The Quad-Cities, like the rest of the U.S., is at the height of shopping season, and police say with that comes more risk of identity theft.
According to The Identity Theft Resource Center, in 2017 there were 1,579 data breaches nationwide, exposing nearly 179 million records. That’s a 44 percent increase in the number of breaches from the year prior and a 389 percent increase in records exposed.
The report says the number of credit card numbers exposed in 2017 was 14.2 million, up 88 percent from 2016. Additionally, nearly 158 million Social Security numbers were exposed in 2017, a more than eight-fold increase from 2016.
So how do these thefts keep happening, and what can you do during the holiday season to keep your financial information secure?
Michael Griffin, detective with the investigations division at Moline Police Department, said much of the identity in Moline involves direct theft.
“While shopping in stores, always keep your wallet/purses or credit/debit cards with you,” he said. “Never them leave unattended in a shopping cart or in store.”
Additionally, shoppers at stores and malls should not leave purses or wallets unattended in a vehicle.
“Several times a week, we will have victims leave their purses on the front seat of their cars, which attracts thieves who break in and take the purses, then go and ring up thousands of dollars on cards before the crime is reported,” Griffin said.
Corp. Hank Jacobsen, Davenport Police Department, agreed.
“This happens more often than what you’d think,” he said. “Make sure you take inventory of your purse or wallet. Throw the junk out.” The sooner you find out what’s missing, the better, he said.
He added thieves also use another simple method: Taking checks out of your mailbox where they have been left to be picked up by a mail carrier. “Don’t place outgoing mail in your mailbox. Go to the post office,” he advised. Many times, that outgoing mail is a check for a credit card bill. “Now they have your credit card and bank information.”
According to the Internal Revenue Service and Security Summit partners, unprotected public Wi-Fi hotspots in malls or at holiday events can give thieves access to transactions. Shoppers shouldn’t engage in online financial transactions while using unprotected public Wi-Fi.
“If you check your email, they can get your password,” Jacobsen said.
Use authentic online retailers
Usually, websites that have an ”s” in “https” at the start of the website URL, rather than just “http” are secure. Look for the “lock” icon in the URL bar, the IRS says. Still, some criminals obtain a security certificate, so the “s” may not vouch for the site’s legitimacy. Be careful about buying anything from an unfamiliar site or via links from pop-up ads.
For online shoppers, “We always like to remind everyone to use only reputable websites to purchase online items. If it’s too good to be true then it probably is,” Griffin said.
“We do see ‘skimmers,’ devices that can copy information from debit or credit cards when you swipe them,” Jacobsen said. The devices can be placed the machines where you swipe your card. “It has happened here locally,” Jacobsen said.
A skimmer, according to creditcards.com, can be created with a 3-D printer to create a new keyboard to put on top of the real one. It might look different from the rest of the ATM, or its keys could be bigger.
To put a skimmer inside a fuel pump, criminals must open the fuel dispenser door to insert it. The device then can steal information off the magnetic stripe of your credit or debit card.
Recognize “phishing” emails
You may receive an email that suggests a password is expiring or an account update is needed, according to the IRS. The goal is to urge you to open a link or attachment that may take you to a fake website that will steal your username and password. An attachment can even download malware that tracks keystrokes.
The IRS reports an uptick in these schemes this year.
“The stuff looks real,” Jacobsen said.
Data breaches and public information
Hackers can access credit card data through radio-frequency identification, or RFID, when credit cards have RFID sensors, said Tracy Skaggs, director of Technical Services, DCS Computer Services, Davenport.
On a larger scale, data breaches, which happen when someone hacks into a corporation or company, can hurt businesses and millions of consumers.
Globally, the average total cost to a company of a data breach is $3.86 million, according to a Ponemon Institute study. Under Armour, Marriott and Facebook are among the businesses recently affected by data breaches.
“There have been so many massive data breaches that anyone who’s ever done anything online or purchased anything at a store and didn’t pay with cash, should consider their ‘private’ information isn’t private,” Skaggs said.
Skaggs said most personal information, including names, addresses, phone numbers, vehicles, names of friends and email addresses, is available publicly.
“This information, coupled with a few phone calls, stealing a bit of mail, hacking into email accounts, and so on, and the bad guys have all they need,” he said.
“It’s a con game,” he said. All someone needs to do is create a modicum of trust from a bank, a credit card provider, an email provider, an employer or family member, to obtain another piece of your identity “or to ‘earn’ a financial benefit,” he said.
What you can do
Sometimes, cardholders buy blocking products, such as cards that are placed on top of the credit card, to block theft, Skaggs said.
“Many credit and debit cards in the United States are not contact-less and therefore the protection sleeves won’t help, although they do help to keep the cards shiny and scratch-free,” Skaggs said.
“The sleeves are effective only for cards which contain (certain kinds of) chips,” Skaggs said. The sleeve creates a shield to protect the chip from being read.
Most credit and debit cards have fraud protection, so consumers should monitor charges and be ready to dispute them. If a provider doesn’t reverse the charges immediately, find a different provider, Skaggs advises.
- Monitor your credit scores (free and easy online and with mobile apps)
- Never use the same password across accounts
- Use a password manager
- Change passwords frequently
- When possible enable multi-factor authentication for online accounts
- Cancel accounts you don’t use anymore
- Subscribe to identity protection services
“Get educated,” Skaggs said. “In the end, it comes down to exercising discretion and good judgment,” he said.