Shelter yourself from payment card breaches
Data breaches at retailers aren't going away but there are ways consumers can protect themselves from future heists of their payment card information.
Home Depot said Thursday that malicious software lurking in its check-out terminals between April and September affected 56 million debit and credit cards that customers swiped at its stores. Target, Michaels and Neiman Marcus have also been attacked by hackers in the past year.
More breaches are likely. The Department of Homeland Security Department warned last month that more than 1,000 retailers could have malware in their cash-register computers.
Here are five ways to protect yourself:
1. Consider another way to pay: Try newer ways to pay, such as PayPal or Apple Pay. "Any technology that avoids you having your credit card in your hand in a store is safer," says Craig Young, security researcher for software maker Tripwire. Those services store your credit card information and it's not given to the retailer when you make a payment. Many big retailers, including Home Depot, accept PayPal at their stores, but many others don't. Apple Pay, which was only introduced this month, has even more limitations: It is available in just a small number of stores so far and only people with an iPhone 6 can use it.
Stored-value cards or apps, such as the ones used at coffee chains Starbucks and Dunkin Donuts, are also a safer bet, says Gartner security analyst Avivah Litan. That's because they don't expose credit card information at the register.
2. Sign it, don't pin it: If you're planning on paying with a debit card, sign for your purchase instead of typing in your personal identification number at the cash register. You can do this by asking the cashier to process the card as a credit card or select credit card on the display. Not entering you PIN into a keypad will help reduce the chances of a hacker stealing that number too, Young says. Crooks can do more damage with your PIN, possibly printing a copy of the card and taking money out of an ATM, he says. During Target's breach last year, the discount retailer said hackers gained access to customers' PINs. Home Depot, however, said there was no indication that PINs were compromised in the breach at its stores.
3. Beware of email scammers: After big data breaches are exposed, and get a lot of media attention, scammers come out of the woodwork looking to steal personal information. Some emails may mention Home Depot or offer free credit monitoring, but you should never click on the links. Many are for fake sites that try to steal bank information or passwords. "Avoid these entirely," Young says. If an email looks credible, go to Home Depot's site directly instead of clicking on links.
4. Keep up with statements: Scan credit card statements every month for any unauthorized charges. And keep an eye out for smaller charges. Thieves will charge smaller amounts to test to see if you notice and then charge a larger amount later, Litan says. They may also steal a small amount from millions of accounts, scoring a big payday, she says.
And check your credit report for any accounts that crooks may have opened in your name. Credit reports are available for free, from each of the three national credit reporting agencies — Equifax, Experian and TransUnion — every 12 months from AnnualCreditReport.com. Home Depot is also offering free credit monitoring and identity protection services to customers. Customers can go to the company's website for more information or call them at 800-466-3337.
5. Go old school: Use cash. When possible, the safest bet is to not swipe a card at all. Even if security gets stronger at stores, hackers are likely to figure out a way around it. "It's always a cat and mouse game," Young says.