Just as the shock of the massive data breach at Target over the holidays has begun to wane, cybersecurity and other experts are warning consumers to brace for similar attacks in the coming year.
The breach at the mass merchant, which compromised card accounts and personal contact information for tens of millions of shoppers nationwide, "kind of takes your breath away," said Bill Hardekopf, CEO of the credit card marketplace LowCards.com.
"I think we are going to see more of this," he said. "This is what our culture is in for."
High-risk times for more strikes will be the next big shopping cycles that give hackers the potential for the biggest payoff, such as around Valentine's Day, Mother's Day, the back-to-school time frame and next Christmas, said Charles Wood, corporate security specialist and assistant professor of information systems management at Duquesne University.
Sign Up and Save
Get six months of free digital access to the Lexington Herald-Leader
Short of people chopping up their cards and filling their pockets with cash, consumers can take steps to minimize their exposure to future data heists, experts said.
First, shoppers should consider the additional risk that comes with using a debit card versus a credit card.
Thieves who get a hold of debit card data gain access to a person's bank account. And depending on the card issuer's policy, any money that comes out of the account may not be refunded right away.
"If someone's account gets drained, it may be tough to pay the bills in the next month," said Jody Farmer, vice president with the credit card comparison site CreditCards.com. "The inconvenience is potentially massive."
Big banks may provide a provisional credit to compromised debit card accounts within a day or so after a customer disputes a transaction. But federal law generally allows up to 10 days for the financial institution to investigate before making any refunds, said Gerri Detweiler, personal finance expert with the educational site Credit.com.
"In the meantime, your rent might be due," she said.
"In general, the more I'm hearing about data breaches, the more leery I am about using a debit card," she said. "I've seen people have $10,000 taken out of their account."
In contrast, if fraudulent charges are rung up on a credit card, it's the bank that's out of the money.
Despite the downside of debit cards, many people prefer them over credit, often as a way to help control spending because they can't run up big bills the way they can with credit cards.
For people who can't give up their debit cards, Detweiler recommends setting up two accounts, one for spending money "and the other to put your paycheck into so you aren't exposing all of your money to scamsters."
It's also important to check debit and credit card accounts frequently online for suspicious transactions and report them promptly to minimize any damage.
Pay attention to small transactions, not just the big ones, Hardekopf said.
"A lot of times thieves put through small amounts first to see if the account is still active," he said.
After notifying a financial institution about suspected fraud, it's also a good idea to follow up with a written complaint, Detweiler said.
Experts also recommend that consumers regularly check their credit reports for errors or unfamiliar accounts to help detect identity theft, the type of fraud where a thief may open new credit card accounts, take out loans or commit other crimes under someone else's name. For the victim, sorting out the mess can be a nightmare.
Federal law entitles consumers to free copies of their credit reports once every 12 months from each of the three main credit bureaus, available at AnnualCreditReport.com or by calling toll free 1-877-322-8228.
One strategy is to order a free report from one of the three main bureaus every four months, said Heather Murray, manager of education with the nonprofit Advantage Credit Counseling Service in Pittsburgh.
"By doing that ... you can catch identity theft sooner," she said.
Consumers should look for things like credit cards that they didn't apply for or bogus loans in their name.
The Federal Trade Commission's website, FTC.gov, is a good source of information on ID theft, Murray said.
In the Target data breach revealed Dec. 19, which ranks as one of the worst ever, hackers stole credit and debit card numbers, expiration dates and CVV codes, which are the three- or four-digit numbers on the back or front of cards used for additional verification. The thieves also captured names, addresses, email addresses and phone numbers, which could raise the chances of ID theft. The theft of the personal contact information was disclosed more recently, on Jan. 10.
Many banks and other card issuers have contacted customers who shopped at Target during the Nov. 27 to Dec. 15 time frame to cancel and replace their existing cards. Shoppers who haven't been contacted should call their card issuer and insist on a new card, especially if they used a debit card, experts said.
"If I had shopped at Target with my debit card during that time, I would do that," Farmer said.
At the minimum, shoppers should be closely monitoring their accounts for fraudulent transactions, experts agreed.