Mellody is President of Ariel investments, a Chicago-based money management firm that serves individual investors and retirement plans through its no-load mutual funds and separate accounts. Additionally, she is a regular financial contributor and analyst for CBS news.
Tom: We have data security on tap this morning, right Mellody?
Mellody: That’s right, tom. This has not been a great week for data security. First, we saw a number of Hollywood personalities have their personal photos hacked on the cloud. but the bigger story this week is the data breach at home depot, the world’s largest home improvement retailer, with 1,977 stores in the united states, 180 in Canada and 106 in Mexico. cyber security experts are saying that it appears that the attack targeted near all of these stores, and if this is true, could cost the company tens of millions of dollars, and more importantly for our listeners, could compromise more personal records than the breach last year at target, which impacted 40 million credit cards and exposed the personal information of 70 million people.
Tom: You know Mellody, this seems like it happens every day! Why is it happening so often?
Mellody: It’s pretty simple, tom. This makes hackers a lot of money, and in many cases, it is incredibly difficult to combat from the perspective of these companies because the U.S. is so far behind in terms of card security. Before this happened, home depot had taken steps to better protect consumer information. The retailer aggressively rolled out point-of-sale systems that are capable of reading credit cards with chip & pin technology that is more difficult to hack than the current magnetic strips on the back of the cards. But until recently, credit card companies have been slow to issue cards with the new technology.
Tom: What could happen if your credit card or debit card information is stolen?
Mellody: Well Tom, the good news is that you are not responsible for fraudulent charges on your credit cards, so purchases are not the main concern when it comes to credit cards. The more important thing to focus on is your personal data. If this is stolen, it could lead to identity theft. In the event that the bad guys obtain this information, they can apply for new lines of credit in your name that you do not know about. If this happens, and you do not find out, your finances and credit scores can be badly damaged, and you could be forced to go through a long process to repair them.
Debit and ATM cards are a different story. These cards still come with consumer protections, but there is a tiered repayment cap system that varies based on when you report. In this case, if you report it immediately, you do not have a liability. If you report it within 2 days, your liability is capped at $50. But if you wait, you could be on the hook for much larger losses. between 2 and 60 days, your liability is $500, and over 60 days, you are liable for all the money taken from your ATM/debit card account, and possibly more; for example, money in accounts linked to your debit account. You could be cleaned out! So if you hear about a breach at a company where you may have used your debit card, it is imperative that you call immediately.
Tom: What’s the difference between the new chip & pin technology you mentioned and the current system?
Mellody: Well it isn’t really new technology – it has been around outside of the U.S. for decades – but it has not made it to the us until now due to size of the overhaul that is needed to make it a reality. As you know, the card in your wallet has a magnetic strip on the back. the problem right now is that that strip contains all of the information for your account, including your name, the security code, your billing zip code, everything. At this point, every time you swipe one of these old cards to make a purchase, that information is transferred to that retailer’s network, and is therefore vulnerable if hackers breach that company’s network.
In terms of the chip & pin technology, it is pretty straightforward. The chip & pin cards don’t have this information on the magnetic strip. Most of these cards simply have your name and the card company logo on them. For the rest of the information, they contain a chip that holds your account information and communicates with the point-of-sale system or ATM terminal. During the transaction, the system requires you to confirm your identity with your pin. Without this pin, it will disallow your purchase or withdrawal. This means that if you lose your card, your account number and other details remain concealed, even if the card is stolen. Even if your information is skimmed from a point of sale device or stolen by a breach like that at target, your identity is not compromised, and the card cannot be reproduced.
Because of that, you should begin to see a massive changeover to this technology in the us, driven by retailers, credit card companies, everyone.
Tom: So we are in the process of trying to solve this – what should we do until we all have these chip and pin cards?
Mellody: Great question! Because this is such a big overhaul, we will probably see it take 3 or 4 years to complete. In the meantime, there are a few steps you can take to make sure you are protecting yourself.
First, make sure to sign the back of your credit card. It seems small, but if you don’t sign your card, your fraud liability can be higher. Second, make sure you are using a secure website that starts with ‘https’ when shopping online or on your phone. If it is missing that ‘s’, you can’t be sure the transaction is secure. Third – and i have made this point recently on money Monday – be wary of making online purchases on a public Wi-Fi connection, as these connections make it easy to hack your information. If you find yourself using public Wi-Fi often, consider getting a VPN, which is more secure. Next, make sure you shred credit card statements and anything that has your credit card number or personal information on it! And finally, make sure you are monitoring the purchases on your card regularly, do that you detect any fraudulent transactions.
At the end of the day, if you are a victim of a breach, the biggest step you can take is to make sure you call your bank or card company right away to report the incident and cancel any compromised cards, and then monitor your statements and credit score for fraud.