Fraud risk soaring for data breach victims

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.cbsnews.com/news/fraud-risk-soaring-for-data-breach-victims/

Attention Target and Neiman Marcus shoppers. If you got a security breach
notice, you'd best take it seriously. The latest comprehensive study on
identity fraud found that the threat of a crook using your stolen data has
soared.

If your data had been stolen three years ago, you only had about a 10
percent chance of falling prey to identity thief. Today, one-third of those
who are affected by a security breach become victims of identity theft,
according to Javelin Strategy and Research, which has done comprehensive
annual studies of identity theft since 2006.

If your debit card information was stolen, the chance is even higher - 46
percent of consumers with a breached debit card in 2013 became fraud
victims in the same year, according to the Javelin study.

Worse, the risk is not isolated to fraudulent charges being made on the
card that was lost. Increasingly, identity fraud is moving to "account
takeovers" where the crook will change the address, password or phone
number on anything and everything from your utility bills to your PayPal
account, running up charges while locking you out.

And one successful fraud can spread like a cancer for two reasons. First,
U.S. industry relies heavily on "knowledge-based verification," says Steve
Schwartz, president at Identity Guard, an ID theft monitoring service. And
the knowledge that serves as a key to your account is frequently the type
of information that's shared openly on social media sites like Facebook.
For instance, your bank's security questions might be the name of your best
friend; your dog; your favorite book or song. Sound familiar?

Secondly, if a criminal is able to hack in and nab one password, they may
have the keys to the rest of your password-protected accounts, including
your eBay, Amazon, email and bank accounts, too. The reason? As you open
more online accounts that require passwords, it becomes increasingly
difficult to keep track of them all, so we humans respond by using one
password for everything. Thus, if you can figure out the password to
someone's email account and you may have the key to their credit card and
banking relationships too.

What can you do to protect yourself?

First, if you were a victim of a security breach and were offered free
account monitoring, take it. This will take some of the onus for
meticulously monitoring your accounts off of your shoulders. But make sure
you continue watching your accounts even after the free monitoring period
expires.

Also consider putting a fraud alert - or even a credit freeze - on your
credit file. The fraud alert requires companies to contact you before
opening a new account in your name. A credit freeze stops anyone (including
you) from opening a new account based on your credit file. The freeze is
obviously a severe course, but may be appropriate for those who have no
immediate need for additional credit.  The fraud alert, meanwhile, is
temporary but can at least make you a less attractive victim by making it
inconvenient for a criminal to take over your credit identity.

Choose your passwords carefully and make sure that they're not all the
same.

It is also important to pay attention to the type of data you're sharing
publicly. Your close friends know your favorite song. The rest of the world
doesn't need to. Take it off your Facebook account, or review your privacy
settings to make sure that data isn't going out to any crook who might be
tempted to focus on you out of the millions of consumers in their vast
database of stolen information.

Opt in for two-factor authentication, where possible. In many cases, your
bank will offer the option of being contacted via email or text anytime
there's movement in your account. That gives you the ability to monitor
fraudulent activity in real time and stop it before it gets out of control.

Finally, ask for an identifier that's not linked to your Social Security
number, suggests Al Pascual, senior analyst of security risk and fraud at
Javelin. The vast majority of banks and credit card companies use your
Social Security number is a primary identifier, allowing anyone with this
number access to your account. But Social Security numbers are too easily
stolen, he says. Ask to block your SSN as a form of identification and set
up something that is known only to you.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!