1. Attachments are working again! Check out this thread for more details and to report any other bugs.

Target.. up to 40 MILLION credit cards compromised...

Discussion in 'Fred's House of Pancakes' started by ny_rob, Dec 20, 2013.

  1. ny_rob

    ny_rob Senior Member

    Joined:
    Feb 28, 2012
    1,968
    813
    0
    Location:
    L.I.- NY
    Vehicle:
    Other Hybrid
    Model:
    N/A
    As most know by now, Target brick and mortar stores had their credit card reader systems hacked starting the day before Black Friday and the hack continued till Dec 15th.
    Target estimates that up to 40 million credit card numbers along with the owners name, the card exp date and 3 digit security code (and PIN if it was a debit card) could now be available on the black market to anyone with the cash to purchase them.

    I unfortunately did shop at Target on Black Friday and used my credit card to make a multi hundred dollar purchase.
    As soon as I heard the news about the hack- I canceled my credit card and luckily I was able to verify every charge on my account from Nov 27th to the day I canceled the card. I consider myself lucky!

    So we used to say "it's not safe to use your credit card for online purchases".
    Now it's not safe to use your credit card at brick and mortar stores either:mad:
    My wife likes to use cash for everything when she can- I guess she's the smart one in the family....
     
  2. The Electric Me

    The Electric Me Go Speed Go!

    Joined:
    May 22, 2009
    9,083
    5,795
    0
    Location:
    Undisclosed Location
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    Wow.

    A few months back I got a notification letter from Harbor Freight that their credit card system had been hacked. Similar issue.

    Had to cancel my card, just to be sure.

    This seems to becoming more and more common.
     
  3. jdcollins5

    jdcollins5 Senior Member

    Joined:
    Aug 30, 2009
    5,131
    1,338
    0
    Location:
    Wilmington, NC
    Vehicle:
    2010 Prius
    Model:
    III
    My wife has a Target debit card and used it during the time frame indicated. We are going to follow the latest Target advice and watch the account closely and report any unusual activity.
     
  4. ny_rob

    ny_rob Senior Member

    Joined:
    Feb 28, 2012
    1,968
    813
    0
    Location:
    L.I.- NY
    Vehicle:
    Other Hybrid
    Model:
    N/A
    FWIW- it was -any- brand credit card (not just Target branded credit cards) that was physically swiped at Target from Black Friday on that got compromised.

    Target's advice to "watch the account closely and report any unusual activity" is unrealistic and a huge burden on the cardholder. Why take chances- just cancel the Target branded card and get a new one with a different number on it. Two min and you're safe again vs. closely watching your account for the next few months/years... and then having to prove that you didn't make those unauthorized purchases if they do happen.
     
  5. Zythryn

    Zythryn Senior Member

    Joined:
    Apr 28, 2008
    6,153
    4,144
    1
    Location:
    Minnesota
    Vehicle:
    Other Electric Vehicle
    Model:
    N/A
    You are wrong to state that "now" it's not safe.
    It never was. Card numbers have been stolen by store clerks, waiters, etc ever since they have been used.
    Cash does assure that no one has access to your line of credit.
    However, I find the discounts, tracking of my charges, and basically zero loss of funds if my wallet is stolen, card number stolen, etc, to be worth the possible headaches.
     
  6. ny_rob

    ny_rob Senior Member

    Joined:
    Feb 28, 2012
    1,968
    813
    0
    Location:
    L.I.- NY
    Vehicle:
    Other Hybrid
    Model:
    N/A
    +1
    I'm not a big "returner" of items unless they're really not-as-advertised, but when you do charge something you have much more leverage when it comes to returns. Once you've paid by cash- you're at the mercy of the seller for refunds.
    Credit cards are almost a necessary evil nowadays, especially if you travel- it's pretty difficult to book a hotel, rental car, sightseeing tour, etc... without a credit card. I just wish these retailers would take security a little more seriously.

    Maybe we need a consumer bill of rights type thing with penalties levied against companies who allow your info to get stolen and put you through a lot of misery because of their failure to protect your data?
     
  7. Zythryn

    Zythryn Senior Member

    Joined:
    Apr 28, 2008
    6,153
    4,144
    1
    Location:
    Minnesota
    Vehicle:
    Other Electric Vehicle
    Model:
    N/A
    Perhaps, however retailers have a very large incentive to make sure your data is safe.

    I mean, the amount of business Target is going to loose over this is huge!
    The week before Christmas is probably second to only the week after Thanksgiving.
     
  8. ny_rob

    ny_rob Senior Member

    Joined:
    Feb 28, 2012
    1,968
    813
    0
    Location:
    L.I.- NY
    Vehicle:
    Other Hybrid
    Model:
    N/A
    Exactly, with the millions and millions of $$ they make- they should be hiring the absolute tip top best in cyber security to ensure their system is locked down. Obviously they weren't serious enough and got caught with their pants down.
     
  9. Zythryn

    Zythryn Senior Member

    Joined:
    Apr 28, 2008
    6,153
    4,144
    1
    Location:
    Minnesota
    Vehicle:
    Other Electric Vehicle
    Model:
    N/A
    I disagree. This was not some kid with a downloaded hack, this was very sophisticated.
    It is a never ending, always escalating battle.
    No question the measures they had in place failed. But that doesn't mean their efforts weren't what they thought, the best they could buy.
     
  10. Zythryn

    Zythryn Senior Member

    Joined:
    Apr 28, 2008
    6,153
    4,144
    1
    Location:
    Minnesota
    Vehicle:
    Other Electric Vehicle
    Model:
    N/A
    Wonder what took the ambulance chasers so long?
     
  11. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    107,571
    48,862
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    i don't think we're responsible for charges, so closing the account is only a band aid. future use of stolen creit info is a larger concern. i wonder who the company was doing thier transaction processing and security? that will be a part of the lawsuits i would think.
     
  12. amm0bob

    amm0bob Permanently Junior...

    Joined:
    May 29, 2008
    7,730
    2,546
    0
    Location:
    The last place on earth to get cable, Sacramento
    Vehicle:
    2008 Prius
    Model:
    II
    I bought big at Target... I am one of the 40 million.
     
  13. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    107,571
    48,862
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    target for cyber attacks.:(
     
  14. ny_rob

    ny_rob Senior Member

    Joined:
    Feb 28, 2012
    1,968
    813
    0
    Location:
    L.I.- NY
    Vehicle:
    Other Hybrid
    Model:
    N/A
    This particular time "only" the data from the magnetic strip on the back of the physical card was stolen, not the account info back at the mothership.
    So they got your name, credit card number, card exp date and 3 digit security code or PIN code if it was a debit card.
    They didn't get your SS number, DOB, home address, mother's maiden name, security question, etc... so canceling the compromised card and getting a new one with a different number should contain the damage.

    Any way you look at it- it's damn inconvenient for cardholders and those who may also have multiple automated payments attached to that card number and now have to jump through hoops getting things tied to another card.
    I for one hope Target gets sued big time and gets fined from the govt for all the time, effort and trouble they've caused their customers to endure.
     
  15. fuzzy1

    fuzzy1 Senior Member

    Joined:
    Feb 26, 2009
    17,035
    10,010
    90
    Location:
    Western Washington
    Vehicle:
    Other Hybrid
    Model:
    N/A
    This isn't absolute. The cardholder still needs to identify and report fraudulent charges in a very timely manner, otherwise the legal protection is lost. Many account holders don't review their statements promptly (or ever), and may easily miss fraud in the required timeframe.

    While $0 liability is a common industry practice, it is neither legally mandated nor universal. The law allows the financial company to hold the user liable for a certain small amount even if the fraud is reported immediately, and the cap climbs sharply if reporting deadlines are missed. Credit and debit have different levels of protections.

    And don't forget the time and labor hassle of getting fraud removed. This can be particularly nasty for debit card users living with little or no financial buffer.

    As ny_rob already pointed out, for this particular breach, no other data beyond the card itself appears to have been compromised, so cancelling the card should be sufficient.

    My spam filter netted numerous offers of 'black credit cards' over the past couple weeks. Over the weekend I learned that 'black' refers to cloned cards of the sort these pirates would be making and selling from the stolen data. But the filter had already been emptied, so no review.
     
  16. ny_rob

    ny_rob Senior Member

    Joined:
    Feb 28, 2012
    1,968
    813
    0
    Location:
    L.I.- NY
    Vehicle:
    Other Hybrid
    Model:
    N/A
    +1
    My debit card got compromised at a local gas station a few years back.
    Within 30min of my visit to that gas station in NY someone in England used my card with the PIN to make a $720 purchase in the UK.
    The hassle that I had to put up with canceling that card, and proving I didn't make nor authorize the overseas debit purchase completely soured my outlook towards debit cards. Not only did it take over two weeks for the bank to put the $720 back in my account- it was "provisional and subject to charge back for up to six months" if it was found I was somehow responsible for leaking/giving away my PIN to someone other than myself.
    I pretty much only use my debit card five or six times a year now when I go to Costco, otherwise I use my Credit Card for most non-cash purchases because of the lack of protection with debit cards.
    It's one of those things you'd never know about unless you've gone through it, and to top it off- you'd think the bank (Capital One) would be interested in helping and containing the damage, but they couldn't have been less helpful in this matter. It's like they just really didn't care at all...
     
  17. sosarahsays

    sosarahsays Member

    Joined:
    Nov 3, 2013
    117
    37
    0
    Location:
    PNW
    Vehicle:
    2010 Prius
    Model:
    IV
    Unfortunately, I was one of the Target folks, too. I used a Target RedCard--the debit one. Since this is a debit card that is merely linked to a bank account and requires a PIN, I just changed the PIN and am keeping an eye on the account it's linked to. I could be wrong, but I don't think they could get directly to the account without the PIN--and even if they got it, now it's changed, so cloning the card should be useless since it requires a PIN. Plus, you can only use the Target debit RedCard at Target, which makes me feel a bit safer, for some reason.


    I actually had a similar experience to this a few years ago. One of my debit cards was "skimmed" (meaning they were able to make a clone and somehow got my PIN number) at a bank-owned ATM! (Bank of America.) At the time, I didn't keep too much money in the account, but it was completely drained; about $750. What made it worse was that it was taken out of an ATM fairly near my home! I was really nervous about trying to fight it because it sounded so suspect to me. "Yes, I still have the card. No, it hasn't been out of my possession. No, no one else knows my PIN... Yes, I know the ATM is within 5 miles of my house..." They also refunded the money on a provisional basis. "Luckily," I was one of HUNDREDS in my area that were affected by these scammers, so our case was strong.

    This whole thing is frustrating because, with the EXCEPTION of Target, I put everything on my AmEx for the cash back and extra layer of security between a transaction and my bank account. I also don't understand why it took them so long to release this information. From some of the press, it seems like the got wind of the breach on Monday, but used the whole week to assess the "damage" before making a public announcement Friday.
     
  18. fuzzy1

    fuzzy1 Senior Member

    Joined:
    Feb 26, 2009
    17,035
    10,010
    90
    Location:
    Western Washington
    Vehicle:
    Other Hybrid
    Model:
    N/A
    Why be nervous? The ATMs should take customer photos. Many suspects get identified that way.

    In the previous century, a very few even did it while still wearing their police uniforms, while the card's owner was incarcerated in their local facility. Stepping aside doesn't help when the name badge is still in view.
     
  19. sosarahsays

    sosarahsays Member

    Joined:
    Nov 3, 2013
    117
    37
    0
    Location:
    PNW
    Vehicle:
    2010 Prius
    Model:
    IV
    Wow, that's crazy.

    I was nervous because I thought the bank would say I sent a friend or something. A criminal mastermind scheme to double your money with the help of a friend or something. Especially because I felt it was SO suspect that I still had the card in my possession. This was my first experience with card theft and I was only 23, so... :)