How to Respond to the Global Payments Data Breach
If your credit card was among the 1.5 million whose information was reportedly stolen by hackers during the Global Payments data breach, you are probably taking steps to prevent any potential financial losses and damages to your credit file. Perhaps you’ve already visited Global Payments’ website for guidance on exactly what to do or have been contacted by your bank with some specific instructions on how to protect yourself.
Well, I’ve looked into Global Payments’ suggested course of action and have to offer a note of caution: they ask you to do more than what’s needed, which can unnecessarily lead to different issues. And when it comes to following your bank’s instructions, there are other risks that you need to be aware of. Let me address each of these issues.
Global Payments’ Advice
Let’s begin with the actions that Global Payments suggest you should take. The first thing they ask you to do is to contact your card issuer for more information and I agree with them. However, their next advice is that you place a fraud alert on your credit report, which I would not recommend. Doing so would alert potential lenders to the possibility that someone may be using your personal information to apply for credit in your name without your authorization. We know that in the Global Payments breach only Track 1 data have been compromised, which includes your card number and expiration date, but not your name, address and SSN, without which no one can file a credit application in your name. Moreover, your issuer will replace your card and the new one will have a different number and expiration date.
But why, you may ask, shouldn’t I place an alert anyway, just in case? Well, the downside to doing so is that it encumbers the processing of your legitimate credit applications. For example, if you placed the alert and applied for a credit card, the issuer would have to contact you first and establish that the application is legitimate. Or indeed, the issuer may decide to take the safer route and reject your application out of hand. And the requirement to verify the legitimacy of the application applies to a wide range of service providers, including mobile carriers, power and gas companies, cable TV operators, etc. So you would be unnecessarily inconveniencing yourself.
For the same reasons, I would advise against following Global Payments’ suggestion that you employ “services that include fraud alerts and credit freezes.” I broadly agree with the other best practices suggested by the processor, but would add that you should get your credit report from www.annualcreditreport.com, which is the only place where you can get it for free (just make sure you decline all of their promotional offers). Also, there is no reason to keep calling your bank and inquire about “possible fraudulent activity,” because if there is one, they will contact you. And that brings me to my second point.
How to Respond to Your Bank
Whenever you receive an email purporting to be from your bank, your first job should be to ensure that it is legitimate. It may have been sent by an impersonator who is trying to trick you into revealing the account information that they don’t know. This is the process known as “phishing” and you should be on a very high alert against such attacks in the wake of the Global Payments event. Remember, the hackers may only have been able to get their hands on card numbers and expiration dates, but to make any use of their loot they will also need the associated names, at a bare minimum.
So how should you handle incoming bank communications? Well, if you receive an email asking you to “verify” or otherwise disclose your account information, do not click on any links it may contain! Instead, you should either contact your bank by phone or you should open a new browser and log into your account by going directly to the issuer’s website.
The Takeaway
The bottom line is that the Global Payments data breach should prompt you to act and protect yourself against potential fraud, but not to overreact. The damage done by the hackers is real and it will take time to bring everything back to normal. Yet, from what we know the hackers cannot harm us without first tricking us into giving them the information they don’t already have. So as long as we keep our guard high and don’t give our names and account details to strangers, we will be just fine.
Image credit: Pinewswire.net.
Credit Card Transaction Processing Basics
American Express Chargeback Policy
Thanks, I was considering placing a fraud alert on all of my credit files, but what you are suggesting makes perfect sense. If they don’t have my name they can’t really do any damage, so I’ll just be looking out for phishing emails.
Yes, the phishing attacks are what everybody should be watching out for, but I think that it may be worth it to place a fraud alert on your credit report. Yes, it could potentially create some inconveniences, but you can always removes it when the skies clear.
Actually, placing a fraud alert on your credit report wouldn’t prevent a criminal from processing a fraudulent transaction, provided they had the information they needed. So what good would it do, really?
I agree, fraud alerts do have their uses, but in this case they are just not needed.
I’m surprised you haven’t written anything about the breach itself. I think Global Payments should’ve done a much better job at protecting their customers’ credit card information. How can these guys let the criminals collect data from within their system for a month without noticing?! It’s unacceptable.
Well, we don’t have any details on precisely what happened, so I can’t make any comments about that. I’ll be happy to do it when we learn more.
I agree that fraud alert and credit freeze services are not worth a consideration. We’ve already been alerted to the risks, so what would these guys bring to the table that we don’t already have. If you see a fraudulent charge on your credit card statement, you should call your issuer immediately and they’ll take it from there. Consumers are not responsible for fraudulent charges.
I am a bit more concerned with the potential consequences than you appear to be, but I broadly agree with your assessment. Still, I think that Global Payment could and should have done a better job at protecting the information in the first place.
Pete,
We don’t yet know exactly how the breach has occurred, but I agree that all payment processors should be doing their best to protect the credit card data that are transmitted through their systems.
Great post, thanks! I agree, there is no reason to overreact, but Global Payments should be made to suffer the consequences. I know that Visa has already dropped them from the list of PCI compliant processors, but that’s no enough. There should also be legal consequences.
Josh,
Don’t worry, Global Payments will have paid dearly for the breach when it’s all said and done.
Data breaches of this size happen way too often in our country; in fact more often than anywhere else. It is true that we are the heaviest credit card users and are using an outdated technology, but I still think that it shouldn’t be quite as easy for the bad guys to do it.
Rob,
Yes, unfortunately you are right. I know that most of us in the payment card industry are doing our best to make our systems more secure, but the hackers are successful more often than they should.