Two purchases were made, one for $200 and another for $300, if I remember the details from my wife correctly (since I’d prefer to imagine this event never happened and am trying to erase it from my memory banks). I can’t quite figure out how retailers could have validated those purchases without the thief showing some form of identification. But they did.
The next step is: What are retailers going to do to prevent these instances from occurring (both preventing electronic information from being stolen, and stopping it from being used in another purchase)? And, what are individual consumers going to do to minimize the potential for their card data being stolen?
Several years ago, I worked for a company that was exploring getting into identity security. We batted the ball around for years, and never waded in. Some companies took the plunge and offer insurance to protect you from fraud and from your personal information being illegally used. For a fee, they cover your losses (up to a point). It’s a simple model, and these companies seem to be thriving as one actually advertises on television.
They will grow in the years ahead if you compound what has happened in the retail arena just in the past year. The data breaches are almost too numerous to name. They are coming at us at almost a weekly basis. One way to protect yourself is to buy identity insurance.
Protecting yourself boils down to responsibility. There are a number of levels of responsibility.
Certainly, we are all personally responsible to take steps to change passwords, not share them with others, and being vigilant to phone and email scams. Common sense stops a lot of attacks.
Responsibility also falls heavily on the Home Depot’s and Target’s. Not only must they clean up their information security, but they also need to a much better job communicating quickly to customers how to prevent personal data from being used. And, if necessary, they should coach customers to immediately terminate their debit or credit cards, and get new ones issued. If that message had come through immediately and clearly, tons of customers would have been spared some of the pain of seeing their cards randomly used by a faceless entity.
The other groups responsible are the businesses that allow the stolen data to be used at their stores. This I don’t understand. How do you let someone like Freddie Frabnats come to your register and use credit card information to the tune of $200 and not ask him for identification when he shows a card that says Christopher Kumquat? I don’t get it. You ask for his driver’s license. You look at it to see if it matches up the face and name with the card. Pretty dang simple, and it is the retailer’s responsibility.
I also don’t understand how stolen information could ever be used to order something successfully from a catalogue. If Frabnats is ordering information to be sent to his address, but the name on the card is Kumquat, isn’t the customer service rep trained to see this as a red flag? “Uh sir, why is your shipping name different from your credit card?” That should immediately be denied and reported.
We can never create a perfect world, since there are swindlers, liars, cheaters, scammers, and con artists around the globe. Each of us acting responsibly though in our personal and professional lives will go a long way towards preventing identity theft.