Help

Connected Parent

Protecting Your Family From Credit and Debit Fraud

By Larry Magid - Wed Aug 6, 2008 3:10pm PDT
7 Comments
Post a comment

Protecting Your Family From Credit and Debit Fraud

As you may have heard, the Justice Department on Tuesday indicted 11 people for hacking into the networks of nine major U.S. retailers and stealing 40 million credit and debit card numbers.

If you or your family shopped at TJ Maxx, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 or DSW your information could have been included in this online heist.

The thieves broke into the stores’ wireless networks using a technique called “war driving” whereby they simply drive or walk by a store using special equipment to detect vulnerable wireless networks. Once in, they planted “sniffer” software which harvested credit and debit card numbers and sent them to the hacker’s own offshore servers. It was an international effort involving criminals in the U.S. and Eastern Europe.

As a consumer of these stores there is little you can do to protect yourself other than perhaps using only cash. But cash has an even greater risk of loss or theft, so I’m not suggesting you shred all of your plastic to protect yourself! Besides, federal law limits your liability if your credit card number is misused as long as you report the loss.

Protecting Your Family

It’s kind of scary when you think of it. You do everything you can do to protect your own PC and your own information—and then you hand over your credit card to a store whose network inadvertently makes it vulnerable to thieves.

You can’t control other people’s networks but it is a good idea to check your credit card and bank statements regularly to see if there is any loss. You should also get your free annual reports from all three major credit bureaus. The only free credit service authorized by the Federal Trade Commission is AnnualCreditReport.com.

You can protect your own wireless network by using encryption such as WPA (Wi-Fi Protected Access) that requires users to enter a password before accessing your network. The older WEP (Wired Equivalent Privacy) is not as secure as WPA and its newest iteration, WPA2. The WiFi Alliance has a tip sheet on wireless security that recommends you use the WPA2 standard. You can also turn off the broadcast of your SSID network name to make it harder for thieves to find your network.

In an podcast I did for CBS News, TrendMicro security expert David Perry said that stores with highly sensitive customer data such as credit card information should avoid wireless networking completely and use a more secure wired network. Kaspersky Lab’s David Emm agreed: “I guess you would see wireless networking as almost inherently more promiscuous so to speak than regular networks.”

Related: computer security, identity theft

« Previous The Internet DNS Flaw: What You Need to Know

Next » Did Your Family's PC Attack the Republic of Georgia?

Other Parents Say…

Showing 1-7 Comments of 7

Posted by Augustine Ufua Tue Aug 12, 2008 5:15am PDT

THIS IS TERRIBLE.

Report Abuse
Posted by Glenda Sat Aug 16, 2008 12:57pm PDT

Scary! It makes you want to go back to the days of cash only. At least my bank immediately put a hold on my debit card, I used it at barnes&noble, due to a fraud alert by Visa.

Report Abuse
Posted by cookie Tue Aug 12, 2008 5:41am PDT

What's SSID?

Report Abuse
Posted by Mary B Tue Aug 12, 2008 9:11am PDT

THE CREDIT REPORT IS NOT FREE!!!!!!!!!!!!!!

Report Abuse
Posted by Way Station 49 Tue Aug 12, 2008 9:11am PDT

After completing an almost 11,000 mile road trip last year, we were surprised to find so many hotels and motels which offer Internet access in the States DO NOT use a "password control" for controlling access to their Wi-Fi or hard line connections to the Internet. One of the "consistently best" of the hotel chains - which changed their password frequently is/ was the Hampton Inn chain. (We LOVED the Hamptons, by the way - for consistency in quality stays.) We have a list of restaurant chains and hotels we were impressed with - and ones that could use improvement (especially for Internet access reasons) - the latter we are in the process of informing the companies directly - "not selling or giving out the list" - for security reasons. Our point: If you plan to use Internet at a hotel/ motel or restaurant - "ask" about "password access" - and how "frequently it is changed". The other thing we found out - and likely the problem -makers have as well - as most days we could sit in a commercial parking lot, or on a residential street, and pick up some company's WIFI connection and log in without a password to find an address or such for something we needed. We loved it - but "reality" - common companies - we are the "good guys" - but if we could log in - who else is logging into your service for the intention of hacking? We even found WIFI "hotspots" at "rest stops" without password protection!

Report Abuse
Posted by mr.kee_jody Tue Aug 12, 2008 10:38am PDT

The credit report site allows 1 free report... not score ...for the year; not sure if it is the calendar year or 12 months per check. The SSID is a setting in your wireless router's configuration that allows you to name your router and network.

Report Abuse
Posted by ctease Wed Aug 13, 2008 9:17am PDT

It's just crazy to think how so many people are stealing our hard earned cash and plastic.....

Report Abuse