Data breaches are becoming more common, say security experts.
GettyLast Friday, the restaurant group Earl Enterprises confirmedthat over two million credit cards were compromised in a breach affecting diners at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy! and other restaurants between May 2018 and March 2019.
The company found out when security analyst Brian Krebs notified the chain that its customers' credit and debit cardnumbers were being sold on the dark web. (Krebs's blog post on how he discovered the breach isa must-read.)
Take it as yet another wake-up call. Last summer, a report by the Identity Theft Resource Center found that1.7 million Americans' banking, credit or financial recordswere compromisedat some point in just the firstsix months of 2018.
For travelers, breaches have become commonplace in the past five years, with notable hacks at hotels like Marriott, Hyatt, Hilton and InterContinental Hotel Group; airlines such as Cathay Pacific Airways, Delta Airlines, British Airways and Air Canada; restaurant chains like Wendy’s and Chili’s; and let's not forget Uber.
“It really speaks to an endemic problem inside of modern corporations that they're not handling users’ data well,” says Max Eddy, who writes about cybersecurity forPCMag. “Since there have been no real costs associated with these data breaches, these companies have no incentive to change their behavior.”
Senator Elizabeth Warren (D-MA) appears to agree. Yesterday, the 2020 Democratic presidential candidateintroduced new legislationthat would make it easier tohold executives of corporations that make more than $1 billion accountable when they “negligently permit or fail to prevent a violation of law” that results ina percentage of Americans’ “health, safety, finances or personal data” being breached.
“It's really important to stress here that the victims are not at all at fault," says Eddy. “This is 100 percent due to a failure on the part of the company.”
Even so,this breach presents atimely opportunity forconsumers to reassess their own level of risk. Here’s what you can do to minimize the chanceof your information getting swept up in a future breach:
Mobile wallets hide your actual credit card numbers, so they are never exposed in a breach.
GettyEmbrace the mobile wallet.
Mobile wallets have been around for a while now. But according to a February 2018 survey of US internet users byCivicScience, only 1percent of respondents use mobile payments as their primary payment method. About half of respondents citedsecurity fears asthe leadingreasonfor notusing a mobile wallet.
Those consumers have got it backward. Mobile pay systems–Apple Pay, Google Pay (formerly Android Pay), Samsung Pay and others – are more secure than other payment methods. Which one you adopt will depend largely on the smartphone you carry: iPhone users would use Apple Pay, Android users would use Google Pay and Samsung device users can use either Samsung Pay or Google Pay.
“Regardless of which mobile payment you use, the key is a process known as tokenization,” says Eddy. “When you load your credit or debit card onto one of these services, it takes your card information and creates a virtual credit card number. When you go to make a transaction, the virtual number is used instead of your actual number.”
That’s important in the case ofa data breach, because a hacker would only get the virtual number. “Your actual credit card number would remain safe,” says Eddy.
One obstacle to using mobile payment systemsconsistently is simply that they are still not ubiquitous.
Apple Pay, the most widespread mobile contactless payment system, is available at 74 of the top 100 merchants in the US and 65 percent of all retail locations across the country. The list of merchants that accept Apple Pay includes about a dozen chain restaurants, including Chick-fil-A, Dunkin’ Donuts, KFC, McDonald’s, Panera, Pizza Hut, Starbucks, Subway and White Castle. In January, Apple announced that Apple Paywould soon roll out to more than 7,000 Taco Bell and 2,200 Jack in the Box locations.
Meanwhile, Google Pay is accepted at chains such as Chick-fil-A, Dunkin’ Donuts, Jamba Juice, Jersey Mike’s Subs, KFC, McDonald’s, Panera, Subway, White Castle and more.
That’s fabulous if you eat exclusively at chain restaurants, but we’re still a very long way from being able to use Apple Pay or Google Pay at everyrestaurant and shop in the country.
Pay with a credit card.
While not as secure as a mobile wallet,a credit card embedded with a microchip is the next best option.
“With a credit card, you can go directly to the credit card provider and say, ‘Hey, there's a fraudulent charge and I need that resolved,’ and they'll take care of it almost immediately,” says Eddy.The FTC has a good primeron what to do if you think your credit card number has been stolen.
Thechallenge is that it can be difficult to determine if and when your cardhas been compromised.With the recent breach involving Earl Enterprises restaurants, it took someone outside the company to notice suspicious activity on the dark web.
As Krebswrites in his blog post, “Cardholders are not responsible for fraudulent charges, but your bank isn’t always going to detect card fraud. That’s why it’s important to regularly review your monthly statements and quickly report any unauthorized charges.”
It's time for consumers to embrace mobile wallets.
ApplePay with cash.
Cash is always a solid choice, but Americans have been ditching paper money for a while now. According to the Pew Research Center, roughly three in 10 Americans make zero cash purchases in a typical week.
And in a2017 U.S. Banksurveyof more than 2,000 Americans, half of respondents said they carry cash with them less than half of the time they are out. Of the half that carry paper money, 76 percent said they keepless than $50on hand. Nearly 50 percent carry less than $20.
Worstoption: Pay with your debit card.
Inthe CivicSciences survey, about half (47%) of respondents said they used debit cards for most purchases, making it Americans' favorite payment method. That's not good.
Since your debit card is linked directly to your bank account, a compromised card number puts your entire bank balance at risk, at least in the short term. “Do notpay with your debit card,” says Eddy. “While you will get your money back for a fraudulent charge, it's just much more difficult.”
Looking for a breach-proof way to use your debit card? Load it into a mobile wallet like Apple Pay or Google Pay, and make a point of replacing your bad habit with amuch better one.
