|
||||||||||
 |
|||||
 |
|
 |
|||
 |
|||||
Last week, Alberto Gonzales, the infamous hacker behind one of the largest ever instances of credit card fraud, received his final jail sentence—putting him behind bars for 20 years. Gonzales was the mastermind behind several record security breaches in 2008, involving the payment processor Heartland Payment Systems, as well as the parent company of TJMaxx and several other large retailers. Altogether, Gonzales and his accomplices compromised more than 170 million credit card accounts.
Unfortunately, even though Gonzales is now firmly under lock and key, the fall-out from the cyber credit card attack will continue for years to come.
Unlike bank robberies and other ‘old-fashioned’ brick-and-mortar crimes, the consequences of credit card fraud unfold for years after the crime was committed. Once credit card information and other personal information have been compromised, there is no way to turn the clock back. The credit card numbers change hands on the black market, and there is no telling at which point criminals will begin to make fraudulent charges to a compromised credit card account.
Unlike bank robberies and other ‘old-fashioned’ brick-and-mortar crimes, the consequences of credit card fraud unfold for years after the crime was committed. Once credit card information and other personal information have been compromised, there is no way to turn the clock back. The credit card numbers change hands on the black market, and there is no telling at which point criminals will begin to make fraudulent charges to a compromised credit card account.
Worse, there is no telling whether or not your credit card is among those compromised in the Heartland security breach or other instances of cyber credit card theft. Why? Because companies, whose customer databases have been targeted by cyber gangs, rarely notify their customers about the fraud. Most merchants fear letting their customers know that their credit card security systems have been breached, because of the bad public image it generates.
Retailer JC Penney, for example, recently attempted to conceal its role as a victim in the Heartland security breach. JC Penney had managed to keep its identity secret for months, and was referred to only as “Company A” in court proceedings. However, when the case recently relocated from New Jersey to Massachusetts, local authorities decided such secrecy was no longer permissible.
The retail chain tried to avoid the disclosure, arguing that there was no evidence that the breach of its consumer database information, which occurred during the Heartland break-in, had actually compromised consumers’ credit card information. JC Penney also claimed that if the company was forced to publicly inform its customers that their credit card information might have been compromised, it would discourage other companies in a similar situation in the future from cooperating with authorities for fear of the following “reputational damage.”
Authorities didn’t buy the arguments, however, and JC Penney eventually issued a statement acknowledging the security breach. Another company, Wet Seal, also recently confirmed that it had been a target.
Consumers can only hope these disclosures have come soon enough for the companies’ customers to change their credit card information before fraud occurs, as opposed to after. This is what happened to customers of Colorado’s First National Bank of Durango. The bank’s 5,000 customers had no idea that their credit card information had been compromised in a cyber break-in until the bank notified them on March 1 of this year. At that point, as many as 20 customers had experienced suspicious activity on their accounts.
So far, the companies known to be affected by the record security breaches in 2008 include TJX, the parent company of TJMaxx and Marshall’s stores, JC Penney, and New Jersey-based Heartland Payment Systems, as well as retailers 7-Eleven, and the New England-based store chain Hannaford Brothers Co.
If you fear that your credit cards might have been exposed, call your credit card issuer and ask them to issue a new credit card with another number. Even if the compromised card has expired, oftentimes new cards will feature the same number as the old. Unfortunately, even if a cardholder changes their credit card number, compromised social security numbers, date of birth, and other personal information extracted in the breach are still at large, so to speak, floating freely around in the information underground.
In short, there is more reason than ever to stay alert to credit card fraud and identity theft. Carefully study your credit card activity at least once a month, and preferably create an online account, so you can monitor your credit card account more frequently. If you notice any activity you don’t recognize, no matter how small the amount, immediately contact your credit card issuer. In addition, pull a free copy of your credit report at AnnualCreditReport.com once a year, and study it carefully for signs of identity theft.
