Don't Get Blitzed by a Breach

News hit right before Christmas that Target, one of the largest U.S. retailers, suffered a massive data breach during the busy holiday shopping season. Investigators suspect the card data was stolen via malicious software installed on Target’s payment terminals. Roughly 40 million credit and debit card accounts were compromised. The hackers also accessed Target’s marketing database of 70 million customers, which included names, emails, phone numbers and addresses.

Target is not the first—and won’t be the last—retailer to be hit by cyber criminals. In today’s environment chances are good that your card information could be compromised in the future. Whether you're a consumer, a merchant or a small business, there are steps you can take to protect yourself from a security breach.

Consumers

If you discover or suspect that your card information was compromised in a security breach, you should:

  • Not panic | There is a good chance that duplicated cards are not successful because of expiration dates and/or attempted transactions fall outside of the norm for the client and get denied.  While your financial institution can issue new cards, remember that new numbers would require re-configuring automatic payments and transfers you have set up.
  • Monitor account activity | The better course of action is to monitor the affected accounts and watch for any sign of fraudulent activity. If you spot something, contact your card issuer immediately. Should fraud occur, your financial institution would reimburse you for any fraudulent transactions and issue a new card.

Merchants

You don't have to be a national retailer like Target to become a target for cyber criminals. That’s why complying with PCI standards, a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment, is so important. Here are some ways to protect yourself at the register:

Be suspicious | Trust your gut. If you suspect fraud, call the card issuer's Voice Approval line. Some systems have been breached physically by criminals pretending to be maintenance workers, auditors, etc. Encourage all employees to verity with management any individuals claiming to be making service calls. Skimming devices are often installed this way.

Watch for these six warning signs of fraud | Keep any eye out for customers who:   

  • Purchase a large amount of merchandise without regard to price, features, options, etc.
  • Ask no questions on major purchases.
  • Try to distract or rush you during the sale.
  • Make purchases and leave the store, but then return to make more purchases.
  • Make large purchases just after the store’s opening or as the store is closing.
  • Refuse free delivery for large items. 

Don't let customers separate you from the register | Beware of pairs or teams of shoppers who will try to distract you and pull you away from the register so one of them can access your point of sale. This is why it’s also best to keep paper receipts locked up securely.

Lastly, implement and practice the steps below highlighting techniques to be a hard target and protect your business network

Small businesses

Small businesses (and nonprofits) continue to be the No. 1 target for cyber criminals. Computers, smart phones and tablets process the lifeblood of your business—often very sensitive financial and client information—every day. To help protect your business:

Always hover over links before clicking and consider email file attachments as suspect before opening or downloading them to your system. Add two-factor authentication to protect Web email accounts like Gmail, Yahoo, etc. This is typically a one-time PIN sent to your cell phone via text which you can configure to your specific needs. 

Engage reputable information technology professionals. Protecting your network and all its devices is an ongoing process that requires some specialized knowledge. Also be sure to talk to your financial advisor about ways to reduce other types of account fraud. Using money transfer security features like ACH transaction blocking, dual-control authorization and positive pay can make fraud much more difficult to execute.

If you do have a security breach, notify your technology resources AND your financial team. After information is compromised, sometimes the crook tries to contact bank staff with fraudulent requests. While Pinnacle associates are trained to follow their Know Your Client procedures, it’s always best to play it safe and let your financial advisor or client service team know if you discover a system breach. Our ID Theft team can place alerts on your accounts and assist with recommended recovery steps and best practices.

For more on this topic, take a look at Pinnacle’s Fraud and Security center.

Kim Jenny can be reached at 615-620-1226 or by email at kim.jenny@pnfp.com.