Each week seems to bring news of another data breach at another U.S. retailer. First Target, then Neiman-Marcus, followed by Michaels, and now the hotel company White Lodging, which manages hotel franchises for chains such as Marriott, Hilton, and Starwood.
If your credit- and debit-card data are compromised in a security breach, you are more likely to become a victim of identity theft or fraud. The burden of monitoring your accounts for criminal activity is placed squarely on you. A company such as Target might offer free credit monitoring for its customers, but as we reported in "Expect Less and Pay More With Target's Credit Monitoring," that service could fall far short of what you really need, giving you a false sense of security.
Federal laws and voluntary industry practices generally protect you from big out-of-pocket losses from breaches. But the threat is still serious, not to mention disturbing. Your data could be sold to criminals inside and outside of the country, who can then gain easy access to your accounts.
Then there are the practical and time-consuming hassles. You might be advised to cancel and replace your cards, and you could spend many months keeping tabs on your statements for fraud. Of particular concern are debit cards, which carry fewer legal protections. If someone steals your debit-card information, even if the losses are restored, the thieves can still empty out your bank account and set off a cascade of bounced checks and late fees you'll have do deal with down the road.
Consumers Union, the policy and advocacy arm of Consumer Reports, is calling on policymakers and companies to provide stronger protections for your financial data. We recently testified at a Senate hearing in support of reforms such as federal data-breach legislation, and replacing our current crop of cards with smart cards that offer greater security.
The credit and debit cards used by most Americans are surprisingly vulnerable to fraud. Many rely on decades-old technology that criminals can easily penetrate. Other countries have made the switch to safer cards with so-called “chip and pin” technology. Each card has a computer chip that stores and delivers encrypted data, and you enter a PIN to authorize your transactions.
In the U.S., many companies have resisted the necessary upgrades to cards, point-of-sale terminals, and online systems. Some institutions have pledged to make the transition in the next few years, but we need a stronger commitment from all stakeholders to adopt this technology sooner.
Smart cards alone don’t address all the problems of data breaches. A federal standard to hold companies accountable for safeguarding your information must be established. We particularly need a requirement that says, when a breach happens, a company must quickly and efficiently notify every consumer who is personally affected by the breach. Companies must also be required to periodically assess whether their data security programs are able to address current threats.
Data breaches undermine consumer confidence in the marketplace. and they hurt consumers and businesses alike. Unfortunately, it took the recent series of breaches to get companies to commit to doing better.
We'll continue to help you get the protections you deserve.