4 questions about Target's free credit monitoring
Go Deeper.
Create an account or log in to save stories.
Like this?
Thanks for liking this story! We have added it to a list of your favorite stories.
Target began offering a free year of credit monitoring yesterday in an attempt to reassure customers who are concerned about the company's massive security breach.
The credit monitoring is provided through Experian, one of the three major credit reporting agencies. MPR News' Cathy Wurzer interviewed Ed Mierzwinski, consumer program director for U.S. PIRG, the federation of state Public Interest Research Groups.
Below is a transcription of their conversation, edited for length and clarity.
WURZER: Do you think credit monitoring is a valuable service?
Turn Up Your Support
MPR News helps you turn down the noise and build shared understanding. Turn up your support for this public resource and keep trusted journalism accessible to all.
MIERZWINSKI: I think credit monitoring is an overrated service that is aggressively sold by Experian and the other credit bureaus, and it's used as a soporific way to kind of convince consumers that everything is OK. I would never pay for it. Never in my life would I pay for credit monitoring.
But I understand Target is going to provide it for free, and it is not going to have an automatic renewal in the end. So in those circumstances, I'd take it for peace of mind, but it's not the first thing I would do after a data breach.
WURZER: What would you do?
MIERZWINSKI: The first thing I would do is look at my statements on a more regular basis than I usually do. Look at them online, whether they're credit cards or checking accounts, and look for odd payments. Look for something you didn't buy that looks suspicious. And contact the bank if that happens. That's the very first thing.
Second, any consumer who can avoid credit card debt should just simply use credit cards online and at the store. Debit cards are inherently dangerous. Even if the bank honors its zero-liability policy, you're still missing money out of your account. You could have other checks bounce. You could have cash flow problems. It makes no sense to use a debit card if you can qualify for a credit card and avoid credit card debt.
WURZER: If you happen to have a credit monitoring alert on your credit card, which alerts you if someone attempts to set up credit in your name, does that seem to work pretty well?
MIERZWINSKI: Credit monitoring does not prevent identity theft, and it does not raise your credit score. Credit monitoring warns you early that it's already happened, in most cases. Because credit is instantaneous. The bad guy can get credit pretty quickly, you're warned pretty quickly with credit monitoring, but it's not a great thing.
I recommend to consumers that they use their own, do-it-yourself credit monitoring. You're allowed by law a free copy of your credit report from each of the three credit bureaus annually. Why not get one every three or four months?
WURZER: Of the information that was reportedly stolen from Target, what's the most damaging to a customer?
MIERZWINSKI: The information from Target that was first reported stolen contributes to fraud on your existing accounts -- your credit card number, your expiration date, and the security code from the back of the card can be used to do fraud on your existing accounts.
But then it was later reported that in addition, your pin number was taken, although they claim that it was encrypted, pin numbers are very short and easy to hack or to crack and figure out. And if the pin numbers were taken, they could be used to get money right out of your bank account. If you've got the pin number, you can create a cloned card, and take money out of a bank account at an ATM machine.
The third level, on Friday, is that they admitted that names, addresses, email addresses, phone numbers, a lot of information about you was also leaked. That information does not cause identity theft. You need a social security number and birth date to cause identity theft. But, what that information does do, if they've got your email address and your phone number, they can try to get you to give up the other information that they need. They'll call you on the phone and pretend to be from the bank. They'll send you an email with an exploding attachment that's designed to capture all the information on your computer.
So, I think that we've just found out that Target's problem is not just fraud on existing accounts, it's potentially identity theft by these phishing techniques of calling you on the phone. Phishing is what it's called, or social engineering to get information from the customer.