Data breach a reminder to watch credit, debit cards

By Russ Van Arsdale, Executive Director, Northeast Contact
Posted Feb. 20, 2011, at 8:48 p.m.

The news last week of another data breach made everyone in Maine who uses credit or debit cards think twice.

Surely the several thousand people who made purchases at Day’s Jewelers stores in Maine last November and December were concerned. They were assured that they had done nothing wrong, nor had the various credit unions where consumers had their credit or debit accounts.

We all took a second look at our accounts once news of the breach broke. One consumer from eastern Maine, a recent Day’s customer, wrote us saying that someone from a company billing itself as a fraud detection firm called her on Sunday to check on suspicious charges. When she was asked for the last four digits of her Social Security number, she promptly hung up.

To which we say, “Bravo.” The Maine Credit Union League says no credit union would ask such a question. We believe no credit card issuing or fraud detection company should ask for such information by phone or e-mail. And no consumer in his or her right mind should ever give it out to a caller or e-mailer he or she almost certainly had never met.

The reason is painfully clear to anyone who has been the victim of identity theft. When thieves have the last four numbers of your SSN, they’re well on their way to stealing your identity.

Those last four numbers are issued sequentially; it’s luck of the draw. The first three are a kind of area code, indicating where you were when first requesting your SSN. The middle two numbers are some sort of group ID, and while they’re a little more difficult to figure out, many persistent thieves have done so.

Some businesses still use the “last four” as a customer ID number, and some are adamant about the practice. Another consumer told us a large communications firm told her, in essence, “no Social, no response” when she asked for service. Other companies have been more accommodating, and it may take a number of consumer complaints to change the policies of the stubborn ones.

The Maine Credit Union League’s advice to members is worth heeding by all consumers:

• Monitor and review accounts on a regular basis and report any unusual charges and activity.

• Be warned of possible scams, and don’t give out any personal information by phone or e-mail. If you receive a call from someone claiming to be from your credit union asking for account information, hang up, and call back using the number on your account statement.

• If you did respond to such a solicitation, contact your financial institution directly using the phone number provided by your financial institution.

• Choose a unique PIN that does not contain the “last four” or other information thieves might know.

• Don’t deposit fraudulent checks from Internet sources; once they’re found to be bogus, you’re stuck.

• Report any suspicious solicitations and activity to your financial institution and local authorities.

• Review your credit reports to make sure all information is accurate, and get it corrected if it is not.

You’re entitled to a free credit report from each of the three major reporting companies each year. We suggest rotating among them, so you get one every four months. Visit http://www.maine.gov/pfr/consumercredit/credit_report.htm for details.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s membership-funded, nonprofit consumer organization. Individual and business memberships are available at modest rates. For assistance with consumer-related issues, including consumer fraud and identity theft, or for more information, write: Consumer Forum, P.O. Box 486, Brewer 04412, go to http://necontact.wordpress.com, or e-mail at contacexdir@live.com.

http://bangordailynews.com/2011/02/20/business/biz-beat/data-breach-a-reminder-to-watch-credit-debit-cards/ printed on December 28, 2014