Zoder join:2002-04-16 Miami, FL
7 recommendations |
Zoder
Member
2013-Dec-18 8:01 pm
Credit card data breach at TargetIf you shopped at Target between Black Friday and Dec 15, your credit card might be compromised. This is a developing story. Not all the details are out yet. » krebsonsecurity.com/2013 ··· re-24054 |
|
DownTheShorePray for Ukraine Premium Member join:2003-12-02 Beautiful NJ
1 recommendation |
Oh, shit.... |
|
1 recommendation |
to Zoder
BOY you are quick!! |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
to Zoder
Even though it's a developing story I'm comfortable going out on a limb here. "The type of data stolen also known as track data allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.It could be my definition of 'theoretically' that's off, but there is nothing 'theoretical' about cloning a card for ATM cash withdrawals. It all depends on a cards BIN. » en.wikipedia.org/wiki/Ba ··· d_numberEither a cards BIN is clone-able or it is not. Which BINs are clone-able vs which BINs are not clone-able? Fire testing determines that. A BIN gets cloned - the issuers make adjustments to prevent further cloning - The bad guys make adjustments to permit further cloning. On/Off, On/Off, chase that doggies tail. The truly sad part of this will be Targets efforts at brand imaging. They'll issue press releases promising to make the situation right for it's valued customers. Press releases that tout their new safeguards in place. Press releases that promise no stone will go unturned in the apprehension of the culprits. Press releases that go blah, blah, blah etc... The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires. |
|
|
Zoder join:2002-04-16 Miami, FL |
Zoder
Member
2013-Dec-18 10:22 pm
I shopped there on Friday the 29 with my MC. At least it wasn't my debit card |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2013-Dec-18 11:08 pm
said by Zoder:I shopped there on Friday the 29 with my MC. At least it wasn't my debit card Personally, I never supply the PIN when using my debit card. I'm sure most folks know this but I'll mention it anyway, in a debit card purchase when the "enter your PIN" screen appears by using the "Cancel" option the sale will be completed as if you were using a credit card - no PIN required - just a signature. The credit/debit card issuers do not keep the card data in a single location for security reasons, I see no need to break that security by supplying a PIN alongside the data captured in the swipe. |
|
mmI Did It My Way Premium Member join:2001-04-07 Summerville, SC |
mm to Zoder
Premium Member
2013-Dec-19 12:23 am
to Zoder
USA Today had an article about Target » www.usatoday.com/story/n ··· ories%29 |
|
nonymous (banned) join:2003-09-08 Glendale, AZ |
to Zoder
Walmart did it. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to DownTheShore
I second your "oh shit". I shopped at Target on Nov 30, Dec 11 and THREE HOURS AGO and I used a credit card I use for most local purchases. Maybe Hawaii Targets were not affected? |
|
Mele20
1 recommendation |
to Snowy
said by Snowy:said by Zoder:I shopped there on Friday the 29 with my MC. At least it wasn't my debit card Personally, I never supply the PIN when using my debit card. I'm sure most folks know this but I'll mention it anyway, in a debit card purchase when the "enter your PIN" screen appears by using the "Cancel" option the sale will be completed as if you were using a credit card - no PIN required - just a signature. The credit/debit card issuers do not keep the card data in a single location for security reasons, I see no need to break that security by supplying a PIN alongside the data captured in the swipe. You don't sign at Target or hardly any store in Hawaii these days unless over $50 purchase. You couldn't pay me enough to get me to use a debit card. I hate them. I have ATM cards from both major banks in Hawaii and my credit union. They are old fashioned ATM cards - not credit or debit. |
|
19579823 (banned)An Awesome Dude join:2003-08-04 |
to Zoder
Thank you...... Spreading this on some other sites Im on! |
|
|
to Zoder
Re: Credit card data breach at TargetTarget confirms massive credit-card data breachquote: Target says that its stores have been hit by a major credit-card attack involving up to 40 million accounts. ... The retailer said that the unlawful access to customer information took place between Nov. 27 and Dec.15.
|
|
|
The article on the news seemed to imply that it was done within the store. Computer breach somewhere, or skimmers on one terminal? With extra holiday hiring, it's possible. Michaels got hit with the same a couple of years ago. » consumerist.com/2011/05/ ··· -breach/ |
|
|
to Mele20
said by Mele20:You couldn't pay me enough to get me to use a debit card. I hate them. I have ATM cards from both major banks in Hawaii and my credit union. They are old fashioned ATM cards - not credit or debit. I also only use the ole fashion ATM card. The bank charges me to use it and after discussing this with a bank employee, I was informed the bank wants their customers to use a debit card because they are issued by a major credit card company. If data is stolen and used then the credit card company (MC/Visa) is left holding the costs and not the bank. |
|
|
said by planet:I also only use the ole fashion ATM card. I have an ATM card that is 16 years old! It's not branded to MV/Visa and I hope it will stay that way. That's why I have kept it all these years. |
|
|
to Snowy
said by Snowy:The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires. Preach it. Until these companies feel real pain (in the form of lawsuits or heavy fines), they're going to keep ignoring security and hoping for the best. Only when a breach costs them more than their security budget will they do what they need to. |
|
|
to Snowy
said by Snowy:The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires. That is an excellent description of that practice. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to planet
Hmmm...that's interesting. That makes sense then why the banks push debit cards. However, neither of the banks here, or credit union, charge to use an ATM card (as long as it is used in a machine belonging to that bank, or in the case of my credit union ATM card, no charge if used in the machines owned by the largest bank in Hawaii (where I have my checking account and an ATM card). These banks have ATMs state wide so unless I travel outside Hawaii, I can easily avoid ATM charges and if I go outside Hawaii I do another old fashioned thing - I get free Travelers checks from one of the banks or my credit union). In fact, the banks and my credit union have actually praised my decision to never have a debit card as being very wise.
I had to do it over the phone just now (wee hours so the bank is closed) and it appears there are no odd charges on my card which is a relief....but if these thieves are waiting because of current market conditions (can't sell the stolen info as the market is glutted) to use their ill gotten gains until sometime later...that would mean that everyone who shopped in Target with a credit or debit card during that time period should get a new card issued even if there is no unusual activity on their card. Right? |
|
Mele20 |
to PX Eliezer1
said by PX Eliezer1:said by Snowy:The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires. That is an excellent description of that practice. My discover card now sends my credit score each month on the bill so, unless that drops suddenly, I don't need to deal with the Big3. |
|
Boricua Premium Member join:2002-01-26 Sacramuerto |
Boricua
Premium Member
2013-Dec-19 10:51 am
said by Mele20:My discover card now sends my credit score each month on the bill so, unless that drops suddenly, I don't need to deal with the Big3. You do realize that by then it is too late, your info in compromised. |
|
|
to goalieskates
said by goalieskates:Until these companies feel real pain (in the form of lawsuits or heavy fines), they're going to keep ignoring security and hoping for the best. Only when a breach costs them more than their security budget will they do what they need to. +1 This is the real threat to your personal info and not so much NSA spying. Having your identity stolen and losing thousands of dollars and your good credit rating. The disruption to your life is so much greater with this kind of loss of privacy. |
|
|
to Zoder
This is really irritating news. I shop at Target weekly. Lately, we've been using one of their Red Card debit cards for the 5% back. FYI: Target officially issued a press release today about it, but with zero new/helpful details... » pressroom.target.com/new ··· s-stores |
|
PrntRhd Premium Member join:2004-11-03 Fairfield, CA 1 edit |
to Zoder
1 Change your PIN on your card. 2 Your bank/CU may issue a new card. 3 Monitor the account daily. 4 Don't connect equity lines to that account for overdraft protection.
The MC/VISA logo does nothing to either protect you or increase the risks unless there is insurance provided by the issuing institution to cover a possible loss. Insurance only returns the money after the case is investigated, in the meantime you are on your own.
Debit card transactions are cheaper to process by the banks vs paper checks and both the business accepting debit and the consumer pay % of purchase to use them.
This could be a payment processor breach (see the previous TJX/Heartland cases) or a problem in-house at Target.
And guess what, Target might be using Heartland Payment Systems to process their transactions. |
|
Frank_IT Premium Member join:2003-11-01 Montreal |
to Zoder
Is it only in US ? or Canada too?! |
|
|
to Zoder
Target's Notice regarding the breach. quote: We have determined that the information involved in this incident included customer name, credit or debit card number, and the cards expiration date and CVV (the three-digit security code).
|
|
banner Premium Member join:2003-11-07 Long Beach, CA |
to Zoder
EMV adoption in the us should be rushed. |
|
nonymous (banned) join:2003-09-08 Glendale, AZ |
to PrntRhd
On number 4 why would I ever connect an equity line for overdraft. |
|
PrntRhd Premium Member join:2004-11-03 Fairfield, CA |
PrntRhd
Premium Member
2013-Dec-19 1:38 pm
said by nonymous:On number 4 why would I ever connect an equity line for overdraft. Some people do that so a purchase never overdraws the account, risky but people can do that. |
|
Postal8First pull up, then pull down. Premium Member join:2000-08-30 Simi Valley, CA |
to Frank_IT
said by Frank_IT:Is it only in US ? or Canada too?! Only the US. |
|
OZO Premium Member join:2003-01-17 |
OZO to Zoder
Premium Member
2013-Dec-19 2:49 pm
to Zoder
Why do they need to keep all those records? And for how long? |
|