with a card that is being used. We try to be as practical as possible and also avoid inconveniences. That’s a fine line.

“We’re looking at things like being able to re-issue cards in the bank branch,” she continued. “That’s one thing…The card technology is evolving. The thing that’s really going to be different 18 months from now because of this is card technology. It will change.”

Other tips include:

  • Get paid anti-virus, anti-phishing and firewall software. Don’t go for the freebie. “Paid anti-virus is much better than the free service,” said Siciliano. “The paid service has all the best protections.”
  • Update all your software, including operating systems and browsers (such as Explorer, Chrome or Firefox). iPhones should be using an operating system no lower that version 8, and Windows should be no lower than Windows 7 or 8. The reason is that the updates also contain protections against the very latest threats.
  • Always check the security status of any website where you might be shopping or handing over personal information. Up by the website address, a secure website will have an ‘S’ next to the ‘http’ entry. ‘S’ is for secure.
  • Watch out where you are when you check your bank accounts via mobile or online banking. If you’re not on a secure network, others might be able to spy on you. Many times, cell phones will switch to a free, public Wi-Fi without warning. That can especially be true at a mall or department store.

“You may not think people are intercepting your signals, but if you’re on a public network, you probably don’t want to do online banking or check your balances,” said Mandel.

  • Consider ID theft protection. “At the end of the year, it’s not that much money,” said Siciliano. “You’d easily spend that same amount on breakfast in three weeks.
  • Watch your snail mail – otherwise known as the U.S. Mail. Thieves often get critical ID information by stealing mail out of the box or going through the trash.

All of that said, Siciliano indicated that identity thieves are getting smarter, more cunning and difficult to keep ahead of – meaning it’s even more critical for people to take their identity seriously.

“It’s just non-stop,” he said. “We’re at a point where it’s gotten ridiculous. The public understandably has gotten numb to it, but there are holes being blasted in networks by these criminals. Often, they’re doing it by calling up the wife of a CEO and posing as someone from Microsoft.”

Once in with a family member, the thieves can get that person to unintentionally install spyware or other tracking devices on the computer. Then, if the CEO of that company logs onto the company network from home, the thieves have everything they need.

“That’s what’s going on now, not just identity, but also trade secrets, military secrets and whatever other information is valuable,” he said. “We’re not prepared for that. They’re hacking humans as much as computers now.”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.