dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
12347
share rss forum feed

Zoder

join:2002-04-16
Miami, FL

7 recommendations

Credit card data breach at Target

If you shopped at Target between Black Friday and Dec 15, your credit card might be compromised. This is a developing story. Not all the details are out yet.

»krebsonsecurity.com/2013/12/sour···re-24054


DownTheShore
Honoring The Captain
Premium
join:2003-12-02
Beautiful NJ
kudos:14

1 recommendation

Oh, shit....

PX Eliezer
Premium
join:2013-03-10
Outland
kudos:6

1 recommendation

reply to Zoder
BOY you are quick!!


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
reply to Zoder
Even though it's a developing story I'm comfortable going out on a limb here.

"The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.

It could be my definition of 'theoretically' that's off, but there is nothing 'theoretical' about cloning a card for ATM cash withdrawals.
It all depends on a cards BIN.
»en.wikipedia.org/wiki/Bank_card_number
Either a cards BIN is clone-able or it is not.
Which BINs are clone-able vs which BINs are not clone-able?
Fire testing determines that.
A BIN gets cloned - the issuers make adjustments to prevent further cloning -
The bad guys make adjustments to permit further cloning.
On/Off, On/Off, chase that doggies tail.

The truly sad part of this will be Targets efforts at brand imaging.
They'll issue press releases promising to make the situation right for it's valued customers.
Press releases that tout their new safeguards in place.
Press releases that promise no stone will go unturned in the apprehension of the culprits.
Press releases that go blah, blah, blah etc...

The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires.

Zoder

join:2002-04-16
Miami, FL
reply to Zoder
I shopped there on Friday the 29 with my MC. At least it wasn't my debit card


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
said by Zoder:

I shopped there on Friday the 29 with my MC. At least it wasn't my debit card

Personally, I never supply the PIN when using my debit card.
I'm sure most folks know this but I'll mention it anyway, in a debit card purchase when the "enter your PIN" screen appears by using the "Cancel" option the sale will be completed as if you were using a credit card - no PIN required - just a signature.

The credit/debit card issuers do not keep the card data in a single location for security reasons, I see no need to break that security by supplying a PIN alongside the data captured in the swipe.


mm
I Did It My Way
Premium
join:2001-04-07
Summerville, SC
kudos:1
reply to Zoder
USA Today had an article about Target

»www.usatoday.com/story/news/nati···ories%29

nonymous
Premium
join:2003-09-08
Glendale, AZ
reply to Zoder
Walmart did it.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to DownTheShore
I second your "oh shit". I shopped at Target on Nov 30, Dec 11 and THREE HOURS AGO and I used a credit card I use for most local purchases. Maybe Hawaii Targets were not affected?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

reply to Snowy
said by Snowy:

said by Zoder:

I shopped there on Friday the 29 with my MC. At least it wasn't my debit card

Personally, I never supply the PIN when using my debit card.
I'm sure most folks know this but I'll mention it anyway, in a debit card purchase when the "enter your PIN" screen appears by using the "Cancel" option the sale will be completed as if you were using a credit card - no PIN required - just a signature.

The credit/debit card issuers do not keep the card data in a single location for security reasons, I see no need to break that security by supplying a PIN alongside the data captured in the swipe.

You don't sign at Target or hardly any store in Hawaii these days unless over $50 purchase.

You couldn't pay me enough to get me to use a debit card. I hate them. I have ATM cards from both major banks in Hawaii and my credit union. They are old fashioned ATM cards - not credit or debit.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to Zoder

Thank you...... Spreading this on some other sites Im on!

Frodo

join:2006-05-05
kudos:1
reply to Zoder

Re: Credit card data breach at Target

Target confirms massive credit-card data breach
quote:
Target says that its stores have been hit by a major credit-card attack involving up to 40 million accounts. ... The retailer said that the unlawful access to customer information took place between Nov. 27 and Dec.15.



carpetshark3
Premium
join:2004-02-12
Idledale, CO
Reviews:
·CenturyLink
The article on the news seemed to imply that it was done within the store. Computer breach somewhere, or skimmers on one terminal? With extra holiday hiring, it's possible.
Michaels got hit with the same a couple of years ago.

»consumerist.com/2011/05/05/micha···-breach/


planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI
reply to Mele20
said by Mele20:

You couldn't pay me enough to get me to use a debit card. I hate them. I have ATM cards from both major banks in Hawaii and my credit union. They are old fashioned ATM cards - not credit or debit.

I also only use the ole fashion ATM card. The bank charges me to use it and after discussing this with a bank employee, I was informed the bank wants their customers to use a debit card because they are issued by a major credit card company. If data is stolen and used then the credit card company (MC/Visa) is left holding the costs and not the bank.

PX Eliezer
Premium
join:2013-03-10
Outland
kudos:6
Reviews:
·Optimum Voice
·callwithus
·Callcentric
said by planet:

I also only use the ole fashion ATM card.

I have an ATM card that is 16 years old!

It's not branded to MV/Visa and I hope it will stay that way.

That's why I have kept it all these years.


goalieskates
Premium
join:2004-09-12
land of big
reply to Snowy
said by Snowy:

The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires.

Preach it. Until these companies feel real pain (in the form of lawsuits or heavy fines), they're going to keep ignoring security and hoping for the best. Only when a breach costs them more than their security budget will they do what they need to.

PX Eliezer
Premium
join:2013-03-10
Outland
kudos:6
Reviews:
·Optimum Voice
·callwithus
·Callcentric
reply to Snowy
said by Snowy:

The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires.

That is an excellent description of that practice.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to planet
Hmmm...that's interesting. That makes sense then why the banks push debit cards. However, neither of the banks here, or credit union, charge to use an ATM card (as long as it is used in a machine belonging to that bank, or in the case of my credit union ATM card, no charge if used in the machines owned by the largest bank in Hawaii (where I have my checking account and an ATM card). These banks have ATMs state wide so unless I travel outside Hawaii, I can easily avoid ATM charges and if I go outside Hawaii I do another old fashioned thing - I get free Travelers checks from one of the banks or my credit union). In fact, the banks and my credit union have actually praised my decision to never have a debit card as being very wise.

I had to do it over the phone just now (wee hours so the bank is closed) and it appears there are no odd charges on my card which is a relief....but if these thieves are waiting because of current market conditions (can't sell the stolen info as the market is glutted) to use their ill gotten gains until sometime later...that would mean that everyone who shopped in Target with a credit or debit card during that time period should get a new card issued even if there is no unusual activity on their card. Right?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to PX Eliezer
said by PX Eliezer:

said by Snowy:

The credit monitoring they will offer will be the same joke that's played out on the consumer in previous leaks which is nothing more than a prebuilt lead database for the Big3 to mine once the introductory offer courtesy of the breach expires.

That is an excellent description of that practice.

My discover card now sends my credit score each month on the bill so, unless that drops suddenly, I don't need to deal with the Big3.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Boricua
Premium
join:2002-01-26
Sacramuerto
said by Mele20:

My discover card now sends my credit score each month on the bill so, unless that drops suddenly, I don't need to deal with the Big3.

You do realize that by then it is too late, your info in compromised.
--
Illegal aliens have always been a problem in the United States. Ask any Indian. Robert Orben


PlusOne

@comcast.net
reply to goalieskates
said by goalieskates:

Until these companies feel real pain (in the form of lawsuits or heavy fines), they're going to keep ignoring security and hoping for the best. Only when a breach costs them more than their security budget will they do what they need to.

+1
This is the real threat to your personal info and not so much NSA spying. Having your identity stolen and losing thousands of dollars and your good credit rating. The disruption to your life is so much greater with this kind of loss of privacy.

SpHeRe31459
Premium
join:2002-10-09
Sacramento, CA
kudos:2
reply to Zoder
This is really irritating news. I shop at Target weekly. Lately, we've been using one of their Red Card debit cards for the 5% back.

FYI: Target officially issued a press release today about it, but with zero new/helpful details...
»pressroom.target.com/news/target···s-stores

PrntRhd
Premium
join:2004-11-03
Fairfield, CA
Reviews:
·Comcast

1 edit
reply to Zoder
1 Change your PIN on your card.
2 Your bank/CU may issue a new card.
3 Monitor the account daily.
4 Don't connect equity lines to that account for overdraft protection.

The MC/VISA logo does nothing to either protect you or increase the risks unless there is insurance provided by the issuing institution to cover a possible loss. Insurance only returns the money after the case is investigated, in the meantime you are on your own.

Debit card transactions are cheaper to process by the banks vs paper checks and both the business accepting debit and the consumer pay % of purchase to use them.

This could be a payment processor breach (see the previous TJX/Heartland cases) or a problem in-house at Target.

And guess what, Target might be using Heartland Payment Systems to process their transactions.


Frank_IT
Premium
join:2003-11-01
Montreal
reply to Zoder
Is it only in US ? or Canada too?!

Frodo

join:2006-05-05
kudos:1
reply to Zoder
Target's Notice regarding the breach.
quote:
We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code).

hoyleysox
Premium
join:2003-11-07
Long Beach, CA
reply to Zoder
EMV adoption in the us should be rushed.

nonymous
Premium
join:2003-09-08
Glendale, AZ
reply to PrntRhd
On number 4 why would I ever connect an equity line for overdraft.

PrntRhd
Premium
join:2004-11-03
Fairfield, CA
Reviews:
·Comcast
said by nonymous:

On number 4 why would I ever connect an equity line for overdraft.

Some people do that so a purchase never overdraws the account, risky but people can do that.


Postal
First pull up, then pull down.
Premium
join:2000-08-30
Simi Valley, CA
reply to Frank_IT
said by Frank_IT:

Is it only in US ? or Canada too?!

Only the US.

OZO
Premium
join:2003-01-17
kudos:2
reply to Zoder
Why do they need to keep all those records?
And for how long?
--
Keep it simple, it'll become complex by itself...