Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 12-20-2013, 07:35 AM   #21
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,644
Quote:
Originally Posted by Chuckanut View Post
I would not recommend use of debit cards to avoid the problem. Debit cards make the problem worse for the consumer since debit cards do not have the same legal protections against fraudulent use that credit cards have. The banks lobbied long and hard to make sure that debit cards were not covered like credit cards. Let the consumer beware.

If I used a debit card on any regular basis, I would have it linked to an account that had only a minimum of money in it at any time, so they could not drain a large account.
I have only one debit card -- my bank ATM card and I use it only at ATMs. As noted above the news says the hackers pulled info from point of sale including PINS on debit cards. With that info they could clone debit cards and sell them with PINS. The culprits could potentially access accounts from an ATM and transfer money between accounts, pull funds, etc. Most banks would probably cover you but they are not obliged to do so.

Scary indeed. I used one of my favorite credit cards at Target during the period reported to be at risk and the CC company stopped a couple of routine transactions a few days later. I suspect they are being hyper vigilant given the Target breach but don't want to cancel millions of cards during this critical season. I use that card for a couple of important auto payments and am leaving the country shortly and will want the card to work overseas. I was afraid the CC company might end up cancelling the card in a week or two at an inappropriate time so I called and had it cancelled myself so I can get ahead of the game. Needless to say, customer service was busy but understanding.
__________________

__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 12-20-2013, 08:00 AM   #22
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,465
Anyone that has used a debit card at Target during the breach period should change the PIN immediately.

Well, I must have used my credit card at Target because I just received an email from them. It is legit. Long & detailed, informs me of the data breach and lists the actions I should consider (monitor my account, place a fraud alert, etc). Lots of legalese.

The thing is, they use an email address I only use for financial accounts - banks and investment. Never merchants. It must have been forwarded to them by the nice folks over at Fido Visa. It doesn't add much security, but it does add a little. Or did, at least.
__________________

__________________
MichaelB is offline   Reply With Quote
Old 12-20-2013, 08:05 AM   #23
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 42,117
Quote:
Originally Posted by MichaelB View Post
Anyone that has used a debit card at Target during the breach period should change the PIN immediately.
DW used her debit card at Target during that time period. We were discussing monitoring her account carefully and changing her pin when we got this from the bank this am...

Quote:
How can I find out whether my card was affected?

USAA is investigating this recent breach at Target stores to determine whether USAA Bank credit or debit cards were affected. USAA Bank actively monitors account activity through sophisticated software and processes to help protect you from fraud. However, we strongly encourage you to monitor your account(s) on mobile or usaa.com and review your monthly statements carefully. Notify USAA immediately if you see any unauthorized activity by calling 800-531-USAA (8722).

Should I reset my PIN?

There is no indication that any card PIN information was compromised. While you are welcome to reset your PIN at any time, it is not necessary as a result of this incident.

Should I cancel my card?

There is no need to cancel your card. USAA Bank has software and processes that monitor your accounts for suspicious activity, and if we determine your account is at risk, we will notify you and reissue your card. USAA has a Zero Liability Policy that helps protect you, so that in the event any unauthorized purchases occur on your credit or debit card account, you will be fully reimbursed in accordance with the policy.

Is USAA going to reissue my card?

USAA Bank has a highly sophisticated fraud detection team that is constantly monitoring account activity, and if we determine your account is at risk, we will notify you and reissue your card(s).
__________________
Numbers is hard

When I hit 70, it hit back

Retired in 2005 at age 58, no pension
REWahoo is offline   Reply With Quote
Old 12-20-2013, 08:08 AM   #24
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 11,977
Called Discover last night (used at Target during the period in question), and got a recorded message saying we would not be liable, that they were monitoring closely, and suggested we do the same. DW reduced the $limit at which we are instantly notified of any charges and we will continue to review charges daily.

Presumably Target is going to take a big sales hit, and some increase in CC fines & fees. I feel sorry for them on one hand, but it was their breach...
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 60% equity funds / 35% bond funds / 5% cash
Target WR: Approx 2.5% Approx 20% SI (secure income, SS only)
Midpack is offline   Reply With Quote
Old 12-20-2013, 08:13 AM   #25
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,465
Quote:
Originally Posted by REWahoo View Post
DW used her debit card at Target during that time period. We were discussing monitoring her account carefully and changing her pin when we got this from the bank this am...
The first report I saw indicated PIN numbers were included in the breach. Recent reports say not so, only card info (number, expiration, security). Changing a PIN is a PITA.

I'd believe USAA over all the others.
__________________
MichaelB is offline   Reply With Quote
Old 12-20-2013, 08:40 AM   #26
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
After poking about on the subject, a few things that could make this problem even worse.
We tend to think of our credit cards or debit cards as having a limit... ie. the credit card company would question sudden activity and stop the charges, or that the debit card risk would, at worst, be limited to the amount in your account. This may not be the case. The biggest fear would be having your identity stolen. More later...

While the details are not yet out, it seems apparent that the stolen information did not come from "skimmers", which would take a long time, and be limited to the information in the machine at the time... Suspicion is that the hacking went into a central system, and that the general area of the hacking was somewhere in Vietnam. This is an even worse problem, because of jurisdictional limits for investigation.

One guess as to the potential comes from this scenario. Hackers take the 40+million records, which includes name, account number and security code, and possibly address information (not sure about that)... and then package these records in groups of 1,000, selling them off to mafia type cyber pirates for $1 per account.

The simplest form of piracy would be to create and encode blank cards to be used by the perp, or to buy online.

Now... to the part about identity theft.
By itself, the credit or debit card is not a passport to sudden wealth, but going a bit further... Using the card as a starting point to steal your identity..
all of the information that could make HIM = YOU. Allowing them to... for instance:
Obtain a drivers license in another state, open up a bank account, obtain a voting card, get a (copy) birth certificate... and in effect, be YOU. Possibly the very worst part... it may not happen today or tomorrow, but 6 months, a year or more from now.

Stealing the identity is not as hard as it seems, but can take some effort and some time. You are probably familiar with the "White Pages"... a simple start. This can give your address, people who are associated with you, like kids or relatives, your telehone number, and the names and address es of your neighbors.
Google maps and Bird's eye view shows your house. Your face book page may show an infinite amount of personal information (whatever you share).
Geneological sites can show up relatives, like Your mother's maiden name... or the town in which your father was born... (test questions used to block your banking or personal info accounts).
...and for about $50, a complete background check.
With the explosion of social media, there are many many more possibilities, such as where you work, from Linked In.
...then, the easiest source... your name, you user name(s) into Google search... which, inour case, leads back to all the personal stuff we put here on ER.
If this sounds unreal, consider the moneyary rewards that coud be possible from spending a few hours or days in drilling for this information.

After an identity is stolen, fixing is a nightmare, as taking out loans, cleaning out bank accounts, buying cars can all happen in a matter of days or weeks, before the theft is discovered.

Definitely a scare story... and so far, this kind of mass theft has not occurred.
Likely this will be just a wake up call, for everyone... I watched an interview with a cyber security "expert" who said that no matter how sophisticated the "secure" system, the cyber criminal will always be a step ahead.

I don't know that you and I can do very much about this, other than being aware that all of our personal identification information is not in one place... as in a wallet, with drivers license, credit cards, social security cards, medical information and other identity items... Not just the wallet, but anywhere the information may be available and subject to loss or theft... The tablet, phone, laptop or even in the glove compartment of the car.

As I look around me, I see that I'm vulnerable, but also resigned to the possibilities. Other than some small, obvious changes, won't let the worry take over my life... Am too old for this shtuff...

And so ends a short foray into "what if"... Time for my ham and eggs breakfast.
__________________
imoldernu is offline   Reply With Quote
Old 12-20-2013, 09:25 AM   #27
Thinks s/he gets paid by the post
Gotadimple's Avatar
 
Join Date: Feb 2007
Posts: 1,761
Just to clarify this great discussion. The following from Target's press notice https://corporate.target.com/discove...-to-payment-ca

"We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV."

"If you used a non-Target credit or debit card at Target between Nov. 27 and Dec. 15 and have questions or concerns about activity on your card, please contact the issuing bank by calling the number on the back of your card."

Rita
__________________
Only got A dimple, would have preferred 2!
Gotadimple is offline   Reply With Quote
Old 12-20-2013, 09:32 AM   #28
Moderator
Walt34's Avatar
 
Join Date: Dec 2007
Location: Eastern WV Panhandle
Posts: 16,544
Quote:
Originally Posted by MichaelB View Post
There is one other difference between the consumer liability of a fradulent charge on a credit card vs a debit card. On the credit card one registers a dispute and is then under no onligation to pay while the dispute is investigated and resolved. A debit, on the other hand, is money already withdrawn from one's account. The financial institution has an obligation to temporarily return the funds pending investigation, but a week without the funds is easy to imagine, and could be much more if the bank feels the withdrawals were in some way authorized.
That's exactly why we don't have a debit card and refused it when the bank wanted to make the ATM card a combination ATM/debit card. They seemed surprised that anyone was aware of the distinctions between a cc and debit card other than the immediate withdrawal of funds for debit cards.
__________________
I heard the call to do nothing. So I answered it.
Walt34 is offline   Reply With Quote
Old 12-20-2013, 09:32 AM   #29
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,644
@imoldernu re: identity theft. Us old folks don't generally need to be able to open new lines of credit. DW and I froze our credit nearly a decade ago and have only once needed to temporarily unfreeze it to clear something. All existing lines of credit (e.g. cards and replacement cards) continue unaffected. An identity thief with sufficient data might be able to get a birth certificate and other documents that don't involve approving a new credit line but they couldn't get a loan, new cards, etc in your name. It is a bit of work but seemed worth it to me.
__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is offline   Reply With Quote
Old 12-20-2013, 09:39 AM   #30
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,334
I am wondering how they did this. Apparently, it was swiped cards that had their information stolen. I can't imagine modifying the equipment and hundreds, maybe thousands of registers, doing it all over the country, and nobody noticing anything. Most likely they intercepted the information as it traveled from the register to the whatever computers process the transaction for Target. Does anybody have any insight how this might have been done?

This has to be at least the third time in two years that financial type data of mine has been compromised by the corporations I trust with it. It makes me wonder.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 12-20-2013, 10:37 AM   #31
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,708
If you stand back and look at the entire process, there are a number of attack vectors. If programmers can get into industrial controllers and wreck a centrifuge...
__________________
target2019 is offline   Reply With Quote
Old 12-20-2013, 10:45 AM   #32
Thinks s/he gets paid by the post
walkinwood's Avatar
 
Join Date: Jul 2006
Location: Denver
Posts: 2,676
I had to call Amex and cancel DW's card (and get a new one) last night after seeing a a fraud charge pop up. She had used her card at Target just after Thanksgiving.

I have set up my card accounts to send me an email when a charge is made, so that helped get notification right away. We have no liability, but it is still a pain to deal with.
__________________
walkinwood is offline   Reply With Quote
Old 12-20-2013, 11:02 AM   #33
Full time employment: Posting here.
Calico's Avatar
 
Join Date: Apr 2012
Posts: 924
I was going to go to Target on 12/13 to do some Christmas shopping, but decided to postpone the trip until 12/16, due to laziness/general procrastination. I used my debit card there on 12/16.

Apparently the problems with compromised card data occurred through 12/15.

For once in my life, my laziness paid off big time.

I feel for all the folks who are having to deal with the fallout from the breach. Even if there is no evidence of fraud in your accounts, just having to worry about it and monitor it diligently is a PITA, especially at this time of year.

Edited to add: Even though they say the cutoff was 12/15, I am still checking my account a couple of times a day. Can't believe everything you read.
Edited (again) to fix the dates (thanks Audrey!)
__________________
"Let America be the dream the dreamers dreamed, Let it be that great strong land of love, Where never kings connive nor tyrants scheme, That any man be crushed by one above." - Langston Hughes
Calico is online now   Reply With Quote
Old 12-20-2013, 11:25 AM   #34
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,484
Quote:
Originally Posted by MichaelB View Post
The first report I saw indicated PIN numbers were included in the breach. Recent reports say not so, only card info (number, expiration, security). Changing a PIN is a PITA.

I'd believe USAA over all the others.
Easy to do at an ATM machine? I changed my ATM card PIN easily a couple of months ago.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is offline   Reply With Quote
Old 12-20-2013, 11:25 AM   #35
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,109
Quote:
Originally Posted by Gotadimple View Post
"We have determined that the information involved in this incident included customer name, credit or debit card number, and the cardís expiration date and CVV."
I noticed that as well and am confused. (a common occurrence) I thought the CVV number printed on the back of the card was not on the magnetic strip info and was only used for on-line transactions to prove you physically had the card in your presence. Merchants are required by law to not store the CVV number.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 12-20-2013, 11:27 AM   #36
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,484
Quote:
Originally Posted by Alan View Post
I noticed that as well and am confused. (a common occurrence) I thought the CVV number printed on the back of the card was not on the magnetic strip info and was only used for on-line transactions to prove you physically had the card in your presence. Merchants are required by law to not store the CVV number.
Didn't know that. I am occasionally asked for it at point of sale.

If they are NOT supposed to store the CVV number by law, then these guys really need to straighten up! It would make it harder if the thieves didn't get their hands on the CVV.

And why on earth would debit card PINs be stored?!?
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is offline   Reply With Quote
Old 12-20-2013, 11:29 AM   #37
Thinks s/he gets paid by the post
Rustward's Avatar
 
Join Date: Apr 2006
Posts: 1,572
Credit card data (and transaction data) goes through a number of systems during and after a transaction. The media reports mentioned POS systems, but that does not necessarily mean POS systems local to all 1700+ stores; it could be some place where the data gets concentrated (like a central server). The merchant stores this data for a number of reasons, like resolving disputes (with 1700+ stores do you think Target ever has to resolve a dispute?), processing exchanges and returns, redundancy (equipment does fail, and the more of it you have, the more likely a failure), and analysis (spending data is analyzed just about every way one can think of), etc.

Just because the data is in a computer system and you can't "see" it, that does not mean that people cannot access that data.

Some people think their card is safe if no other person ever handles it. In reality, the exposure starts when the card is swiped, regardless of who does the swiping.

The media reports also use the word "hacked" which would mean an unauthorized outsider, but some also mentioned "trusted insider". We may never know because full details of these things are rarely made public.

But it probably wasn't a guy wearing dark sunglasses with a stolen Big Chief tablet and No. 2 lead pencil lurking in the checkout area.
__________________
Rustward is offline   Reply With Quote
Old 12-20-2013, 11:32 AM   #38
Full time employment: Posting here.
Calico's Avatar
 
Join Date: Apr 2012
Posts: 924
Quote:
Originally Posted by audreyh1 View Post
What month/year are you in?
HA! Mea culpa. I have been on vacation for the last 8 days, and apparently my mental faculties have gone AWOL. Not the first time.

I am on vacation for a total of three weeks (sort of "practicing" for retirement). If this is any indication of what I can expect, it does not bode well for my mental faculties in actual retirement.

Maybe my slip can be explained by the fact that this morning I entered several appointments in my January calendar? That's my story and I'm sticking to it.
__________________
"Let America be the dream the dreamers dreamed, Let it be that great strong land of love, Where never kings connive nor tyrants scheme, That any man be crushed by one above." - Langston Hughes
Calico is online now   Reply With Quote
Old 12-20-2013, 11:35 AM   #39
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 11,977
We shopped at Target during the period in question, so we are following the situation. From what I've read:

It didn't happen at the registers, a breach on this scale had to be hackers/organized crime and/or insiders infiltrating Target's system. Still under investigation.

They got all the information on the cards' magnetic strips, including full names, card numbers, expiration dates, even security codes.

However, the magnetic strip on the back of your card doesn't have your Social Security number or your address or your phone number. Information thieves would need to actually open accounts in your name and impersonate you, so experts say the risk of total identify theft is fairly slim.

There are no guarantees to prevent identity theft, but there are lots of actions you can take to reduce your odds, most common sense. And I'd bet many/most here already take lots of precautions. The "I don't know that you and I can do very much about this" comment above is misleading.

40 Precautions for Preventing Identity Theft

Let me google that for you

Debit cards carry higher exposure than credit cards.
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 60% equity funds / 35% bond funds / 5% cash
Target WR: Approx 2.5% Approx 20% SI (secure income, SS only)
Midpack is offline   Reply With Quote
Old 12-20-2013, 11:41 AM   #40
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,905
I don't normally participate in Black Friday shopping, and did not do so this year either. However, I admit that Target had some very tempting sales prices. If I *had* participated in the Black Friday madness, probably it would have been at Target.

What a mess this must be for those affected!
__________________

__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 01:42 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.