Credit Cards Compromised

[Alan]

Quote:

Originally Posted by audreyh1 Didn't know that. I am occasionally asked for it at point of sale. If they are NOT supposed to store the CVV number by law, then these guys really need to straighten up! It would make it harder if the thieves didn't get their hands on the CVV. And why on earth would debit card PINs be stored?!?

I don't recall ever being asked for the security code on the card at a cash register. Sometimes I am asked to prove id with a driving license, but that printed 3 or 4 digit security number should only be required by online merchants to prove that you are in possession of the card since they can't physically see it.

[MuirWannabe]

Quote:

Originally Posted by Rustward You make a very good point, ERD50. Until we know what happened, we do not know what happened. It is so easy to be an internet expert these days. If anyone thinks it is so easy, just go try it in real life, and report your experience.

+1

It ain't easy

[Chuckanut]

I doubt if we will ever know much about what happened other than a general overview.

Most IS organizations do not publicize security problems for fear that other criminals will exploit them. Even if Target has fixed its problem(s), other retailers, including small ones without a staff of experts, may still have the same flaw in their systems. For all we know, the flaw may exist in ATM's, building security systems, etc.

The ability to compromise thousands of machines in such a large organization, and have it go undetected for weeks is scary.

[braumeister]

Meanwhile, on the bright side ...

One of my credit cards (a Visa from PenFed) is due to expire next month. Today in the mail, I received a replacement card, and much to my surprise it's a chip & PIN card.

I hadn't asked for one specifically, but apparently PenFed is proactively issuing chip & PIN cards now to everyone. Good for them!

[Rustic23]

I checked USAA and they allow you to place an email/sms txt alert if your card is used over an amount you choose. As I had my card cloned just last month, and shopped at target on both the 14th and 15th, I set a $75 limit. When my card was cloned they ran up about $1,000 in charges in less than 24 hours. There were six charges and all but one was over $75. I'll admit all this is going to do is let me know sooner, and USAA absorbed all the fraud. However, as it cost nothing to put it on, and nothing to get an email, I figured why not.

[MRG]

Quote:

Originally Posted by braumeister Meanwhile, on the bright side ... One of my credit cards (a Visa from PenFed) is due to expire next month. Today in the mail, I received a replacement card, and much to my surprise it's a chip & PIN card. I hadn't asked for one specifically, but apparently PenFed is proactively issuing chip & PIN cards now to everyone. Good for them!

I recently received a chip and signature card from Fia cardholder services. But checking around it doesn't appear that all card readers in the US will actually do anything but read the mag strip for some time. I hope I read the articles incorrectly.

Edit to ask, when you use the new card does it force you to enter a pin?

MRG

[braumeister]

Quote:

Originally Posted by MRG when you use the new card does it force you to enter a pin?

No, that would be only where a chip & PIN card is used as such. Mostly in the Euro zone, but Canada has caught on pretty big already, and USA is beginning to play catchup. Most places in this country, we'll still use chip & PIN cards as if they had no chip, for the time being.

[audreyh1]

Quote:

Originally Posted by Alan I don't recall ever being asked for the security code on the card at a cash register. Sometimes I am asked to prove id with a driving license, but that printed 3 or 4 digit security number should only be required by online merchants to prove that you are in possession of the card since they can't physically see it.

I have been asked for it occasionally at a Flying J when using the Costco Amex card. 3% cash reward when filling a motorhome with diesel is a nice perk.

[Bikerdude]

Quote:

Originally Posted by walkinwood I had to call Amex and cancel DW's card (and get a new one) last night after seeing a a fraud charge pop up. She had used her card at Target just after Thanksgiving. I have set up my card accounts to send me an email when a charge is made, so that helped get notification right away. We have no liability, but it is still a pain to deal with.

They got my Amex also. Amex called and alerted me to a fraud charge to the Apple store. They sent me a new card and 10 days later that was compromised with multiple fraud charges that Amex approved. No liability for me but I don't know how they got me a 2nd time. I now have a third card. I've never had a problem before. Kinda scary IMO.

[W2R]

Quote:

Originally Posted by Bikerdude They got my Amex also. Amex called and alerted me to a fraud charge to the Apple store. They sent me a new card and 10 days later that was compromised with multiple fraud charges that Amex approved. No liability for me but I don't know how they got me a 2nd time. I now have a third card. I've never had a problem before. Kinda scary IMO.

How peculiar! Any ideas regarding how this could possibly have happened?

Fraudulent activity on the first card is bad enough, but to have the same thing happen with a second card would be very disturbing.

[Bikerdude]

Quote:

Originally Posted by W2R How peculiar! Any ideas regarding how this could possibly have happened? Fraudulent activity on the first card is bad enough, but to have the same thing happen with a second card would be very disturbing.

Well, on further review of my records it appears that the first compromise happened before my Target purchase and the only time it was out of my hands (except for online purchases) was at a restaurant. The Target charge was made on 12/4 with my first new card and the 2nd fraud happened on 12/12. So just looks like bad luck. The Amex rep did mention that this had been the worst year for fraud so far.

[W2R]

Quote:

Originally Posted by Bikerdude Well, on further review of my records it appears that the first compromise happened before my Target purchase and the only time it was out of my hands (except for online purchases) was at a restaurant. The Target charge was made on 12/4 with my first new card and the 2nd fraud happened on 12/12. So just looks like bad luck. The Amex rep did mention that this had been the worst year for fraud so far.

Wow, bad luck for sure. Good luck with card #3!

[sengsational]

I think we will find that it goes back to someone running an MS Windows machine on the Target network introducing a malware. If they can write malware specific to SCADA systems, it should be simple to write malware for a card scanner. Simply insert yourself between the intended destination of the mag stripe data and the reader. Then you buffer raw card data and phone home with it, maybe piggybacking on a 'real' outbound message. As to how it got in the scanners, there's probably a nightly update that pushes changes to the scanner, and it pushed the malware too.

[ERD50]

Quote:

Originally Posted by Rustic23 I checked USAA and they allow you to place an email/sms txt alert if your card is used over an amount you choose. As I had my card cloned just last month, and shopped at target on both the 14th and 15th, I set a $75 limit. ...

Why a $75 limit? From what I've heard, they often test the card with a $0.99 charge to iTunes or something similar.

My Visa allows email notifications, and I have it set for anything > $0.00. It really gives me confidence to know I'm getting near real time alerts to any card use.

My Fido Amex does not offer this.

-ERD50

[Bestwifeever]

Quote:

Originally Posted by ERD50 Why a $75 limit? From what I've heard, they often test the card with a $0.99 charge to iTunes or something similar. My Visa allows email notifications, and I have it set for anything > $0.00. It really gives me confidence to know I'm getting near real time alerts to any card use. My Fido Amex does not offer this. -ERD50

When my debit card was compromised at my bank's ATM machine, within minutes three $500 withdrawals were made at a distant ATM--no testing the waters with a negligible amount.

[Midpack]

We're checking charges daily, so far so good (fingers crossed).

My question is how do we know when the danger has passed? Presumably we won't really...

BTW. I went to our local Target store yesterday and the place was packed like I've never seen! Checkout line stretched all the way across the store. Wasn't sure if it was because of last weekend before Christmas or the 10% discount on all purchases - probably both. Absolutely crazy...and a little puzzling given the huge credit card issue.

[MichaelB]

Quote:

Originally Posted by Midpack We're checking charges daily, so far so good (fingers crossed). My question is how do we know when the danger has passed? Presumably we won't really...

I don't think the danger ever goes away, and one needs to monitor all one's financial accounts regularly.

[Midpack]

Quote:

Originally Posted by Midpack We're checking charges daily, so far so good (fingers crossed). My question is how do we know when the danger has passed? Presumably we won't really... Quote: Originally Posted by MichaelB I don't think the danger ever goes away, and one needs to monitor all one's financial accounts regularly.

Agreed, sort of what I was getting at with the last statement. So I'm starting to think we should just cancel the CC we used at Target, get a new one, and put it behind us now. We haven't already because I feel bad for the CC companies, as it's Target's blunder - I've read that the CC companies will fine Target and raise their costs.

[MichaelB]

Quote:

Originally Posted by Midpack Agreed, sort of what I was getting at with the last statement. So I'm starting to think we should just cancel the CC we used at Target, get a new one, and put it behind us now. I feel bad for the CC companies, as it's Target's blunder - I've read that the CC companies will fine Target and raise their costs.

Yes, you can replace the card, but does that really put it behind you? As soon as you begin using your new card, new opportunities arise for CC fraud. Earlier in the year I followed the advice of other members here and took out a second card used exclusively for automated billing. I'll now not change my primary card, just continue to monitor it.

CC companies, issuers and merchants could improve security for financial transactions in the US, it looks to me like they still assign higher priority to maximizing gross revenue.

[Texas Proud]

Quote:

Originally Posted by Bestwifeever When my debit card was compromised at my bank's ATM machine, within minutes three $500 withdrawals were made at a distant ATM--no testing the waters with a negligible amount.

When it comes to debit, I think they go all out ASAP...

Getting cash out of an ATM quickly is the quickest way to make money...