Target Data Breach
Thread Starter
Needs more Lemon Pledge
Joined: Mar 2005
Posts: 52,768
Likes: 2,000
From: Phoenix, AZ
Target Data Breach
OK, I am sure most of you have heard that Target had a breach at the POS resulting in about 40 million CC card holders info getting into the wild.
Article:
http://www.usatoday.com/story/news/n...reach/4119337/
To me, the current implementation of credit/debit cards seems archaic. The methods for verifying the authenticity of the card holder are nearly useless.
What ideas are there for bringing the CC into the current technology world?
The card has to be:
Portable (fit in a wallet)
Durable (survive for at least one year)
Verifiable (unique to the person holding it, see next)
Transferable (give to your wife to run to the store)
Usable (in person and on telephone/interweb)
I would love to see some type of randomized 6 digit code that is displayed on the card, changing every 5 minutes. The card plus code must be used to complete a transaction, and the CC issuer/bank maintains the algorithms to determine if the individual card generated the correct code at the time of transaction.
I as a card holder can key the code into the POS machine or simply provide it to the telephone/internet website, which would then process the transaction (within the validity period of the code).
Anyone else have any ideas? Biometrics? Stool sample?
Article:
http://www.usatoday.com/story/news/n...reach/4119337/
To me, the current implementation of credit/debit cards seems archaic. The methods for verifying the authenticity of the card holder are nearly useless.
What ideas are there for bringing the CC into the current technology world?
The card has to be:
Portable (fit in a wallet)
Durable (survive for at least one year)
Verifiable (unique to the person holding it, see next)
Transferable (give to your wife to run to the store)
Usable (in person and on telephone/interweb)
I would love to see some type of randomized 6 digit code that is displayed on the card, changing every 5 minutes. The card plus code must be used to complete a transaction, and the CC issuer/bank maintains the algorithms to determine if the individual card generated the correct code at the time of transaction.
I as a card holder can key the code into the POS machine or simply provide it to the telephone/internet website, which would then process the transaction (within the validity period of the code).
Anyone else have any ideas? Biometrics? Stool sample?
Team Owner
Joined: Jan 2001
Posts: 25,967
Likes: 2,685
From: Jersey
I would need a reason to care first. If they want to use my credit card number to steal American Express's or Master Card's money, go right ahead. Merchants should be in an uproar because they are the ones on the hook if someone uses my digits to steal merchandise. I don't carry a debit card so I don't have much risk of someone jacking my checking account.
Last edited by doopstr; Dec 20, 2013 at 08:42 PM.
Trending Topics
Senior Moderator
Joined: Dec 2010
Posts: 31,897
Likes: 7,251
From: Austin, TX
I don't like the idea of a randomly generated security code. I have that just for VPN into my company servers, and it is a pain in the ass to have to have my cell phone generate a code to log my computer in. I know that is different than here, but this would cause me to not be able to save information to Paypal, etc. I also have my most used card memorized, and this would render that information alone useless.
I don't have a great solution, but like doopster, I don't see the need. Perhaps, we should fully prosecute CC fraud offenders. It seems pretty elementary since a CC transaction carries all sorts of trackable information.
I don't have a great solution, but like doopster, I don't see the need. Perhaps, we should fully prosecute CC fraud offenders. It seems pretty elementary since a CC transaction carries all sorts of trackable information.
Thread Starter
Needs more Lemon Pledge
Joined: Mar 2005
Posts: 52,768
Likes: 2,000
From: Phoenix, AZ
I don't like the idea of a randomly generated security code. I have that just for VPN into my company servers, and it is a pain in the ass to have to have my cell phone generate a code to log my computer in. I know that is different than here, but this would cause me to not be able to save information to Paypal, etc. I also have my most used card memorized, and this would render that information alone useless.
I don't have a great solution, but like doopster, I don't see the need. Perhaps, we should fully prosecute CC fraud offenders. It seems pretty elementary since a CC transaction carries all sorts of trackable information.
I don't have a great solution, but like doopster, I don't see the need. Perhaps, we should fully prosecute CC fraud offenders. It seems pretty elementary since a CC transaction carries all sorts of trackable information.
As to prosecution, first you are assuming they are in the US, and second there is a long distance between the ones who steal the data and the ones who use the stolen data to make purchases.
_
Joined: Nov 2006
Posts: 19,208
Likes: 3,404
I would love to see some type of randomized 6 digit code that is displayed on the card, changing every 5 minutes. The card plus code must be used to complete a transaction, and the CC issuer/bank maintains the algorithms to determine if the individual card generated the correct code at the time of transaction.
I as a card holder can key the code into the POS machine or simply provide it to the telephone/internet website, which would then process the transaction (within the validity period of the code).
I as a card holder can key the code into the POS machine or simply provide it to the telephone/internet website, which would then process the transaction (within the validity period of the code).
Thread Starter
Needs more Lemon Pledge
Joined: Mar 2005
Posts: 52,768
Likes: 2,000
From: Phoenix, AZ
Pretty easy to set that up with the card issuer as a recurring authorized charge. IE, you need to call amex and verify that you are you with a correct code and that you approve Hulu to charge you monthly.
Racer
Joined: Mar 2013
Posts: 393
Likes: 68
From: Reno, NV
I would need a reason to care first. If they want to use my credit card number to steal American Express's or Master Card's money, go right ahead. Merchants should be in an uproar because they are the ones on the hook if someone uses my digits to steal merchandise. I don't carry a debit card so I don't have much risk of someone jacking my checking account.
1919
Joined: Mar 2005
Posts: 21,467
Likes: 162
I can't remember the exact details, but I heard on a report that came from this breach that fraud costs 5 cents of every $100 spent using credit cards. Not exactly killing them.
I know there's a better solution, but like doopstr said, I know I'm protected when I use my CC.
I have a separate checking account that I use with Paypal that I keep minimal amounts of money in...its debit card is strictly used to withdraw from ATMs.
I know there's a better solution, but like doopstr said, I know I'm protected when I use my CC.
I have a separate checking account that I use with Paypal that I keep minimal amounts of money in...its debit card is strictly used to withdraw from ATMs.
Suzuka Master
Joined: Sep 2006
Posts: 9,863
Likes: 439
Update on the Target data breach: IF you shopped there and used plastic: SCREWED
Target initially reported on December 19 that payment card data of some 40 million customers had been obtained by hackers during the year-end holiday shopping season.
The stolen information included credit and debit card data, customer names and PIN (personal identification data) numbers.
On Friday, Target said that its investigation had revealed that hackers also stole a second batch of data that included names, mailing addresses, phone numbers or email addresses for up to 70 million people.
http://news.yahoo.com/target-says-da...150615694.html
110+ Million cards compromised along with SS and address information =
The stolen information included credit and debit card data, customer names and PIN (personal identification data) numbers.
On Friday, Target said that its investigation had revealed that hackers also stole a second batch of data that included names, mailing addresses, phone numbers or email addresses for up to 70 million people.
http://news.yahoo.com/target-says-da...150615694.html
110+ Million cards compromised along with SS and address information =
Safety Car
Joined: Jul 2007
Posts: 4,845
Likes: 145
Ok. Calm the fuck down. I'm not trying to say it's good, but you are not correct. There have been 2 breaches with different information gathered in each one.
First, no Social Security numbers have been reported as stolen in either breach.
Second, the 70M breach is nothing more than contact information. Name/Address/Phone/Email. Someone just got an awesome spam list. No CC numbers there.
But if you want to be a little scared about something that hasn't hit the mainstream news yet that I've seen, Neiman Marcus is investigating a data breach also.
I was thinking today, these incidents might spur a revival in store brand credit cards. That's one way to limit your exposure to any data theft.
First, no Social Security numbers have been reported as stolen in either breach.
Second, the 70M breach is nothing more than contact information. Name/Address/Phone/Email. Someone just got an awesome spam list. No CC numbers there.
But if you want to be a little scared about something that hasn't hit the mainstream news yet that I've seen, Neiman Marcus is investigating a data breach also.
I was thinking today, these incidents might spur a revival in store brand credit cards. That's one way to limit your exposure to any data theft.
Trolling Canuckistan
Joined: Oct 2005
Posts: 10,453
Likes: 811
From: 100 Legends Way, Boston, MA 02114
Suzuka Master
Joined: Sep 2006
Posts: 9,863
Likes: 439
Ok. Calm the fuck down. I'm not trying to say it's good, but you are not correct. There have been 2 breaches with different information gathered in each one.
First, no Social Security numbers have been reported as stolen in either breach.
Second, the 70M breach is nothing more than contact information. Name/Address/Phone/Email. Someone just got an awesome spam list. No CC numbers there.
But if you want to be a little scared about something that hasn't hit the mainstream news yet that I've seen, Neiman Marcus is investigating a data breach also.
I was thinking today, these incidents might spur a revival in store brand credit cards. That's one way to limit your exposure to any data theft.
First, no Social Security numbers have been reported as stolen in either breach.
Second, the 70M breach is nothing more than contact information. Name/Address/Phone/Email. Someone just got an awesome spam list. No CC numbers there.
But if you want to be a little scared about something that hasn't hit the mainstream news yet that I've seen, Neiman Marcus is investigating a data breach also.
I was thinking today, these incidents might spur a revival in store brand credit cards. That's one way to limit your exposure to any data theft.
point is they got a lot of stuff and I would bet my last $1 this isn't over yet... so how about you chill with the cursing and talk like a normal person...
My apologies for saying SSN but those are technically Personal Identification numbers and they are definitely in the pharmacy system...
US Bank called me yesterday stating that there was fraudulent activity detected on my HSA account and the only, I repeat ONLY place I have EVER used the ONE AND ONLY card linked to that account is Target Pharmacy....
Senior Moderator
Joined: Jun 2004
Posts: 18,015
Likes: 1,429
From: NYC
COME AT ME BRO!
Joined: Jun 2004
Posts: 9,796
Likes: 13
From: st.johns, NL (CANUKISTAN)
David_Dude
Joined: May 2011
Posts: 13,283
Likes: 581
From: Florida
My friend and his wife had this issue right before Christmas shopping at target. His wife had noticed some suspicious charges and reported it to their bank. She even warned everyone on FB who had shopped at target between certain dates. Replaced their debit card, but they had to wait until the new year for their money to be refunded minus the charges they had made.
When I'm online checking my accounts my local credit union had the warning about compromised cards posted on its website right at the top up until yesterday.
When I'm online checking my accounts my local credit union had the warning about compromised cards posted on its website right at the top up until yesterday.
Why did you start a new thread instead of updating the old one? 
Safety Car
Joined: Jul 2007
Posts: 4,845
Likes: 145
lol gotta love the idiot in the thread swearing... nice
point is they got a lot of stuff and I would bet my last $1 this isn't over yet... so how about you chill with the cursing and talk like a normal person...
My apologies for saying SSN but those are technically Personal Identification numbers and they are definitely in the pharmacy system...
US Bank called me yesterday stating that there was fraudulent activity detected on my HSA account and the only, I repeat ONLY place I have EVER used the ONE AND ONLY card linked to that account is Target Pharmacy....
point is they got a lot of stuff and I would bet my last $1 this isn't over yet... so how about you chill with the cursing and talk like a normal person...
My apologies for saying SSN but those are technically Personal Identification numbers and they are definitely in the pharmacy system...
US Bank called me yesterday stating that there was fraudulent activity detected on my HSA account and the only, I repeat ONLY place I have EVER used the ONE AND ONLY card linked to that account is Target Pharmacy....
It sounds like your fraud experience was like any other, except you had the "fortune" of your card being an HSA account so all transactions would be closely verified to be legitimate medical purchases.
Since your HSA debit card would look like any other CC in the data dump, there wouldn't be any way for the thief to know it was an HSA account and no way for them to track back to your insurance and get your SS.
Safety Car
Joined: Jul 2007
Posts: 4,845
Likes: 145
Maybe, I don't know about it. I was referring to store-specific credit cards, like Sears (before they sold that business off to Citibank and made it a branded VISA). JC Penney, Bon Ton, other department stores, too.
Maybe a lot of those cards have gone away, but maybe using them would limit your risk. If the card info ever got stolen, it could only be used at that chain. Doesn't do much for someone overseas wanting to buy Apple stuff from eBay or get a cash advance for an online casino.
The downside is obviously convenience, just a simple balance between convenience and risk. Personally I use one card everywhere, and I'm pretty confident that anything odd that happens will be caught and taken care of.
Maybe a lot of those cards have gone away, but maybe using them would limit your risk. If the card info ever got stolen, it could only be used at that chain. Doesn't do much for someone overseas wanting to buy Apple stuff from eBay or get a cash advance for an online casino.
The downside is obviously convenience, just a simple balance between convenience and risk. Personally I use one card everywhere, and I'm pretty confident that anything odd that happens will be caught and taken care of.
Senior Moderator
Joined: Dec 2010
Posts: 31,897
Likes: 7,251
From: Austin, TX
nnInn
Joined: Mar 2006
Posts: 37,670
Likes: 1,084
Saw a blurb from the Target CEO, was saying the banks need to a better job. Saying the US needs to start using the computer chip credit cards. Like that would have stopped someone getting into their terminal systems.
Race Director
Joined: Dec 2003
Posts: 12,521
Likes: 1,824
From: MAGA country
As I understand it, full PCI compliance would have resulted in the CC #'s being encrypted. So, the hack would have still happened, but the senstive data they gathered would have been encrypted data rather than raw CC #'s. The PINs were indeed encrypted.
I laugh at people upset about name, phone#, address being gathered while at the same time they are listed in the phone book...
Just got an email.
Dear Target Guest,
As you may have heard or read, Target learned in mid-December that criminals forced their way into our systems and took guest information, including debit and credit card data. Late last week, as part of our ongoing investigation, we learned that additional information, including name, mailing address, phone number or email address, was also taken. I am writing to make you aware that your name, mailing address, phone number or email address may have been taken during the intrusion.
I am truly sorry this incident occurred and sincerely regret any inconvenience it may cause you. Because we value you as a guest and your trust is important to us, Target is offering one year of free credit monitoring to all Target guests who shopped in U.S. stores, through Experian’s® ProtectMyID® product which includes identity theft insurance where available. To receive your unique activation code for this service, please go to creditmonitoring.target.com and register before April 23, 2014. Activation codes must be redeemed by April 30, 2014.
In addition, to guard against possible scams, always be cautious about sharing personal information, such as Social Security numbers, passwords, user IDs and financial account information. Here are some tips that will help protect you:
Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.
Delete texts immediately from numbers or names you don’t recognize.
Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.
Target’s email communication regarding this incident will never ask you to provide personal or sensitive information.
Thank you for your patience and loyalty to Target. You can find additional information and FAQs about this incident at our Target.com/databreach website. If you have further questions, you may call us at 866-852-8680.
Gregg Steinhafel
Chairman, President and CEO
As you may have heard or read, Target learned in mid-December that criminals forced their way into our systems and took guest information, including debit and credit card data. Late last week, as part of our ongoing investigation, we learned that additional information, including name, mailing address, phone number or email address, was also taken. I am writing to make you aware that your name, mailing address, phone number or email address may have been taken during the intrusion.
I am truly sorry this incident occurred and sincerely regret any inconvenience it may cause you. Because we value you as a guest and your trust is important to us, Target is offering one year of free credit monitoring to all Target guests who shopped in U.S. stores, through Experian’s® ProtectMyID® product which includes identity theft insurance where available. To receive your unique activation code for this service, please go to creditmonitoring.target.com and register before April 23, 2014. Activation codes must be redeemed by April 30, 2014.
In addition, to guard against possible scams, always be cautious about sharing personal information, such as Social Security numbers, passwords, user IDs and financial account information. Here are some tips that will help protect you:
Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.
Delete texts immediately from numbers or names you don’t recognize.
Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.
Target’s email communication regarding this incident will never ask you to provide personal or sensitive information.
Thank you for your patience and loyalty to Target. You can find additional information and FAQs about this incident at our Target.com/databreach website. If you have further questions, you may call us at 866-852-8680.
Gregg Steinhafel
Chairman, President and CEO
The sizzle in the Steak
Joined: Nov 2001
Posts: 71,436
Likes: 1,877
From: Southern California
So if a customer used a credit, not debit card, how was the customer's email, address, phone number obtained?
I can understand some information from a debit card, and if you used a target club card (I dunno if they have those or not) or a Target credit card (I dunno if they have that either).
IIRC on a credit card mag strip, only the card holder’s name, card’s account number, expiration date, & card security code (CSC), or the card verification value (CVV).
So where are they getting that info? Clearly not from a CC...no?
I can understand some information from a debit card, and if you used a target club card (I dunno if they have those or not) or a Target credit card (I dunno if they have that either).
IIRC on a credit card mag strip, only the card holder’s name, card’s account number, expiration date, & card security code (CSC), or the card verification value (CVV).
So where are they getting that info? Clearly not from a CC...no?