The Times Herald (Norristown, PA)

The one thing you should do now to protect yourself if you have a Capital One credit card

WASHINGTON » Another day, another major data breach. But there is one thing that you should do now to put up a serious roadblock for identity thieves.

Before I get into this strategy, here’s a recap of the past week.

Capital One Financial Corp. disclosed Monday that a hacker was able to access the personal informatio­n — names, addresses, phone numbers, email addresses, dates of birth and selfreport­ed income — of more than 100 million customers in the U.S. and 6 million more in Canada. The breach included informatio­n on not just the bank’s current customers but also people who had applied for its credit card products.

Additional­ly, 140,000 of Capital One’s customers had their Social Security numbers stolen, and about 80,000 bank account numbers linked to Capital One secured credit cards were compromise­d.

This breach comes within a week of the Equifax multimilli­on-dollar settlement for failing to protect the personal data of about 140 million of its consumers.

Each breach is a reminder that you need to take various steps to protect yourself. But I’d like to go over some of the recommenda­tions and point out where the action still leaves you exposed to fraud or identity theft.

• The action: Sign up for credit monitoring. “We will make free credit monitoring and identity protection available to everyone affected,” Capital One said in a statement.

The Color Of Money

Why you’re still vulnerable: Credit monitoring is like putting a Band-Aid on a deep cut. It provides some relief, but the protection comes after the injury.

I am guarded by two credit monitoring services, courtesy of two major data breaches that affected my personal data. And yet, I’ve had four incidents of fraud this year alone. Monitoring alerts you to something nefarious only after it’s happened.

• The action: Monitor your accounts. Sign up for alerts on all your accounts.

Why you’re still vulnerable: Most recently, thieves were able to make $200 worth of fraudulent purchases on one of my credit cards in just seconds. I had an alert set. But I couldn’t freeze my credit card soon enough. The charges were processed, and I spent a few days dealing with the fallout.

The fraud incident happened a week before my bill was due. I always pay in full. The customer representa­tive told me to just make a payment for what I legitimate­ly owed minus the fraudulent charges. But here was the problem: I would be charged interest on the remaining balance. I was assured the interest charges would be reversed once the fraud investigat­ion was complete.

No, ma’am, I told her. That would mean additional worry and time spent making sure the interest fees were removed. After a few more calls, the charges were removed before my bill due date.

• The action: Change your passwords often. It’s a pain but we have to do this.

Why you’re still vulnerable: If the crooks get your email address and other personal informatio­n, they could still get around protection protocols. For example, a security question might ask you to verify that you have or had in the past a certain credit account. This is precisely the informatio­n stolen in the Capital One breach.

• Set up two-factor authentica­tion. Again, this is a vital level of security.

Why you’re still vulnerable: Your credit card account can still be compromise­d in spite of having it.

There is one step that is notably strong in protecting you against fraud.

“Most of the data that the average consumer thinks is private is in fact not, and is available for free online in various databases or for sale in the undergroun­d,” said Brian Krebs, author of the security blog krebsonsec­urity.com. “The only sane response to the fact that the bad guys already have access to all the informatio­n they need to hijack your identity is a credit freeze.”

A law enacted last year gives consumers the right to a free credit freeze, also known as a security freeze, at all three major credit bureaus — Equifax, Experian and TransUnion. You can learn how to place a freeze at these bureaus on the Federal Trade Commission’s website: ftc.gov. Search for “Credit Freeze FAQs.”

With a freeze, the credit bureaus can’t release any informatio­n for new credit accounts without your permission.

But I have to warn you: A credit freeze isn’t foolproof. There are quite a few exceptions as to who can still view your files. For instance, financial companies with whom you currently do business — or to whom you owe money — can still see your files.

“Credit freezes don’t work for noncredit ID theft, such as tax or medical ID theft,” said Chi Chi Wu, staff attorney at National Consumer Law Center.

Even with its limitation­s, a freeze is a barrier that’s worth putting in place to ice out criminals capitalizi­ng on these data breaches. Readers can write to Michelle Singletary c/o The Washington Post, 1301 K St., N.W., Washington, D.C. 20071. Her email address is michelle.singletary@ washpost.com. Follow her on Twitter (@Singletary­M) or Facebook (www.facebook. com/MichelleSi­ngletary). Comments and questions are welcome, but due to the volume of mail, personal responses may not be possible. Please also note comments or questions may be used in a future column, with the writer’s name, unless a specific request to do otherwise is indicated.