By Linda Stern
WASHINGTON (Reuters) - By now you know that 40 million credit card account numbers are flying around the underground economy.
They were set free when hackers implanted a virus in the computers operated by CardSystems, a Tucson-based credit card processing firm, and they were actually let loose way before consumers were let in on the breach recently.
It was the latest in a series of security flubs from companies including ChoicePoint, which collects and supplies financial data, DSW Shoe Warehouse and others. It revealed that consumers could not only lose their financial identities, they could be in the dark about it.
It took almost a month from the time CardSystems said they discovered the breach until the public was made aware. Somebody could be using your credit card right now, and how would you know it?
"This news is just the tip of the iceberg," said Beth Givens, director of the Privacy Rights Clearinghouse, a California-based consumer information and advocacy organization.
Yet Givens and others do not believe consumers should panic. Instead, they should seek to maintain that careful balance between recognizing the possibility of identity theft without overreacting and denying themselves the convenience of credit card shopping.
"Consumers should not at this time be canceling card accounts as a preventive measure," said Givens.
Here's how to protect yourself without going back to a cash-only lifestyle:
-- Don't panic and don't stop using your credit card or shopping online. Credit cards come with two levels of protection: Federal law prohibits consumers from losing more than $50 to theft or fraud, and the card issuers step in and cover that $50. If your card number does get stolen, you won't be out any money. Your issuer can give you a new number.
-- Don't wait to get your statement to see if your card is being used. If you haven't already set your credit card accounts up for online and phone access, do so. Then you can go online between statement dates and check to make sure nobody else is posting charges to your account.
-- Look for small, inconsequential charges. Most credit card thieves test the card with a small purchase to see if it works.
-- Control your own paperwork. Most credit card thefts do not occur when techies figure out how to hack your card company. They occur when retail employees or shoppers pull carbons out of trash cans or find payment stubs and the like. Keep control of your receipts and keep control of your cards.
If you lose the actual plastic card, check to make sure that you aren't being charged for gasoline you didn't buy. Many card thieves make their first purchase a pay-at-the-pump gasoline buy; that way if the card gets rejected they can hop in their car and leave without talking to a cashier.
-- Consider giving up your debit card. Those debit cards which look like VISAs and MasterCards and do not require a pin number, can be dangerous. That's because they draw directly from your checking account. And while the banks that issue them tend to guarantee that they will indemnify you from fraud and will replace any lost money within hours, it can still take some time to clear up the account. While it does, you can be bouncing rent checks, car payments and anything else that comes out of your checking account.
"I've talked to people where the institution doesn't believe them and the funds take a month," says Givens. "Frankly, I don't advise using debit cards."
If you have good credit and financial discipline, you can just use a credit card for your everyday purchases and then pay that off once a month from your checking account.
-- Check your credit report. Unless you live in the Northeast, you can already get one free credit report a year. On September 1, even Northeasterners will be eligible. Find it atIf someone has used your card, it might show up in extra inquiries or mistakes in your credit report.
-- Read your mail. At least one California lawyer, Ira Rothken, is trying to make a class-action suit out of the recent security breach. If you are a member of a class that has been wronged, you should receive notification. Even if you're not in a position to join a suit, you might get notification from your bank about security breaches or new procedures.
Linda Stern is a freelance writer. Any opinions in the column are solely those of Ms. Stern. You can e-mail her at firstname.lastname@example.org
Copyright 2005 Reuters Limited.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at. Hundreds of new articles daily.