If your credit card was among the 1.5 million whose information was reportedly stolen by hackers during the Global Payments data breach, you are probably taking steps to prevent any potential financial losses and damages to your credit file. Perhaps you’ve already visited Global Payments’ website for guidance on exactly what to do or have been contacted by your bank with some specific instructions on how to protect yourself.
Well, I’ve looked into Global Payments’ suggested course of action and have to offer a note of caution: they ask you to do more than what’s needed, which can unnecessarily lead to different issues. And when it comes to following your bank’s instructions, there are other risks that you need to be aware of. Let me address each of these issues.
Global Payments’ Advice
Let’s begin with the actions that Global Payments suggest you should take. The first thing they ask you to do is to contact your card issuer for more information and I agree with them. However, their next advice is that you place a fraud alert on your credit report, which I would not recommend. Doing so would alert potential lenders to the possibility that someone may be using your personal information to apply for credit in your name without your authorization. We know that in the Global Payments breach only Track 1 data have been compromised, which includes your card number and expiration date, but not your name, address and SSN, without which no one can file a credit application in your name. Moreover, your issuer will replace your card and the new one will have a different number and expiration date.
But why, you may ask, shouldn’t I place an alert anyway, just in case? Well, the downside to doing so is that it encumbers the processing of your legitimate credit applications. For example, if you placed the alert and applied for a credit card, the issuer would have to contact you first and establish that the application is legitimate. Or indeed, the issuer may decide to take the safer route and reject your application out of hand. And the requirement to verify the legitimacy of the application applies to a wide range of service providers, including mobile carriers, power and gas companies, cable TV operators, etc. So you would be unnecessarily inconveniencing yourself.
For the same reasons, I would advise against following Global Payments’ suggestion that you employ “services that include fraud alerts and credit freezes.” I broadly agree with the other best practices suggested by the processor, but would add that you should get your credit report from www.annualcreditreport.com, which is the only place where you can get it for free (just make sure you decline all of their promotional offers). Also, there is no reason to keep calling your bank and inquire about “possible fraudulent activity,” because if there is one, they will contact you. And that brings me to my second point.
How to Respond to Your Bank
Whenever you receive an email purporting to be from your bank, your first job should be to ensure that it is legitimate. It may have been sent by an impersonator who is trying to trick you into revealing the account information that they don’t know. This is the process known as “phishing” and you should be on a very high alert against such attacks in the wake of the Global Payments event. Remember, the hackers may only have been able to get their hands on card numbers and expiration dates, but to make any use of their loot they will also need the associated names, at a bare minimum.
So how should you handle incoming bank communications? Well, if you receive an email asking you to “verify” or otherwise disclose your account information, do not click on any links it may contain! Instead, you should either contact your bank by phone or you should open a new browser and log into your account by going directly to the issuer’s website.
The bottom line is that the Global Payments data breach should prompt you to act and protect yourself against potential fraud, but not to overreact. The damage done by the hackers is real and it will take time to bring everything back to normal. Yet, from what we know the hackers cannot harm us without first tricking us into giving them the information they don’t already have. So as long as we keep our guard high and don’t give our names and account details to strangers, we will be just fine.
Image credit: Pinewswire.net.