Target data breach: Not much fraud -- yet
Given the number of accounts compromised, why don't all of us know lots of people whose accounts have been misused?
This post comes from Bob Sullivan at partner site Credit.com.
With 40 million stolen credit and debit card accounts used at Target floating around in cyberspace, you'd think everyone would know someone hit by credit card fraud by now.
Not so. Not yet, anyway. In fact, according to one fraud-fighting company, there’s little sign of an increase of fraudulent charges among Target breach victims. What gives?
There's a difference between having your account number compromised and actually being hit with credit card fraud. One often leads to the other, but not always. At least, not right away.
BillGuard is a third-party service that lets consumers register their credit cards, then uses software to scan bills for fraud. Mick Weinstein, vice president of marketing at BillGuard, says 32,000 BillGuard customers were among those whose account info was stolen in the Target card heist -- meaning they used their cards at the retailer during the nearly three-week stretch when hackers were siphoning off the card numbers.
Among those 32,000 accounts, about 2 percent were hit with fraud by the end of last week, Weinstein said -- almost exactly the same fraud rate as a control sample of BillGuard customers who weren't Target victims.
That suggests there isn't widespread fraud hitting Target victims, at least for now. Of course, there have been anecdotal reports of fraud against Target victims; and only bank security officials really know what's going on. But it seems a fraud outbreak hasn’t occurred. Why?
One possible explanation is bank and retailer back-end fraud systems are dialed so high that most of the attempted fraudulent transactions are being foiled, and consumers are blissfully unaware of that. However, selective rejection of transactions is very tricky, and criminals are pretty good at masking fraud to look like routine consumer transactions.
Another explanation is that banks have canceled or replaced many impacted cards, making them useless for fraud. However, banks are using a mixture of strategies to help exposed customers, so there certainly haven't been across-the-board cancellations.
That makes sense: Reissuing cards is a hassle, and costs the banks real money. So many banks are taking a wait-and-see approach.
But so are the criminals.
Hackers know their cache of stolen cards is under the fraud spotlight right now. There's no mystery around the compromised account numbers -- by now, every fraud-screening program has them loaded onto some kind of watch list. So bad guys with the "good" numbers likely plan to wait out the heightened attention.
"This was a very high profile breach, so the thieves -- or those to whom they sell accounts in bulk -- see more value in biding their time and waiting for card owner victims to lower their fraud sensitivity guard," Weinstein said.
Credit card hackers routinely sit on stolen account numbers for months -- or even a year or two -- before attempting fraud. Eventually, banks' and retailers' focus on the Target cards will wane, as will the paranoia that consumers feel in the wake of the hack announcement. After all, there will be other credit card heists, and other incidents that require attention. Criminals with millions of stolen account numbers can afford to wait.
What does this mean for you? What does this mean for you? Now is no time to declare victory or end vigilance. Use your bank's website to scan for unexpected charges at least once a week for the next several months. It only takes a few moments. And don't forget -- another common credit card hacker technique is to sneak small charges, often under $10, past banks and consumers. Hitting 10,000 cards with a $10 fraud is easier than hitting 10 cards with a $10,000 fraud. Your bank could very well miss such low-dollar fraud, and if you miss it, too, you'll pay for it.
(Note: A sudden drop in your credit scores can be a sign of identity theft. To monitor your credit scores in the long term, you can use a free tool like the Credit Report Card to check two of your credit scores each month.)
More from Credit.com:
Copyright © 2014 Microsoft. All rights reserved.
Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.
ABOUT SMART SPENDING
LATEST BLOG POSTS
Occupy Wall Street bought and forgave the student loan debt of more than 2,700 Everest College students.
VIDEO ON MSN MONEY
BLOGS WE LIKE
MUST-SEE ON MSN
- Video: Easy DIY smoked meats at home
A charcuterie master shares his process for cold-smoking meat at home.
- Jetpacks about to go mainstream
- Weird things covered by home insurance
- Bing: 70 percent of adults report 'digital eye strain'