|
to OZO
Re: Credit card data breach at Targetsaid by OZO:Why do they need to keep all those records? And for how long? The data was probably captured and forwarded in real time, or perhaps daily. Merchants are not supposed to keep records long-term (though I think many do) but that would not have changed anything. |
|
OZO Premium Member join:2003-01-17 |
OZO
Premium Member
2013-Dec-19 3:07 pm
And IMHO, it's the key point here. Merchants should not keep all those records at all. It's important for security reasons. Otherwise, customers suffer... |
|
deke40deke40 Premium Member join:2003-01-23 Texas |
to Zoder
The wife and I both used our local credit union debit cards on the 2nd of December. at Target.
Just to be safe we visited them(our credit union) at 9AM and had both of them blocked and were issued new ones on the spot.
Not to worried about the info being used for ID theft as we have all three credit bureaus frozen. |
|
|
to OZO
said by OZO:And IMHO, it's the key point here. Merchants should not keep all those records at all. It's important for security reasons. Otherwise, customers suffer... IF the data is being harvested in real-time (AS the transaction is being processed) then your point is unfortunately not relevant. |
|
|
justin..needs sleep Mod join:1999-05-28 2031 |
to Zoder
So they compromised the company network and installed software on every swipe machine which was undetected for two weeks: how did that reach 40 million cards? Is that the number of target shoppers in that time? |
|
peterboro (banned)Avatars are for posers join:2006-11-03 Peterborough, ON |
to Zoder
Yet I'm ridiculed in DSLR regularly as I only use cash. As these will only grow exponentially in frequency who will get the last laugh? |
|
GuruGuy Premium Member join:2002-12-16 Atlanta, GA |
to justin
said by justin:So they compromised the company network and installed software on every swipe machine which was undetected for two weeks: how did that reach 40 million cards? Is that the number of target shoppers in that time? Exactly....more to the store remains to be told |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
to justin
said by justin:So they compromised the company network and installed software on every swipe machine which was undetected for two weeks: how did that reach 40 million cards? Is that the number of target shoppers in that time? Figure ~18 days @1797 locations. That's ~1200 swipes per store. 15 hrs of operation per day That's ~82 swipes per hour per store. Sounds doable to me at this time of the year. |
|
ahulett Premium Member join:2003-02-02 Little Elm, TX
1 recommendation |
to Zoder
Today's lesson: Don't use debit cards to buy things. Limit use to your bank's ATM or, if you have no other choice, an ATM of a reputable firm that, upon inspection, said ATM does not appear to be compromised or tampered with. |
|
dib22 join:2002-01-27 Kansas City, MO |
to Snowy
said by Snowy:That's ~82 swipes per hour per store. Seems low for the chaos that was the day after thanksgiving. |
|
justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
1 edit |
to Snowy
yes but that assumes every card only visited the store once. I imagine a target shopper is a regular.
Half of all households used a credit card in Target? A lot of Americans don't even own a card, 176 million total own them.
And 40 million of those went to Target? and bought something using the card? |
|
leibold MVM join:2002-07-09 Sunnyvale, CA Netgear CG3000DCR ZyXEL P-663HN-51
|
It is more likely that someone took 40 million transactions and translated that that into 40 million credit/debit card details.
If Target doesn't store the card details (and they shouldn't) they wouldn't be able to tell how many of those 40 million card transactions were done with distinct credit/debit cards.
Even excluding repeat customers, it will still be millions of people that are effected by this. |
|
justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
|
justin
Mod
2013-Dec-19 5:48 pm
but .. all the headlines are that the breach is 40 million cards.
"Target warned consumers Thursday to monitor their statements for unauthorized use after a massive data breach involving 40 million credit and debit cards used in its stores from Black Friday through Dec. 15." (one week). |
|
Postal8First pull up, then pull down. Premium Member join:2000-08-30 Simi Valley, CA
1 recommendation |
to Zoder
I shopped at Target 3 times between 11/27 and 12/15. Each time I paid with my Amex Blue Cash card.
Realistically speaking, what should the lucky millions of us do? Just keep an eye on card activity? Replace the card?
Replacing the card would really suck. It's tied into all of my automatic payments, online retailers.....crap like that. |
|
leibold MVM join:2002-07-09 Sunnyvale, CA Netgear CG3000DCR ZyXEL P-663HN-51
|
to justin
Which just gets to show how easily wrong information keeps getting repeated in the media without any verification of the facts Then again, for every American that doesn't have any credit card at all there is bould to be one that has several (but I'm not sure how likely it is that they would use a different card on every visit to the store). In order to snoop the card details at each individual POS terminal someone could have deployed malicious firmware to those terminals (similar attacks have been done to ATMs). However in order to get this kind of scope (all terminals in all stores) with minimal effort the snooping should be done at the server(s) that all the terminals communicate with (or on the communication path from those servers to the payment processor). In the TJmaxx swipe data theft the POS terminals were using wifi and the hackers were able to access it without entering a store. |
|
justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
|
justin
Mod
2013-Dec-19 6:17 pm
Since all stores were done, Target must have had their internal store network comprehensively penetrated, this isn't some guy driving a van around with a wifi cracker.
I don't think Target would own up to a 40 million figure unless they already knew that was possible.
Perhaps their systems kept history so as well as capturing cards and all transactions over a period, there was more data as well. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
This chat at one of the news outlets might explain the high number.... Target is full of [fill in the blank] - the breach started long before Nov 27. I have had to cancel 2 cards (different issuing banks) in the last 2 weeks because of fraud. They were cloned and swiped - one used in Milwaukee, the other in Louisiana. I've never been to either of those states. I thought it was incredibly strange that this exact same thing would happen to me twice in 2 weeks on separate cards - what are the chances - so I checked my two statements against each other and the only place I used both cards was Target. But, the latest I used those cards at Target was November 9! I haven't used either card in the US since November 11, as I've been out of the country! I'm furious that this happened to me and that it's inconvenienced me so much (plus I'm out of pocket because I have to pay international Fedex charges to get one of the new cards). But I'm even more furious that Target is lying to the public by saying the breach started Nov 27. If you've used a card at Target any time in November, watch out! Might as well cancel it now! |
|
Doctor FourMy other vehicle is a TARDIS Premium Member join:2000-09-05 Dallas, TX |
to Zoder
So this was reported by Brian Krebs, security researcher for the Washington Post, and a favorite target of cybercriminals, on Wednesday.
It seems more than a mere coincidence that the Washingtron Post was hacked at around the same time frame. |
|
justin..needs sleep Mod join:1999-05-28 2031
1 recommendation |
to Name Game
Sounds like the banks need to collaborate on a data matching algorithm: collect all the non-authorized transaction reports, cross-match them to isolate just the common retail outlets then statistically show a breach in progress. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI 1 edit |
to Postal8
said by Postal8:I shopped at Target 3 times between 11/27 and 12/15. Each time I paid with my Amex Blue Cash card.
Realistically speaking, what should the lucky millions of us do? Just keep an eye on card activity? Replace the card?
Replacing the card would really suck. It's tied into all of my automatic payments, online retailers.....crap like that. Bummer if it is tied into auto payments..but at least you might want to follow advice in this link. » www.usatoday.com/story/m ··· 4125231/and these are the types of small charge hits on your card that should make you sit up and take notice and why... » www.reuters.com/article/ ··· 20131219 |
|
|
to Zoder
Well, I used my credit card at Target for the first time in ages on Dec. 16, so I guess I'm safe (knock on wood). While I would never presume to be immune from any such criminal activity, I am one of the few people I know who hasn't (yet) been a victim of it in some fashion, including my wife, mother, father-in-law, and various friends and colleagues. Here are the steps I take to try and prevent this. 1. I never use a debit card, but if I did it would not be one tied to my bank account, but instead one that I had to reload with limited amounts of money on regular basis - just like I withdraw limited amounts of cash from the ATM on a regular basis. 2. I use virtual account numbers for all credit card activity which doesn't require my card to be physically present. This means pretty much all purchases conducted online, with the exception of a few things such as airline tickets which might require my physical card to be presented at an airport kiosk (although I could probably work around this situation, too). The account that these virtual numbers are tied to is set for maximum alerts for all activity, the alerts being routed to both my smartphone and my email address. This means that in most cases I will be alerted to any card activity almost immediately - often mere seconds after the card is swiped or otherwise processed (but sometimes hours or even days may go by - not sure why). 3. My physical credit card is unrelated to the virtual account numbers (different card and different bank), but it is also set for maximum alerts, just like the virtual account card is. One downside to such alerts is that you may make a purchase at "A", but it shows up on the alert as "B", and may be finalized a few days later as "C". This is rare but it happens, typically in situations where a store has its credit cards processed by a different organization and the store itself is owned by yet another organization - so potentially three different legitimate names to deal with. In one case like this a large charge unexpectedly came through that I didn't immediately recognize, and after a few moments of panic I was in the process of dialing my credit card company to tell them to freeze my card when I finally realized that it was a legitimate charge. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to Zoder
I just called my bank's credit card department even though there is no fraudulent activity on the card and was promptly put on hold due to "unusually high call volume".
I had the card cancelled and will receive a new one in a few days. The CSR said First Hawaiian was only notified LAST NIGHT about this. (I had asked why cards had not been automatically cancelled and new ones sent since that is what others are reporting has happened on the Mainland).
The CSR fully agreed that I should not wait for fraudulent activity on the card before requesting a new one as the main concern here is identity theft. EVERYONE WHO HAS USED A CREDIT/DEBIT CARD IN TARGET FROM NOV 1-DEC 15 should immediately request a new card from the issuing bank. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
to justin
said by justin:yes but that assumes every card only visited the store once. I imagine a target shopper is a regular. Each transaction creates a separate record. I'm sure Target is referring to 40M records not 40M unique CC/Debit card #'s. said by justin:Half of all households used a credit card in Target? A lot of Americans don't even own a card, 176 million total own them. Consider that Target has ~40,000 terminals in the US, 40M transactions through 40,000 termnals over 18 days, 15 hrs per day works out to just under 4 credit/debit credit card transactions per hour. 40M isn't what it used to be 40K terminals @ target reference. » www.computerworld.com/s/ ··· e_thefts |
|
justin..needs sleep Mod join:1999-05-28 2031 |
justin
Mod
2013-Dec-19 9:55 pm
they keep saying cards. not transactions guess we will see. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2013-Dec-19 10:12 pm
said by justin:they keep saying cards. That's why folks go to » www.dslreports.com for the facts. |
|
dib22 join:2002-01-27 Kansas City, MO |
to Zoder
I pulled out my spare debit card, and canceled the one I used Grey Saturday at target, I have not found any odd usage on it. The bank is sending me a new one to become my new spare... while at the bank the teller handed me a book and said "pick the picture you want on the card" and guess what I picked.... BACON! Yes ladies and gents you can get a debit card with bacon on it.... what a world we live in. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI
1 recommendation |
Mele20
Premium Member
2013-Dec-19 10:50 pm
I hope it is COOKED bacon! |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI
3 recommendations |
Snowy
Premium Member
2013-Dec-19 10:54 pm
Uhm, excuse me Mele20 but did you say " Cooked bacon?? |
|
|
to Zoder
Stolen credit card info (and identity data) is so plentiful right now, that the hackers are offering it at cut-rate prices. Seriously. » www.bbc.co.uk/news/techn ··· 25398408 |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2013-Dec-19 11:32 pm
said by PX Eliezer1:Stolen credit card info (and identity data) is so plentiful right now, that the hackers are offering it at cut-rate prices. Thanks, appreciated the link. Two items affecting the end user price drops should have warranted mention, IMO. 1. What were once buyers are now hacking for their data needs to eliminate the price & uncertainty of dealing with a 3rd party & the reality that #2 brings to the transaction. 2. Data is worth less today than a few years ago because of the increasing difficulty in actually completing a successful abuse. |
|