In the wake of the Target data breach, the retailer announced that it would provide credit monitoring from Experian to the customers affected by the breach.
With the number of consumers impacted by the breach now at 70 million, Target might be wise to do two things:
- Just acquire Experian (or some other credit monitoring firm) altogether, as the amount they will have to pay out for the service might make an acquisition a more attractive alternative.
- Change its name.
Enough advice for Target. It doesn’t deserve my help. It took me five days to get through to them to cancel my Target card. Nope, couldn’t do it online, and couldn’t even do it in-store. Screw you Target for causing me to waste so much time trying to get through to you. And oh yeah, thanks for not responding to any of my tweets. If Hillary Clinton can have a hate list, so can I. And Target is on it.
The real advice in this blog post is for banks and credit unions.
Sorry that falls on you bankers and credit unionistas to do this, but you guys are the ones who will have to provide some consumer education here.
Specifically, on the differences between credit monitoring and transaction monitoring. Credit monitoring is good, and it’s needed, but it isn’t anywhere near a complete solution to protecting consumers’ card-related information.
Mick Weinstein, the new CMO at Billguard explains the difference better than I could:
“Credit monitoring services don’t function on the transaction level, so if someone actually uses your credit card in the period soon after it’s stolen, the credit reporting agencies simply won’t notice it. Credit monitoring services would notice someone trying to issue a new credit card in your name, and they’ll try to track your card number on the black market, but they have zero visibility into specific transactions. And it’s those fraudulent charges that you need to be on the lookout for right after a security breach.”
In addition to providing education to consumers on the differences between credit and transaction monitoring (and the limitations of the former), banks and credit unions should actually look into providing BillGuard services to their customers/members.
In an Aite Group report I published in July 2013, I found that:
“Grey charges–deceptive and unwanted credit and debit card charges that occur as a result of misleading sales and billing practices–total more than US$14 billion per year among U.S. cardholders, roughly US$215 per cardholder incurring these charges. Though grey charges aren’t technically fraudulent, they present a dilemma for credit and debit card issuers: generate interchange fees from grey charges or incur service-related expenses when cardholders dispute charges.”
Would be nice if Dick Durbin looked into the impact of his eponymous amendment and realized that the reduction in interchange fees have pretty much been pocketed by retailers and merchants whose data security processes and capabilities are sorely lacking.
Target will provide one year’s worth of credit monitoring to customers impacted by the breach. What happens after that? Does the threat go away in just 12 months? Of course not. The credit monitoring firm will look to the consumer to pay for the service after the first year.
What Durbin and his merry band of useless Congresspeople ought to do is require Target to provide FIVE years worth of credit and transaction monitoring services to impacted consumers.
But don’t hold their breath waiting for that. In the mean time, banks and credit unions should inform customers/members on what additional steps they can take to monitor the use of their cards and personal information.