Data secured within large retail computer networks isn't always so secure. Hardly a month goes by without news that hackers have been able to get into a major network, compromising credit and debit card information.
Arby’s, Intercontinental Hotels Group, Kmart, Brooks Brothers and Chipotle are a few of the companies that have reported data breaches so far this year.
While these companies are doing everything they can to increase the security of their networks, consumers can also take steps to make their individual cards safer. Sometimes, that means leaving them in your wallet.
Gary Warner is director of the Center for Information Assurance and Joint Forensics Research at the University of Alabama at Birmingham. He says consumers who have a card with a chip should never swipe it at a terminal.
Never swipe a chip card
While the new chip protocol has been in place for two years now, not all retail locations have made the expensive transition. You might find, for example, a store might request you swipe a debit card, even if it has a chip.
Warner says you shouldn't use your chip card if you can't insert it into a chip reader. If you swipe it, the terminal takes the information off the old fashioned magnetic strip, which can be intercepted if the network has been infected with malware.
“It is theoretically impossible to copy the computer chips that have been added to credit and debit cards,” Warner said. “However, if you are swiping for purchases with your chip card, criminals don’t have to worry about the chip because they can use the information from the magnetic strip on the back to make a duplicate copy of the card."
Use a signature instead of PIN
If you can't insert your chip card, Warner says you should leave it in your wallet and pay with cash or a check.
If swiping your debit card is the only option, Warner suggests completing the transaction as though it was a credit purchase, not a debit card. That way, you'll be asked to sign your name and not punch in your PIN. Entering your PIN on an infected terminal gives a hacker entry to your bank account.
Finally, be leery of an email that informs you about a data breach. Because consumers worry about their data being compromised, hackers capitalize on data breach publicity by sending phishing emails to millions of people.
The email will direct you to a fake website that may ask you to enter sensitive information, such as a user name and password.
If you think there's a chance the email could be legitimate, don't click on any link it provides. Instead, go to the company's main website, where you will find information about any data breach that has occurred.