If you used your credit or debit card for holiday shopping between November 27 and December 15 this year at Target, the $73 billion-a-year (revenues) retailing giant, that big red bullseye is now painted on your checking or revolving credit account.
Although it's unlikely that victims will be liable for any losses related to theft of funds from their accounts related to this incident--thanks to federal and industry consumer protections and liability limits--you should take steps now to avoid the hassles associated with identity theft.
Crooks gained unauthorized access to credit and debit card payment data, including the cardholder's name, account number, expiration date, and the three-digit "CVV" security code on the back of the card, Target announced today. The retailer's press release didn't indicate how many consumer were exposed, but given that the theft took place at the height of the holiday shopping season, millions are likely affected. We could not reach Target's press office, whose phones kept hanging up while ringing or shortly after the options menu answered.
As we reported last February, a whopping 22.5 percent of consumers who received notice of a security breach, like the one that occurred at Target, subsequently became victims of identity theft, according to a survey of 5,000 consumers by Javelin Strategy and Research, a California consulting firm that has studied this crime for more than 10 years.
That's almost eight times the 2.9 percent ID fraud rate for consumers who hadn't received a breach notice. So you should take this threat seriously, rather than ignore it, which is the typical consumer reaction.
Don't get fleeced by identity theft proptection services, either. Learn how they try to exploit your fear and how you can protect yourself for a low less in our report, Don't get taken guarding your ID.
However, while the Target security breach will be top of the news today, there's no need for you to panic. Federal consumer protection laws and voluntary lending industry practices generally protect you from significant--or any--out-of-pocket dollar losses.
So the biggest threat to consumers is the hassle of monitoring your accounts for fraud, reporting any theft, and replacing compromised payment cards.
If you used a payment card at Target from November 27 to Deember 15, here's what you should do right now to slam the door on the Target ID theives:
- Contact any one of the big three credit bureaus--Equifax, Experian, and TransUnion--to place a 90-day fraud alert on your credit report. If the ID thieves try to open a new credit account in your name, prospective lenders who pull your credit report are supposed to see the alert and take steps to better verify the identity of the applicant. You can do this online with any one of the credit bureaus, who will also notify the other two agencies. This is a temporary stop-gap until you can take the next step.
- Place a security feeze on your credit report at all three credit bureaus. You have to do this individually at each credit bureau online, by phone, or by U.S. mail. A freeze will block access to your credit file by lenders who don't already do business with you, which make it more difficult for a crook to open a new account in your name. Because you're already a victim of ID theft--thanks to the Target breach--you should not have to pay the usual fee for placing a freeze.
- Check your Target receipt to see which payment card you used. If you paid by credit card, contact the issuer to close the compromised accounts because of the breach, and get replacement cards.
- If you used a debit card, you might not want to go through the trouble of closing and replacing your checking account. So, if you haven't already done so, sign up for online and mobile banking, and monitor your account transactions daily. If you find fraud, report it immediately to your bank and follow its advice as to whether you need to close the account and replace it with a new one.
- Finally, don't waste the $120 to $300 a year that identity theft protection services can charge you. You can protect yourself for little or nothing, and the protection services don't protect you after your personal information has been stolen.
Copyright © 2005-2013 Consumers Union of U.S., Inc. No reproduction, in whole or in part, without written permission. Consumer Reports has no relationship with any advertisers on this site.