Business Bureau has some suggestions for consumers concerned that their credit or debit cards may have been compromised by a data breach.
• Stay calm. Consumers are not liable for fraudulent charges on stolen account numbers.
• Check with the website of the company that was breached for the latest information. Type the company name directly into your browser. Do NOT click on a link from an email or social media message.
• If a credit card has been compromised, you will likely hear from the bank or card-issuer first. If you have questions, call the customer service number on your card.
• Consider putting a credit freeze or fraud alert on your credit reports with the three major credit reporting agencies (go.bbb.org/creditfreeze). A credit freeze will prevent anyone from accessing your credit report or scores. This means you cannot apply for new credit without lifting the freeze. A fraud alert flags your account but does not automatically halt new credit being opened in your name.
AnnualCreditReport.com is the only website authorized by the Federal Trade Commission to provide you with a free annual credit report. Be wary of ads, emails, and social media messages for other services. Everyone should check their credit reports annually, whether or not they have been the victim of a data breach.
• If your credit card(s) has been breached:
– Monitor your credit card statements carefully (go online; don’t wait for the paper statement).
– If you see a fraudulent charge, report it to your bank or credit card issuer immediately so the charge can be reversed and a new card issued.
– Keep receipts in case you need to prove which charges you authorized and which ones you did not.
• If your debit card has been breached:
– Do all of the above as for credit cards, but pay very careful attention to your account. Debit cards do not have the same protections as credit cards and debit transactions withdraw funds directly from your bank account.
– Contact your bank for more information, or if you want to preemptively request a new debit card or put a security block on your account.
• Beware of scammers who may purport to be from the retailer, your bank, or your credit card issuer, telling you that your card was compromised and suggesting actions to “fix” the problem. Phishing emails may attempt to fool you into providing your credit card information, or ask you to click on a link or open an attachment, which can download malware onto your computer.
For all businesses that collect customer information:
• Make sure you protect your customers’ data. Data breaches can happen to any business.
It was all about a quick lunch at Sonic in Great Bend. That’s how Laura Mason became one of millions of Sonic customers nationwide sucked into a massive data breach of the Oklahoma City-based drive-in fast-food chain.
On Sept. 26, Mason pulled into the restaurant, ordered cheese sticks and paid with her debit card. That same day, Sonic confirmed a possible data breach.
“It kind of makes you think about things,” she said after being notified by her bank Tuesday about her debit card number being snatched.
Tuesday morning, Mason said she had a phone message from Plains State Bank’s main office about a problem. She checked her account and everything looked normal.
When she called back, she was informed that her card had been turned off and that it had been compromised. Fortunately, “there had not been any illegal activity on it,” she said.
When the bank ran a routine report, it came up that her card was involved in the data breach. There are two cards on the account, but only one was affected.
“It seems hit or miss on what cards are targeted,” Mason said.
Mason said she shops online routinely and has never had an issue. Who knew a simple snack would be a problem?
“When we go out to eat, we casually hand over our cards to be swiped,” she said. But, “I will cautiously watch from now on.”
What Sonic said
The company was contacted Tuesday afternoon. A spokesperson referred the Great Bend Tribune to a statement released earlier.
“Our credit card processor informed us last week of unusual activity regarding credit cards used at Sonic,” the statement issued by the company on Sept. 26 reads. “We are working to understand the nature and scope of this issue, as we know how important this is to our guests.
“Upon learning of this matter we immediately contacted law enforcement and have been working with them in their investigation,” the statement continues. “We also immediately began our own investigation with the help of experienced third-party forensics firms. Notice of this incident was briefly delayed to accommodate law enforcement’s investigation.”
The security of customer information is important, company officials stated. “We regret that this incident occurred, and apologize for any inconvenience or concern it may cause.”
Sonic has a single point-of-sales system that is used by the majority of its roughly 3,600 locations.
Sonic is offering customers who used their cards at their locations this year to receive 24 months of free fraud detection and identity theft protection through Experian’s IdentityWorks program. To take advantage of these free services, they can enroll by visiting the Experian IdentityWorks website experianidworks.com/sonic.
Customers have until Dec. 31 to register and enroll. For more information or alternative enrolling options, call 877-534-7032.