dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
17318
Zoder
join:2002-04-16
Miami, FL

7 recommendations

Zoder

Member

Credit card data breach at Target

If you shopped at Target between Black Friday and Dec 15, your credit card might be compromised. This is a developing story. Not all the details are out yet.

»krebsonsecurity.com/2013 ··· re-24054

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

1 recommendation

DownTheShore

Premium Member

Oh, shit....
PX Eliezer1
Premium Member
join:2013-03-10
Zubrowka USA

1 recommendation

PX Eliezer1 to Zoder

Premium Member

to Zoder
BOY you are quick!!

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to Zoder

Premium Member

to Zoder
Even though it's a developing story I'm comfortable going out on a limb here.

"The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.

It could be my definition of 'theoretically' that's off, but there is nothing 'theoretical' about cloning a card for ATM cash withdrawals.
It all depends on a cards BIN.
»en.wikipedia.org/wiki/Ba ··· d_number
Either a cards BIN is clone-able or it is not.
Which BINs are clone-able vs which BINs are not clone-able?
Fire testing determines that.
A BIN gets cloned - the issuers make adjustments to prevent further cloning -
The bad guys make adjustments to permit further cloning.
On/Off, On/Off, chase that doggies tail.

The truly sad part of this will be Targets efforts at brand imaging.
They'll issue press releases promising to make the situation right for it's valued customers.
Press releases that tout their new safeguards in place.
Press releases that promise no stone will go unturned in the apprehension of the culprits.
Press releases that go blah, blah, blah etc...

The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires.
Zoder
join:2002-04-16
Miami, FL

Zoder

Member

I shopped there on Friday the 29 with my MC. At least it wasn't my debit card

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by Zoder:

I shopped there on Friday the 29 with my MC. At least it wasn't my debit card

Personally, I never supply the PIN when using my debit card.
I'm sure most folks know this but I'll mention it anyway, in a debit card purchase when the "enter your PIN" screen appears by using the "Cancel" option the sale will be completed as if you were using a credit card - no PIN required - just a signature.

The credit/debit card issuers do not keep the card data in a single location for security reasons, I see no need to break that security by supplying a PIN alongside the data captured in the swipe.

mm
I Did It My Way
Premium Member
join:2001-04-07
Summerville, SC

mm to Zoder

Premium Member

to Zoder
USA Today had an article about Target

»www.usatoday.com/story/n ··· ories%29
nonymous (banned)
join:2003-09-08
Glendale, AZ

nonymous (banned) to Zoder

Member

to Zoder
Walmart did it.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to DownTheShore

Premium Member

to DownTheShore
I second your "oh shit". I shopped at Target on Nov 30, Dec 11 and THREE HOURS AGO and I used a credit card I use for most local purchases. Maybe Hawaii Targets were not affected?
Mele20

1 recommendation

Mele20 to Snowy

Premium Member

to Snowy
said by Snowy:

said by Zoder:

I shopped there on Friday the 29 with my MC. At least it wasn't my debit card

Personally, I never supply the PIN when using my debit card.
I'm sure most folks know this but I'll mention it anyway, in a debit card purchase when the "enter your PIN" screen appears by using the "Cancel" option the sale will be completed as if you were using a credit card - no PIN required - just a signature.

The credit/debit card issuers do not keep the card data in a single location for security reasons, I see no need to break that security by supplying a PIN alongside the data captured in the swipe.

You don't sign at Target or hardly any store in Hawaii these days unless over $50 purchase.

You couldn't pay me enough to get me to use a debit card. I hate them. I have ATM cards from both major banks in Hawaii and my credit union. They are old fashioned ATM cards - not credit or debit.
19579823 (banned)
An Awesome Dude
join:2003-08-04

19579823 (banned) to Zoder

Member

to Zoder

Thank you...... Spreading this on some other sites Im on!
Frodo
join:2006-05-05

Frodo to Zoder

Member

to Zoder

Re: Credit card data breach at Target

Target confirms massive credit-card data breach
quote:
Target says that its stores have been hit by a major credit-card attack involving up to 40 million accounts. ... The retailer said that the unlawful access to customer information took place between Nov. 27 and Dec.15.


carpetshark3
Premium Member
join:2004-02-12
Idledale, CO

carpetshark3

Premium Member

The article on the news seemed to imply that it was done within the store. Computer breach somewhere, or skimmers on one terminal? With extra holiday hiring, it's possible.
Michaels got hit with the same a couple of years ago.

»consumerist.com/2011/05/ ··· -breach/

planet
join:2001-11-05
Oz

planet to Mele20

Member

to Mele20
said by Mele20:

You couldn't pay me enough to get me to use a debit card. I hate them. I have ATM cards from both major banks in Hawaii and my credit union. They are old fashioned ATM cards - not credit or debit.

I also only use the ole fashion ATM card. The bank charges me to use it and after discussing this with a bank employee, I was informed the bank wants their customers to use a debit card because they are issued by a major credit card company. If data is stolen and used then the credit card company (MC/Visa) is left holding the costs and not the bank.
PX Eliezer1
Premium Member
join:2013-03-10
Zubrowka USA

PX Eliezer1

Premium Member

said by planet:

I also only use the ole fashion ATM card.

I have an ATM card that is 16 years old!

It's not branded to MV/Visa and I hope it will stay that way.

That's why I have kept it all these years.

goalieskates
Premium Member
join:2004-09-12
land of big

goalieskates to Snowy

Premium Member

to Snowy
said by Snowy:

The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires.

Preach it. Until these companies feel real pain (in the form of lawsuits or heavy fines), they're going to keep ignoring security and hoping for the best. Only when a breach costs them more than their security budget will they do what they need to.
PX Eliezer1
Premium Member
join:2013-03-10
Zubrowka USA

PX Eliezer1 to Snowy

Premium Member

to Snowy
said by Snowy:

The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires.

That is an excellent description of that practice.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to planet

Premium Member

to planet
Hmmm...that's interesting. That makes sense then why the banks push debit cards. However, neither of the banks here, or credit union, charge to use an ATM card (as long as it is used in a machine belonging to that bank, or in the case of my credit union ATM card, no charge if used in the machines owned by the largest bank in Hawaii (where I have my checking account and an ATM card). These banks have ATMs state wide so unless I travel outside Hawaii, I can easily avoid ATM charges and if I go outside Hawaii I do another old fashioned thing - I get free Travelers checks from one of the banks or my credit union). In fact, the banks and my credit union have actually praised my decision to never have a debit card as being very wise.

I had to do it over the phone just now (wee hours so the bank is closed) and it appears there are no odd charges on my card which is a relief....but if these thieves are waiting because of current market conditions (can't sell the stolen info as the market is glutted) to use their ill gotten gains until sometime later...that would mean that everyone who shopped in Target with a credit or debit card during that time period should get a new card issued even if there is no unusual activity on their card. Right?
Mele20

Mele20 to PX Eliezer1

Premium Member

to PX Eliezer1
said by PX Eliezer1:

said by Snowy:

The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires.

That is an excellent description of that practice.

My discover card now sends my credit score each month on the bill so, unless that drops suddenly, I don't need to deal with the Big3.

Boricua
Premium Member
join:2002-01-26
Sacramuerto

Boricua

Premium Member

said by Mele20:

My discover card now sends my credit score each month on the bill so, unless that drops suddenly, I don't need to deal with the Big3.

You do realize that by then it is too late, your info in compromised.

PlusOne
@comcast.net

PlusOne to goalieskates

Anon

to goalieskates
said by goalieskates:

Until these companies feel real pain (in the form of lawsuits or heavy fines), they're going to keep ignoring security and hoping for the best. Only when a breach costs them more than their security budget will they do what they need to.

+1
This is the real threat to your personal info and not so much NSA spying. Having your identity stolen and losing thousands of dollars and your good credit rating. The disruption to your life is so much greater with this kind of loss of privacy.
SpHeRe31459
Premium Member
join:2002-10-09
Sacramento, CA

SpHeRe31459 to Zoder

Premium Member

to Zoder
This is really irritating news. I shop at Target weekly. Lately, we've been using one of their Red Card debit cards for the 5% back.

FYI: Target officially issued a press release today about it, but with zero new/helpful details...
»pressroom.target.com/new ··· s-stores
PrntRhd
Premium Member
join:2004-11-03
Fairfield, CA

1 edit

PrntRhd to Zoder

Premium Member

to Zoder
1 Change your PIN on your card.
2 Your bank/CU may issue a new card.
3 Monitor the account daily.
4 Don't connect equity lines to that account for overdraft protection.

The MC/VISA logo does nothing to either protect you or increase the risks unless there is insurance provided by the issuing institution to cover a possible loss. Insurance only returns the money after the case is investigated, in the meantime you are on your own.

Debit card transactions are cheaper to process by the banks vs paper checks and both the business accepting debit and the consumer pay % of purchase to use them.

This could be a payment processor breach (see the previous TJX/Heartland cases) or a problem in-house at Target.

And guess what, Target might be using Heartland Payment Systems to process their transactions.

Frank_IT
Premium Member
join:2003-11-01
Montreal

Frank_IT to Zoder

Premium Member

to Zoder
Is it only in US ? or Canada too?!
Frodo
join:2006-05-05

Frodo to Zoder

Member

to Zoder
Target's Notice regarding the breach.
quote:
We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code).
banner
Premium Member
join:2003-11-07
Long Beach, CA

banner to Zoder

Premium Member

to Zoder
EMV adoption in the us should be rushed.
nonymous (banned)
join:2003-09-08
Glendale, AZ

nonymous (banned) to PrntRhd

Member

to PrntRhd
On number 4 why would I ever connect an equity line for overdraft.
PrntRhd
Premium Member
join:2004-11-03
Fairfield, CA

PrntRhd

Premium Member

said by nonymous:

On number 4 why would I ever connect an equity line for overdraft.

Some people do that so a purchase never overdraws the account, risky but people can do that.

Postal8
First pull up, then pull down.
Premium Member
join:2000-08-30
Simi Valley, CA

Postal8 to Frank_IT

Premium Member

to Frank_IT
said by Frank_IT:

Is it only in US ? or Canada too?!

Only the US.
OZO
Premium Member
join:2003-01-17

OZO to Zoder

Premium Member

to Zoder
Why do they need to keep all those records?
And for how long?