dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
17320

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird to Anon

Premium Member

to Anon

Re: Credit card data breach at Target

said by Name Game:

Three Small Business Lesson from Target

»www.forbes.com/sites/mar ··· -target/

I wonder if Mistake #1 resulted from knee-jerk-reaction advice by Target's legal department or retained lawyers: admit no responsibility that can be used against you in lawsuits that are bound to come later. And Mistake #2 may be related to Mistake #1... offering fix-it plans admits you had a system in the first place that needed fixing. Short-sighted, but not uncommon lawyer reactions. Perhaps Target might be wise to consider exploring new legal counsel to go along with the new PR department they ought to be staffing...
scross
join:2002-09-13
USA

scross to GuruGuy

Member

to GuruGuy
said by GuruGuy:

I could see that working if you called from a phone number listed on the account.

The phone number thing has been a trivially easy enough trick to pull off for at least several decades now with POTS.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

1 edit

antdude to Zoder

Premium Member

to Zoder

Target Got Hacked Hard in 2005. Here's Why They Let It Happen Again

»www.wired.com/threatleve ··· et-hack/

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Snowy

Premium Member

to Snowy

Re: Credit card data breach at Target

I can walk into my local TD bank and tell them I want a new debit card and cancel the old one and they will cut it on the spot..I can crank in a new pin number on their device and walk out in 10 minutes and it is all done. Just wondering if you know if other banks do that for their customers...never had any mailed to me from some central processing all these year and sometime do that even before the old card would expire.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to scross

Premium Member

to scross
said by scross:

said by GuruGuy:

I could see that working if you called from a phone number listed on the account.

The phone number thing has been a trivially easy enough trick to pull off for at least several decades now with POTS.

This is a good illustration of why posting links ad nauseum to 'prove' some point by flooding a thread with extraneous matter is not a good idea a bad idea because their driven by a disingenuous motive.

Because of one such link where now in the midst of a debate that's completely & totally devoid of anything related to the Target breach.

The phone numbers used to activate a card are always going to display the correct originating number because they are not POTS calls.
Their going to be Automatic number identification (ANI) calls which prevent spoofing.
Snowy

Snowy to Name Game

Premium Member

to Name Game
said by Name Game:


Just wondering if you know if other banks do that for their customers...

This is the first reference I've seen to while-u-wait replacement card issuance.
If the banks could handle the initial onslaught of Target victims wanting to replace their cards on a while -u- wait basis this sounds like a nifty convenience.

You didn't mention the costs if any that are charged for this enhanced level of service & since card replacement costs are part of the reality that Target is going to eventually be called to task on, is there a cost for TD Banks card replacement for cards lost but not stolen or do they not make that distinction?

Yes, changing the PIN should be a one minute self service task.
Expand your moderator at work

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Snowy

Premium Member

to Snowy

Re: Credit card data breach at Target

No cost or charge..did it just last week since might be traveling when card expired this year..they just took my exisiting card..walked into a back room and ran off a new card with different numbers of course...don't think they make a distinction will ask the manager tomorrow. maybe they make enough money off me already. but do get interest on my checking accounts.
Expand your moderator at work
scross
join:2002-09-13
USA

scross to Snowy

Member

to Snowy

Re: Credit card data breach at Target

said by Snowy:

The phone numbers used to activate a card are always going to display the correct originating number because they are not POTS calls.
Their going to be Automatic number identification (ANI) calls which prevent spoofing.

If the customer still has POTS service at home then these activation requests will most certainly be originating as POTS calls. And I was specifically NOT referring to number spoofing here (someone else did that in reference to VOIP calls). These bogus calls would come in appearing as if they originated at the card owner's residence - which in fact they may have.
Expand your moderator at work
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Anon

Premium Member

to Anon

Re: Credit card data breach at Target

What a bunch of BS...that test. ALL should be regarding as phishing because all asked you to click on links! EVERYONE SHOULD KNOW TO NEVER, EVER CLICK ON LINKS IN EMAIL. geez...

According to that stupid test, only the last one was phishing.

I have never gotten any emails like the ones in that test! A lot of people in the thread said they have gotten similar emails so they knew those in the test were legit. I give a fake email address or legit but one I never visit to the kinds of sites in that test. I don't want banks communicating with me via PLAIN TEXT EVERYONE ON THE NET CAN READ emails.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to scross

Premium Member

to scross
said by scross:

said by Snowy:

The phone numbers used to activate a card are always going to display the correct originating number because they are not POTS calls.
Their going to be Automatic number identification (ANI) calls which prevent spoofing.

If the customer still has POTS service at home then these activation requests will most certainly be originating as POTS calls. And I was specifically NOT referring to number spoofing here (someone else did that in reference to VOIP calls). These bogus calls would come in appearing as if they originated at the card owner's residence - which in fact they may have.

I'm not trying to give you a hard time at all but I'm not understanding what you're saying.
What does "bogus" refer to in this:
These bogus calls would come in appearing as if they originated at the card owner's residence ...
That answer might gel it for me.
Expand your moderator at work

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Mele20

Premium Member

to Mele20

Re: Credit card data breach at Target

Click for full size
said by Mele20:

What a bunch of BS...that test. ALL should be regarding as phishing because all asked you to click on links! EVERYONE SHOULD KNOW TO NEVER, EVER CLICK ON LINKS IN EMAIL. geez...

According to that stupid test, only the last one was phishing.

I have never gotten any emails like the ones in that test! A lot of people in the thread said they have gotten similar emails so they knew those in the test were legit. I give a fake email address or legit but one I never visit to the kinds of sites in that test. I don't want banks communicating with me via PLAIN TEXT EVERYONE ON THE NET CAN READ emails.

Wrong !
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Anon

Premium Member

to Anon
I'm confused. I don't use debit cards, but I thought you had to put in a pin when you use a debit card. So, how did the thief do this? The bank would not send the pin number with the new card. So how did the thief use the card?

What sort of idiot bank would send a card that could be activated from ANY phone? All my cards from many different banks require activation from my home landline phone. I can't use my friend's phone to activate it.

She is very naive and trusting as are all her neighbors...all of them without locked mailboxes! That is beyond stupid. Since their boxes appear to be grouped at a corner or something out near the street, and not a box on the front of the house, they all need to install locking boxes. That's what several neighbors have done here after enduring one too many thefts from their boxes that are at the street curb.

trparky
Premium Member
join:2000-05-24
Cleveland, OH
·AT&T U-Verse

trparky

Premium Member

Those are called CBUs or cluster box units. All new developments seem to be getting these instead of having individual mailboxes for curb side delivery.

Honestly, with the way that there seems to be no end in sight for the constant budget cuts being forced upon the United States Postal Service by the likes of Congress I do indeed foresee far more use of these kinds of mailbox setups from here on out.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Name Game

Premium Member

to Name Game
That test didn't show me a page like your screen shot shows. It just said I got one out of 10 correct and that was the last one.

Maybe Proxo messing with the Java script but each question appeared with no problem so I didn't disable Proxo and start over. I would have disabled it "just in case" but I didn't think to do so.
Mele20

Mele20 to trparky

Premium Member

to trparky
Hawaii's always had mailboxes for single residences at the curb and I heard some new developments have those "cluster" ones at a few locations within the development.

Hawaii has always had a lot of mailbox theft because of no mailboxes ever being on the side of the house but all out at the curb. What's new here is locked boxes at the curb. These boxes have keys not keypads. I don't know how the key thing is handled...if the postal carrier has a master key or what.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

2 edits

Name Game to Mele20

Premium Member

to Mele20
A chase debit card tied to a checking account is a visa card with Chase name on it and can be used as a debit card with pin or like a credit card with signature. In both transactions the funds come immediately against the checking account so there is never any interest. They also have a UCard type most often used for unemployment payments by States..those are stolen and used all the time by peps that do not own them. For others reading this post Another neighbor of mine also read this thread and called me up laughing. Last month he and the wife were headed up to Cherokee to do some gambling and stopped for gas trying to pay for it with their chase debit card..would not go through since card was not activated so they paid cash..then stopped at a rest stop and called the number on the back of the card to activate it on their cell phone..all he was asked was his zip code.
He did tell them he was not home to use his landline.Then he used it that weekend at the casino to get cash out of their ATM when he ran short. Card was a replacement for his last one which had expired.
Name Game

Name Game to Mele20

Premium Member

to Mele20
said by Mele20:

That test didn't show me a page like your screen shot shows. It just said I got one out of 10 correct and that was the last one.

Maybe Proxo messing with the Java script but each question appeared with no problem so I didn't disable Proxo and start over. I would have disabled it "just in case" but I didn't think to do so.

Ok..well that is the test and screenshot show you which are phishing.. but it is a sonic wall dell test and I know how you love both.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Name Game

Premium Member

to Name Game
said by Name Game:

A chase debit card tied to a checking account is a visa card with Chase name on it and can be used as a debit card with pin or like a credit card with signature.

So, you are saying the thief used it as credit card since she didn't have the pin? She must have made sure to charge more than the minimum required at each store to generate the need to sign right? A lot of stores it's only over $50 that one signs for with a credit card.

The most recent credit card I got (just last week) wanted me to activate it online and said only in fine print that you could call to activate it. I tried to add it to my account at this big, nation-wide bank and could only get into my old account that had been paid in full six months ago and the card cancelled then. That bank should have deleted my account for the old card since six months had passed and I received paper statements so they weren't keeping the account around because I might want to look at an old statement.

So, I called them about that and also asked how to add my new card to my existing account with the bank. I was told that the ONLY way to set up the new card for online banking was to do it online! I said, but even at a so called secure page, I refuse to enter my Social Security number which you already have anyway for the old account that is still accessible in your online banking so I couldn't see why the CSR couldn't retrieve the SS number there or just help me add the new card as I didn't want to have to set a new user name and password either. I asked if the CSR could set up the new account over the phone. I was told that there is ONLY ONLINE setup now! So, I told him I would forget online banking and pay it each month over the phone. This huge bank should be ashamed of itself for stupid things like this.

I guess forcing everything to online saves the bank money so they can move customer service from India to Florida (where, to my surprise, it is now).

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by Mele20:

She must have made sure to charge more than the minimum required at each store to generate the need to sign right? A lot of stores it's only over $50 that one signs for with a credit card.

No, that's not true.
A debit card can be used as if it were a credit card at all retailers regardless of sale amount.
One way that's accomplished is by using the "Cancel" feature when the queue for PIN displays on the screen.
At that point the signature screen automagically appears replacing the PIN screen.

Just to be sure, the lady you referred to had a debit card stolen.

GuruGuy
Premium Member
join:2002-12-16
Atlanta, GA

GuruGuy

Premium Member

nevermind
GuruGuy

GuruGuy to Mele20

Premium Member

to Mele20
said by Mele20:

I'm confused. I don't use debit cards, but I thought you had to put in a pin when you use a debit card. So, how did the thief do this? The bank would not send the pin number with the new card. So how did the thief use the card?

What sort of idiot bank would send a card that could be activated from ANY phone? All my cards from many different banks require activation from my home landline phone. I can't use my friend's phone to activate it.

She is very naive and trusting as are all her neighbors...all of them without locked mailboxes! That is beyond stupid. Since their boxes appear to be grouped at a corner or something out near the street, and not a box on the front of the house, they all need to install locking boxes. That's what several neighbors have done here after enduring one too many thefts from their boxes that are at the street curb.

Mele,
A debit card is also known as a Checkcard and will usually have a Visa/Mastercard logo on it, unlike a regular ATM card.

Using the card with a PIN is considered an "online" transaction, meaning it requires immediate electronic authorization (PIN). The funds are immediately removed from your account.

Using it as a Visa/Mastercard transaction (hitting cancel, credit, etc) is considered and "offline" transaction. A hold is usually placed at the time of authorization, but funds don't deduct from the account until the merchant submits it.

»en.wikipedia.org/wiki/Debit_card