It’s almost Black Friday, followed by Cyber Monday.  The day’s consumers whip out their credit and debit cards (or just their credit and debit card numbers) and buy buy buy.

But in light of the massive hacks and data breaches around this time last year, and the more sophisticated attacks we are seeing now, what should the average consumer do to protect themselves this holiday season?

Absolutely nothing.

That’s right.  Nothing.  Nada.  Zilch.   Well, close to nothing.  You see the CONSUMER has absolutely no liability if their credit or debit card number is stolen and misused.

Under Federal Reserve Regulation E the consumer has limited liability – technically $50 if they notice the transaction, $250 if they negligently let it slide for a long time – for unauthorized charges.

But as a practical matter, issuing banks cover these costs, so the cost to the consumer is effectively nothing – except for the hassle of getting a new card, not having a working card, and having to re-associate all your online transactions with the new card.

A pain in the butt, but better than being out money.  So consumers should check for unauthorized charges on their credit cards, call and reverse these charges, and get frequent credit reports to look for unauthorized or unusual applications for credit.  Some basic hygiene.  But not to panic.

So here are my top 10 tips:

1.       Get a credit or debit card

2.       Buy things

3.       Don’t overspend

4.       Ignore number 3

5.       If buying online, don’t be stupid – don’t click on links from places you don’t know advertising cheap ink, cheap toner or cheap women.

6.       Even if not buying online, don’t click on links from places you don’t know.

7.       Don’t give your personal information to anyone who solicits it.  You call them, not vice versa.

8.       Try to buy from reputable places – but who knows what THOSE are?

9.       Get a credit report from time to time from, and read it.

10.   Buy me something nice – it’s Christmas after all.

Now, if you are a retailer, processor, vendor, supplier, bank, issuer, consultant, CISO, CIO, or otherwise involved in information security and protection, I have other advice.  Test your network.  Then test it again.  Then get someone else to test it.  Again.  Monitor everything.  And get lots of sleep.  You’ll need it.  Merry Christmas to all, and to all a good night.

Leave a Reply