Recently, Citi experienced a data breach that exposed credit card numbers and contact information of about 1% of its customers. When you consider CitiGroup has tens of millions of customers, you realize that’s a pretty big number. Citi says that it is contacting those who were impacted, but that could take a while. Meanwhile, if you have a Citi account, you might want to consider how to protect yourself.
What Should You Watch Out For?
If there is some good news in this, it’s that, by law, your liability for fraudulent credit card purchases is $50. (With debit purchases, many issuers offer limited protection, but you usually have to notify the issuer within two days if you want liability limited to $50. If you take too long, you could find your checking account drained — and no recourse.) However, it’s often better not to wait until a fraudulent purchase is made; you can call and ask for a new account number and a replacement card.
Citi officials say that security codes and expiration dates were not included in the data breach, so it will be difficult for others to make purchases over the phone or via the Internet. Instead, what you really need to guard against are phishing attempts made by fraudsters to get the information they are missing.
Instead of responding as directed in email (and even some snail mail) communiques, check the customer service number on the back of your credit card, or on one of your monthly statements. Call that number and ask for help with your account. If you want to visit the bank’s web site, enter the url directly into your browser, in a new window. The official url will be on your account statement.
Other Data Breaches to Come
This is good advice to follow in any case. Citi’s data breach wasn’t the first (my own information was compromised in Sony’s PSN data breach), and it certainly won’t be the last. You must assume that your information is going to be at risk. As a result, it is important to be vigilant.
Here are some things you can do to protect yourself:
- Change your online banking passwords regularly.
- Use different passwords on different accounts. After the PSN breach, there were reports of scammers taking the usernames and passwords discovered and trying them at major banking web sites. If you use the same username and password for each of your logins, all of your accounts are compromised if one is.
- Check your accounts for odd activity. You should reconcile your statements each month, but you can also check your accounts online to get a quicker idea of what is happening.
- Periodically check your credit report so you can catch ID theft sooner. The one free report you receive each year from the major bureaus via annualcreditreport.com may not be enough anymore — especially if your data has been accessed. If you are really concerned, you can get a credit freeze.
- Replace credit cards that might have been compromised.
- Never give personal information to someone who initiates contact with you over the phone. Remember that caller ID can be spoofed so that it appears you are getting a legit phone call, even when you aren’t.
- Contact financial institutions only directly, through official channels. Don’t simply hit “reply” to an email, or click on link in an email.
- Make sure that your connection is secure by checking for the “s” at the end of the “http” in the url.