Quantcast

Lois M. Collins: What I learned as a victim of Target's credit breach

Published: Tuesday, Jan. 14 2014 11:31 a.m. MST

Shoppers arrive at a Target store in Los Angeles on Thursday, Dec. 19, 2013. Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear.

Damian Dovarganes, Associated Press

Enlarge photo»

Credit card companies are getting much better at spotting fraud — often well before a consumer figures out that something stinks.

I was literally asleep when Sears called me very early on a Saturday morning in December to ask if I’d really charged a pair of cameras and memory cards. The purchase itself didn’t make them suspicious, since it was almost Christmas and online shopping was going hot and heavy.

What was odd, they thought, was the fact that I asked that the merchandise be sent to a store in Massachusetts for pick up, although my billing information clearly showed I live in Utah.

It could happen, but it was odd enough that the nice woman on the other end of the phone said they thought they ought to check.

My first thought was that she was scamming me. Heaven knows I’ve had enough creepy phone calls to suspect that something’s phishy. I kept waiting for her to ask me to provide my personal information and credit card number to verify that I was authorized to cancel the transaction.

Instead, she told me the last four digits of my debit card and I felt an icy chill of dread move from my brain to the pit of my stomach, smacking my heart a couple of times as it crawled past.

Within 20 minutes, I’d gone from sound asleep to out the door and was roaring to my bank to deal with a security breach that put me in good company with approximately 70 million Americans who shopped at Target on Black Friday. By that time, I’d already followed the caller’s advice and notified police that my card had been compromised and someone had actually used it to make a fraudulent purchase.

Had the good people looking for suspicious activity at Sears not noticed, a fair amount of damage could have been done. Who knows how long it would have taken me to spot it on my own. As it was, I’m hopeful that we nixed the first attempt to use my data and that will be the end of it, since I had the card that they used cancelled within an hour of being notified.

But while creditors and merchants are the first and best line of defense against fraud now — and they really have gotten good at spotting it — I think they also share some responsibility for the fact that fraud is so wildly bold and discouragingly plentiful.

When the words “identity theft” had not yet been coined or were just beginning to be uttered and most of us had no idea what it meant, calls to report a fraudulent charge on a credit card statement routinely elicited yawns. It was, to be sure, simple for a consumer to get a bogus charge reversed. But it was not deemed worth anyone’s time to try to track down the crook. Credit card companies, merchants and even police departments yawned and shrugged.

They were probably right that the chance of actually solving such a case was slim then — but they weren’t even trying and I have no doubt that those bent on defrauding people knew they faced very little in the way of a consequence even if the crime was detected. With nothing to lose, why not go for it? Such policies must have contributed to the problem.

The scale of the most recent breach was so big as to be obscene. Should those trying to find the miscreants succeed in locating and prosecuting them, the scale itself would help provide enough charges to have a real chilling effect on others who would like to swipe data.

It’s not — and never was — a victimless crime. We all pay higher costs because of this type of crime. Those directly touched pay an even bigger price. My hope is law enforcement will solve it and see that the criminals doing it pay the biggest price of all.

EMAIL: lois@deseretnews.com, Twitter: Loisco

Get The Deseret News Everywhere

Subscribe

Mobile

RSS