Affected by the Target security hack? Here's what you should do

Posted: Updated:

PHOENIX -- With conflicting reports about PIN numbers being accessed by the hacker who broke into Target's system and stole information relating to some 40 million credit and debit cards, many people are wondering what actions they need to take to mitigate the damage and protect themselves as best they can.

Ken Colburn, founder and CEO of Data Doctors discussed the issue with 3TV's Scott Pasmore Thursday morning.

He suggested you keep a very close eye on your accounts because thieves often start with relatively small innocuous-looking purchases -- perhaps something from iTunes or maybe a gas station.

"What these guys will do is they'll start to nibble. They'll do a $1 or $2 test charge," he explained. "It might be really something kind of menial."

Basically the bad guys are trying to determine if the card is active. Once those little charges go through, bigger ones will follow.

"Generally what they're doing is they're going and getting a large gift card," Colburn continued. "It's almost like they're laundering the money."

It's easier to fight fraudulent charges made with a credit card than it is charges on a debit card. With a debit card, the money is immediately accessed. While banks will work with you to fix it, it can take a week to 10 business days. That's time that your money is not in your bank account.

"The other thing that they're saying that these thieves are doing is they're localizing their purchases," Colburn said.

Out-of-state charges can be a red flag for fraudulent activity. It's something that the banks will notice. Local charges, however, generally won't appear to be a cause for alarm.

"You have to watch those accounts," Colburn stressed.

Thursday morning there were reports that PIN numbers were among the data stolen in the massive security breach.

"There is no indication that PIN numbers have been compromised on affected bank issued PIN debit cards or Target debit cards," Target chairman, president and CEO Gregg Steinhafel wrote on the company's corporate web site last Friday. "Someone cannot visit an ATM with a fraudulent debit card and withdraw cash."

Despite that, Colburn said you should change your PIN number anyway.

"We don't know who to trust at this point," Colburn said. "Just change it."

Some security experts actually recommend changing PIN numbers and passwords on a regular basis.

Steinhafel said in no uncertain terms that victims of the security breach will not be footing the bill for the thieves' shopping sprees.

"You will not be responsible for fraudulent charges—either your bank or Target have that responsibility."

Steinhafel also said that Target will offer free credit monitoring service to the millions of people whose accounts were affected.

For more information about identity theft, call the FTC hotline at 877-IDTHEFT (438-4338), or check out