Apparently, many older gas pumps don’t encrypt the PINs you enter when you use your debit card. If a criminal can get a key to open the pump—not all that hard to do if you have a disgruntled or otherwise cooperative gas station employee to help—then a card-skimming device can be installed inside to scoop up the PINs along with the information contained on the magnetic stripe.

So far from being safer to use at the pump, as this horribly incorrect Yahoo! Answers entry contends, debit cards can be far more vulnerable than credit cards. A bad guy with your debit card info and PIN can swipe money directly from your bank account. (The criminal gang that compromised debit cards at Michaels recently did exactly that.) With a credit card, on the other hand, you don’t have to pay bogus charges. Those are typically removed as soon as you report them, while a compromised bank account may take weeks to fix.

A couple of years ago, VISA made a push to require that all newly installed gas pumps encrypt this crucial data, but gas station owners howled at the idea of retrofitting older pumps at a cost of around $10,000 each. So many pumps still lack encryption.

I don’t know about you, but the few pennies I used to save at the debit-only gas stations aren’t worth potentially compromising my bank account. Until gas station owners fix this issue, I’m sticking to my credit card.

• You’re a Sony online games customer, since hackers just scooped up names, home addresses, phone numbers and credit and debit card numbers for millions of users.
• You recently got an email or emails saying something like “An important message to our customers” or “An important email security alert.” These emails were triggered by a massive computer break-in at Epsilon, which handles promotion emails for some of the biggest companies in the world, including Bank of America, Chase, Target and Wal-Mart. The hackers got names and email addresses, which will allow them to create targeted phishing attacks that will probably look identical to legitimate communications from those companies.
• You’ve gotten any other notice from a company that your identifying information has been compromised.
• You use the same password for a bunch of sites, or haven’t changed your passwords in six months or more.

It’s particularly important to change your passwords if you’re using the same one for social media sites as you do for financial sites. Social media passwords are easily hacked, thanks to spoofs and other tricks that send you to lookalike sites that encourage you to retype your ID and password.

The good news is that there are some password vault programs out there that will not only keep track of all your passwords but help you generate new, more secure ones: KeePass, One Pass, LastPass are among them. (Update: LastPass is asking users to change their master password after noticing some weird traffic on one of their servers. Read this for more. Lifehacker also put together a nifty list of LastPass alternatives here.)

Here are some suggestions from consumer advocate Mitch Lipka, who wrote about the break-ins for DealNews.com:

Do not send your personal information in response to an email, even if it appears to be coming from a company you do business with

Beware of links in emails and do not input your personal information if requested on the pages that open from those links (if you do click)

Note the URL that an email link is going to take you to by pointing your mouse over the link (that will quite often reveal that you’re going to a spoof site)

If you have a question about the validity of a communication from a company you do business with, call a known phone number (such as the one on the back of your credit card) and not a number or email contact that is sent to you

Monitor your credit card charges and immediately report any usage that is not yours (you are not responsible for fraudulent charges that are promptly reported)

Check your credit report every few months to ensure someone is not opening credit in your name. You are entitled to a free report once a year from each of the big three credit reporting agencies from this site they have set up.

If you’re a Sony customer, consider these  suggestions, courtesy of FoolProof:

At the very least, change your passwords on your PlayStation Network account, any accounts associated with this, and change any email addresses you may have used on PlayStation.

At the very least, if you use the same PlayStation Network password on other accounts, change the password on every one one of them. For instance, if your PlayStation Network password is also used on your online banking account, change that password!

Think carefully about other places you may have used your PlayStation Network passwords. Do you buy plane tickets or hotel rooms online?  Did you store credit card information on those sites?  Do any of those credit cards use the same password?  Go to every account and change them.

Check your bank accounts and credit cards tied to your PlayStation Network account daily for unusual activity.

Call your credit card provider (of the card or cards you used on PlayStation Network) and ask them to cancel and replace. “If you want to live on the edge, you can skip this step,” says the Editor of Privacy Times, Evan Hendricks. “But if you really want to be safe, have the PlayStation Network cards cancelled and replaced.”

Do others in your family have a PlayStation Network account? If so, tell them to read this fact sheet and listen to the Podcast with Hendricks at www.foolproofme.com.

photo credit: Archie McPhee Seattle

Some critics disparage the database breach laws that force companies to reveal when your private personal information has been compromised. Only a small percentage of such stolen information is used to commit theft, they say.

Except if you’re a victim of a database breach, your risk of becoming an identity theft victim is four times higher than the that of the general population.

That is the conclusion of a new Javelin Strategy & Research study:

Overall, Javelin’s 2008 Identity Fraud Survey found that 4.32% of U.S. adults had experienced fraud within the past 12 months. Yet of the 11% that said they had been notified of a data breach within the past 12 months, one in five reported that they had also been the victim of some kind of fraud within the past 12 months. That means victims who had been notified of a data breach were almost four times more likely to be victims of fraud as well. The pattern of increased fraud victimization among consumers notified of a breach within the past 12 months remains consistent from 2006 to 2008, indicating that this is not a one-time anomaly.

If you’ve been notified that your data has been compromised, you should:

• Closely monitor your existing accounts
• Consider a credit freeze, particularly if your Social Security number was compromised
• Otherwise, put a fraud alert on your credit reports.