Word is just starting to break from the Wendy’s restaurant chain about a ‘possible credit card breach at some locations,’ according to cyber-security site KrebsonSecurity.com.
This one is still a moving target and I’m not expecting it will be anything other than a minor inconvenience in your life. Here’s what we know so far…
‘We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations,’ according to company spokesperson Bob Bertini. ‘Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cyber-security firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.’
No word yet on timeline of the breach or how many stores were impacted. Stay tuned for details.
Regardless of how this story develops, there are some things you need to keep in mind whenever you hear about these increasingly common data breaches.
Watch your statements carefully
If you’re among those hit by the Wendy’s breach, you need to go through your credit card and debit card statements this month and next month with a fine tooth comb. Identify any bogus charges the crooks may have pushed through and dispute them immediately with your bank or credit card company.
Use an abundance of caution
Maybe weeks or months down the road, you get an email, letter, or phone call that looks like it comes from Wendy’s. It’s a danger known as ‘pretexting.’
If the crooks have your contact info, which has not yet been determined in this case, they would how to get in touch with you. And the reality is it’s so easy for criminals to ape the exact look and feel of a Wendy’s communication, or any other institution for that matter.
That’s a one-two punch that can lead you to drop your defenses when you should be most alert. In a classic pretext scam, you’ll be told Wendy’s is trying to prevent crooks from draining your account… and then you’ll be asked you for all the info the real crooks need to do just that!
Here’s the rule going forward. Do not click on any link in any email you receive purporting to be from Wendy’s. Do not dial any number listed as a phone number in any email.
If you believe Wendy’s is trying to get in touch with you, you must log out from your email and go directly to Wendy’s website on your own to find the true contact info. Do not sign in on any communication that comes to you where it says “click here to sign in.”
Limit the risks from debit cards by setting up a separate account
The reality is customers who use debit cards are hit hardest by any breach. If you wish to continue using debit in the future, be sure you tie it into a separate account that’s only used for debit transactions. I like to call it your ‘walking around’ money. That way, only that money you transfer to your separate account is at risk in a breach. Not the money you need to pay your mortgage or a car note, or to put food on the table.
Understand the real dangers of debit vs. credit
To understand just how bad debit cards are, you first have to look at the consumer protections afforded to credit cards. In a case like this breach where crooks potentially have your credit card number but not the physical card, normally that means zero dollar liability. In the worst case scenario, your maximum liability would be $50…and some issuers will waive even that.
If you used a debit card though, it’s a whole different story. Debit cards are dangerous to your wallet. They don’t have the normal protections under federal law offered by a credit card. With a breached debit card, you have only 2 days after you notice that money is gone from your account…or else your liability rises to $500. And under some circumstances, your liability with a debit card can be unlimited.
You should do a credit freeze right now
Offering free credit monitoring for a year is the default crouch position companies tend to go into when news of breach breaks. But all credit monitoring does is essentially put fraud alerts on your credit files with the three main credit bureaus. These alerts are meant to raise a flag to potential creditors, alerting them to carefully verify an applicant’s identity before extending credit. All too often these alerts are ignored.
I have a better alternative and it’s called a credit freeze. You’ll pay zero to $10 per bureau to do a credit freeze, depending on your state, and it will shut a criminal down cold when they try to apply for new lines of credit in your name. You can find my credit freeze guide here; it will walk you through the easy process.
For more info to protect your wallet, see our Protect Your Rights & Identity section.