They are dirty, rotten scoundrels. Unfortunately, we’re getting much too used to them.
They are the writers of the sinister computer codes that prowl the Internet, looking for vulnerable systems to infect and mine for our personal and financial data. They have found mother lodes of info on several servers that try to handle big retail’s payment systems.
The breaches come so frequently and in such staggering numbers we barely pay attention any more. The crooks keep coming, and the security people are swamped. Consider one estimate that some large banks face as many as 35,000 threats of possible computer mischief every day.
Security officers quickly toss aside the work of hacker wannabes, so the number of real threats they face may number 100 or so a day. That’s still a pile of work, and missing a genuine threat can cause major problems for the company and its customers.
The results stunned us when we first heard the reports: 110 million or so consumers affected by last year’s Target breach. By the time news broke last week about what could become an even larger breach of Home Depot customers’ data, our eyes were beyond glazed over.
The good news, really, is that the banks that issue credit cards assume the financial liability if those cards are misused. That’s written into state and federal law, with varying standards and deadlines for avoiding fraudulent charges on your credit versus debit cards.
The bad news is that the underlying security nightmare will continue as long as most American commerce is tied into magnetic stripe technology. Much has been written about the much better chip-and-pin technology, backed by use of a personal identifying number. What has worked well in much of Europe for several years is still on the horizon for many U.S. retailers.
That technology will come, but it will be costly. Banks have tried to shift financial liability for data breaches to retailers, pointing at poor security systems. As you’d expect, retailers have reacted strongly; however, they are moving faster toward adopting more modern card security technology.
“Questions of liability may arise if a store has the technology but the consumer’s card does not, and vice versa,” Lund said.
Lund’s bottom-line advice to consumers is to remember they are not liable if they take reasonable steps to notify their banks of unauthorized charges. They can get free credit reports at each of the three major reporting companies each year — rotating requests yields a new report every four months — by visiting annual.creditreport.com. Lund said consumers should not feel scared or bullied into buying identity theft insurance, credit monitoring or other costly products, because “the most important rights and protections are already granted by state and federal law.”
People in Lund’s office and at the Bureau of Financial Institutions can answer individual questions about data breaches and consumers’ rights. Both are part of Maine’s Department of Professional and Financial Regulation.
Visit our blog — necontact.wordpress.com — and search “breach” to read PFR’s information and guidance to consumers regarding financial breaches. You can find information online at the PRF website — maine.gov/pfr — or by calling 207-624-8500.
Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer, ME 04412, visit necontact.wordpress.com or email firstname.lastname@example.org.