With the constant flow of breaches, it would stand to reason that these companies would get better at dealing with them. Yet many of the companies tackle the issue with the same solution – belated fixes and credit monitoring. Credit monitoring is an understandable first line of defense against more trouble: it seems important for customers whose information has been spirited away, it’s easy to outsource, and, if effective, it lessens the impact of the breach. But the way it’s often presented to the customer, as a cure-all, is neither fair nor correct.
There are huge issue with credit monitoring. The Chicago Tribune pointed out after Target’s breach that credit monitoring might not be as helpful as many believe, as “fraudulent use of a stolen card number won’t show up on a credit report because they don’t show individual charges. And credit reports don’t show debit card information at all.”
More importantly, it isn’t always possible to assume that customers, with a combination of credit monitoring and careful monitoring of their own accounts, can even catch fraudulent charges. In the past, it was very easy to catch obviously fraudulent charges – it’s pretty obvious when Mary from Kansas suddenly seems to be in Moscow.
But as cyber criminals become more organized and advanced, and the underground economy becomes more mature, it becomes more and more difficult to track fraud, even against yourself. Those telltale signs of fraud are no longer out in the open. Stolen cards are now sold on online marketplaces with location information, and lower-level criminals can use the information to create new cards and make purchases in the area.
Free credit monitoring is good for other reasons, but can ultimately prove to be detrimental if customers assume that it is all they need to be protected and alert. So as Kmart offers free credit monitoring to its customers, those customers should consider extending the free service – you never know who’s going to be breached next.