What Companies Do With Your Credit Card Information

Last March, TJX, which operates more than 2,400 stores under names including TJ Maxx, Marshalls and A.J. Wright, acknowledged that account data for nearly 46 million consumers was stolen.

My wife shopped there once in 2005. Our bank notified me quickly after the story broke and issued us new cards. I was annoyed because that was the third time in roughly as many years that we had to get issued new cards.

The saga of bad data practices, assigning blame and denial just gets worse and worse. For example:

“Despite TJX having reported some 46 million consumers impacted by the massive data breach into its computer systems, new documents indicate that as many as 96 million consumers may have been affected, including about 29 million MasterCard victims and 65 million Visa victims, according to documents filed with the federal court in Boston Oct. 23.”

But the testimony of Visa’s Joseph Majka describes some 96 million impacted account numbers, with fraud occurring in 13 different countries.

Visa alone had calculated fraud losses at between $68 million and $83 million.

I love the convenience of carrying plastic. I use it for virtually every transaction over $10.

Reality is, every time you and I swipe a credit card at the checkout or at the pump, we have no idea where our data is being stored.

The card issuer (i.e. American Express, Visa, MasterCard) is likely to have massive data protection schemes in place. But what about the small retailer? Who has access to that data? What are they doing to protect your information?

Conversely, if you are a business owner/manager, what are you doing to protect your customer’s data? Are you collecting more than you should? How long are you keeping it? Is the data vulnerable to theft?

Take it from my experience. I’ve worked with data collection for major brands and routinely see sloppy behavior that puts personally identifiable information at risk. That behavior comes in all forms from the very top down to the bottom rung of the ladder, mainly due to ignorance. It can be as careless as emailing a spreadsheet with consumer contact info to putting files on a public file transfer Web server that many parties have unrestricted access to. So I tend to be conscientious about the overall issue of data security.

So what can you do about it?

Well, convenience comes with risk and trade offs. Simple decisions might keep you secure a bit longer.

• If the gas station seems seedy, pay with cash.
• Find out if your card company lets you create one-time use virtual card numbers for online purchases. You can limit the maximum amount that can be charged to the virtual number and set an expiration date.
• Teach your spouse, parents and children to use caution as well.

Be smart and stay safe.
-BD

Related Links:
TJX Breach More Than Twice As Bad As Reported

Data breach at TJX affected 94 mln accounts-suit

Who should store data, stores or credit card co’s?

Steve’s tips to protect your identity online

Protecting your personally identifiable information is important, but you might enjoy taking a few minutes to watch these ‘tips’…

Enjoy!
Roland

Protect your privacy at home

Protecting your privacy and that of your family is not that hard to do. Just educate yourself on the ways to protect your personally identifiable information and do it. Here are some examples to get you started.

• Keep important documents in a safe or safety deposit box.
  At least that offers some protection in case of disaster or burglary.
• Shred your statements before throwing them out.
  Once your garbage leaves your house, you have no idea where it is going or who might stumble upon a paper with your name, address and account number.
• Don’t leave your mail in the mail box.
  Although it is against the law, people do come around sticking their fliers in your mailbox. You never know what they might do. Better yet, put a lock on your mailbox.
• Don’t share social security numbers unless absolutely necessary.
  Even then, question why the company needs it and whether they can create a unique identifier for you instead. An alternative might for you to create an “EIN” Tax ID Number with the IRS that you can give to potential employers. Or, use a drivers license number if that is acceptable. But protect that SS# by all means necessary.
• Don’t share the birth certificate.
  My community wanted copies of my children’s birth certificate just to confirm them so they could use our community pool. My answer, NO WAY! They can’t ensure that they won’t loose that info and quite frankly they have no business holding on to such a document. Don’t be afraid to say No.
• Protect your digital files, too.
  Learn how to encrypt your files and store them on optical media (DVD, CD), external hard drive, or online storage service. Don’t keep everything onsite because a local disaster could wipe out your entire archive.
• Learn when to shut up.
  “Social engineering” is one of the most efficient ways for scam artists to get info they should not have. Some people seem to tell everyone they meet all their personal info: when they are away, how much money they make, what expensive things they own. Just shut up. Zip you lips. Remember the WWII mantra, “Loose lips sink ships.”
• Teach your spouse, parents and children about common sense.
  Unfortunately, the older generation can be more trusting and may not be as aware of sophisticated security risks. Kids and teens are naive and need to be educated.

Be aggressive, take it seriously and don’t delay. Do what you can to protect your data and that of your family — because no one else will!

Have any additional suggestions? Please submit them.
-Roland

Medical Identity Theft

Baseline Magazine reports: Medical Identity Theft: Providence Health’s Serious Pain

“A phone call that Tuesday, Jan. 3, 2006 brought news that every CIO dreads. Someone had stolen a computer bag out of a systems analyst’s car four nights before. Gone were 10 computer disks and tapes holding information on what would turn out to be more than 365,000 patients—everything from Social Security numbers and birth and death dates to diagnoses, prescriptions and insurance numbers. Data on doctors was missing, too, including Medicare and Medicaid numbers, state license numbers, names, addresses and phone numbers.”

Employees were foolish and reckless with how they handled the health records…

“At most facilities across the company, employees back up data daily to tapes and disks and send it off to be stored in a secured building, O’Brien says. But at the company’s Home and Community Services unit in Portland, which cares for frail and elderly patients in their homes, employees took the backups home themselves, in their own cars, she says.”

These foolish and careless actions have a significant impact on the company as well. Not only has their reputation been badly damaged, but…

“Providence has spent $7 million so far responding to the breach. “This was not a cheap mistake,” CIO O’Brien says.”

Ultimately consumers end up paying the bill for all this nonsense that could have easily been prevented.