Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 12-21-2013, 10:43 AM   #61
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,100
Quote:
Originally Posted by audreyh1 View Post
Didn't know that. I am occasionally asked for it at point of sale.

If they are NOT supposed to store the CVV number by law, then these guys really need to straighten up! It would make it harder if the thieves didn't get their hands on the CVV.

And why on earth would debit card PINs be stored?!?
I don't recall ever being asked for the security code on the card at a cash register. Sometimes I am asked to prove id with a driving license, but that printed 3 or 4 digit security number should only be required by online merchants to prove that you are in possession of the card since they can't physically see it.
__________________

__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 12-21-2013, 10:55 AM   #62
Full time employment: Posting here.
MuirWannabe's Avatar
 
Join Date: Oct 2009
Posts: 671
Quote:
Originally Posted by Rustward View Post
You make a very good point, ERD50.

Until we know what happened, we do not know what happened.

It is so easy to be an internet expert these days.

If anyone thinks it is so easy, just go try it in real life, and report your experience.

+1

It ain't easy
__________________

__________________
“Of all the paths you take in life, make sure a few of them are dirt.” John Muir
MuirWannabe is online now   Reply With Quote
Old 12-21-2013, 11:15 AM   #63
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,331
I doubt if we will ever know much about what happened other than a general overview.

Most IS organizations do not publicize security problems for fear that other criminals will exploit them. Even if Target has fixed its problem(s), other retailers, including small ones without a staff of experts, may still have the same flaw in their systems. For all we know, the flaw may exist in ATM's, building security systems, etc.

The ability to compromise thousands of machines in such a large organization, and have it go undetected for weeks is scary.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 12-21-2013, 01:34 PM   #64
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Location: Northern Kentucky
Posts: 8,601
Meanwhile, on the bright side ...

One of my credit cards (a Visa from PenFed) is due to expire next month. Today in the mail, I received a replacement card, and much to my surprise it's a chip & PIN card.

I hadn't asked for one specifically, but apparently PenFed is proactively issuing chip & PIN cards now to everyone. Good for them!
__________________
braumeister is offline   Reply With Quote
Old 12-21-2013, 02:01 PM   #65
Thinks s/he gets paid by the post
Rustic23's Avatar
 
Join Date: Dec 2005
Location: Lake Livingston, Tx
Posts: 3,624
I checked USAA and they allow you to place an email/sms txt alert if your card is used over an amount you choose. As I had my card cloned just last month, and shopped at target on both the 14th and 15th, I set a $75 limit. When my card was cloned they ran up about $1,000 in charges in less than 24 hours. There were six charges and all but one was over $75. I'll admit all this is going to do is let me know sooner, and USAA absorbed all the fraud. However, as it cost nothing to put it on, and nothing to get an email, I figured why not.
__________________
If it is after 5:00 when I post I reserve the right to disavow anything I posted.
Rustic23 is offline   Reply With Quote
Old 12-21-2013, 02:08 PM   #66
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Apr 2013
Posts: 5,580
Quote:
Originally Posted by braumeister View Post
Meanwhile, on the bright side ...

One of my credit cards (a Visa from PenFed) is due to expire next month. Today in the mail, I received a replacement card, and much to my surprise it's a chip & PIN card.

I hadn't asked for one specifically, but apparently PenFed is proactively issuing chip & PIN cards now to everyone. Good for them!
I recently received a chip and signature card from Fia cardholder services. But checking around it doesn't appear that all card readers in the US will actually do anything but read the mag strip for some time. I hope I read the articles incorrectly.

Edit to ask, when you use the new card does it force you to enter a pin?

MRG
__________________
MRG is online now   Reply With Quote
Old 12-21-2013, 02:53 PM   #67
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Location: Northern Kentucky
Posts: 8,601
Quote:
Originally Posted by MRG View Post
when you use the new card does it force you to enter a pin?
No, that would be only where a chip & PIN card is used as such. Mostly in the Euro zone, but Canada has caught on pretty big already, and USA is beginning to play catchup. Most places in this country, we'll still use chip & PIN cards as if they had no chip, for the time being.
__________________
braumeister is offline   Reply With Quote
Old 12-21-2013, 03:19 PM   #68
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,471
Quote:
Originally Posted by Alan View Post
I don't recall ever being asked for the security code on the card at a cash register. Sometimes I am asked to prove id with a driving license, but that printed 3 or 4 digit security number should only be required by online merchants to prove that you are in possession of the card since they can't physically see it.
I have been asked for it occasionally at a Flying J when using the Costco Amex card. 3% cash reward when filling a motorhome with diesel is a nice perk.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 12-21-2013, 03:27 PM   #69
Thinks s/he gets paid by the post
Bikerdude's Avatar
 
Join Date: Jul 2006
Posts: 1,901
Quote:
Originally Posted by walkinwood View Post
I had to call Amex and cancel DW's card (and get a new one) last night after seeing a a fraud charge pop up. She had used her card at Target just after Thanksgiving.

I have set up my card accounts to send me an email when a charge is made, so that helped get notification right away. We have no liability, but it is still a pain to deal with.
They got my Amex also. Amex called and alerted me to a fraud charge to the Apple store. They sent me a new card and 10 days later that was compromised with multiple fraud charges that Amex approved. No liability for me but I don't know how they got me a 2nd time. I now have a third card. I've never had a problem before. Kinda scary IMO.
__________________
“I guess I should warn you, if I turn out to be particularly clear, you've probably misunderstood what I've said” Alan Greenspan
Bikerdude is offline   Reply With Quote
Old 12-21-2013, 04:52 PM   #70
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,887
Quote:
Originally Posted by Bikerdude View Post
They got my Amex also. Amex called and alerted me to a fraud charge to the Apple store. They sent me a new card and 10 days later that was compromised with multiple fraud charges that Amex approved. No liability for me but I don't know how they got me a 2nd time. I now have a third card. I've never had a problem before. Kinda scary IMO.
How peculiar! Any ideas regarding how this could possibly have happened?

Fraudulent activity on the first card is bad enough, but to have the same thing happen with a second card would be very disturbing.
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is online now   Reply With Quote
Old 12-21-2013, 05:38 PM   #71
Thinks s/he gets paid by the post
Bikerdude's Avatar
 
Join Date: Jul 2006
Posts: 1,901
Quote:
Originally Posted by W2R View Post
How peculiar! Any ideas regarding how this could possibly have happened?

Fraudulent activity on the first card is bad enough, but to have the same thing happen with a second card would be very disturbing.
Well, on further review of my records it appears that the first compromise happened before my Target purchase and the only time it was out of my hands (except for online purchases) was at a restaurant. The Target charge was made on 12/4 with my first new card and the 2nd fraud happened on 12/12. So just looks like bad luck. The Amex rep did mention that this had been the worst year for fraud so far.
__________________
“I guess I should warn you, if I turn out to be particularly clear, you've probably misunderstood what I've said” Alan Greenspan
Bikerdude is offline   Reply With Quote
Old 12-21-2013, 05:40 PM   #72
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,887
Quote:
Originally Posted by Bikerdude View Post
Well, on further review of my records it appears that the first compromise happened before my Target purchase and the only time it was out of my hands (except for online purchases) was at a restaurant. The Target charge was made on 12/4 with my first new card and the 2nd fraud happened on 12/12. So just looks like bad luck. The Amex rep did mention that this had been the worst year for fraud so far.
Wow, bad luck for sure. Good luck with card #3!
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is online now   Reply With Quote
Old 12-21-2013, 06:06 PM   #73
Thinks s/he gets paid by the post
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 3,837
I think we will find that it goes back to someone running an MS Windows machine on the Target network introducing a malware. If they can write malware specific to SCADA systems, it should be simple to write malware for a card scanner. Simply insert yourself between the intended destination of the mag stripe data and the reader. Then you buffer raw card data and phone home with it, maybe piggybacking on a 'real' outbound message. As to how it got in the scanners, there's probably a nightly update that pushes changes to the scanner, and it pushed the malware too.
__________________
sengsational is offline   Reply With Quote
Old 12-21-2013, 08:27 PM   #74
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,281
Quote:
Originally Posted by Rustic23 View Post
I checked USAA and they allow you to place an email/sms txt alert if your card is used over an amount you choose. As I had my card cloned just last month, and shopped at target on both the 14th and 15th, I set a $75 limit. ...
Why a $75 limit? From what I've heard, they often test the card with a $0.99 charge to iTunes or something similar.

My Visa allows email notifications, and I have it set for anything > $0.00. It really gives me confidence to know I'm getting near real time alerts to any card use.

My Fido Amex does not offer this.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 12-21-2013, 11:45 PM   #75
Moderator Emeritus
Bestwifeever's Avatar
 
Join Date: Sep 2007
Posts: 16,375
Quote:
Originally Posted by ERD50 View Post
Why a $75 limit? From what I've heard, they often test the card with a $0.99 charge to iTunes or something similar.



My Visa allows email notifications, and I have it set for anything > $0.00. It really gives me confidence to know I'm getting near real time alerts to any card use.



My Fido Amex does not offer this.



-ERD50

When my debit card was compromised at my bank's ATM machine, within minutes three $500 withdrawals were made at a distant ATM--no testing the waters with a negligible amount.
__________________
“Would you like an adventure now, or would you like to have your tea first?” J.M. Barrie, Peter Pan
Bestwifeever is offline   Reply With Quote
Old 12-22-2013, 06:24 AM   #76
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 11,974
We're checking charges daily, so far so good (fingers crossed).

My question is how do we know when the danger has passed? Presumably we won't really...

BTW. I went to our local Target store yesterday and the place was packed like I've never seen! Checkout line stretched all the way across the store. Wasn't sure if it was because of last weekend before Christmas or the 10% discount on all purchases - probably both. Absolutely crazy...and a little puzzling given the huge credit card issue.
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 60% equity funds / 35% bond funds / 5% cash
Target WR: Approx 2.5% Approx 20% SI (secure income, SS only)
Midpack is offline   Reply With Quote
Old 12-22-2013, 06:31 AM   #77
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,455
Quote:
Originally Posted by Midpack View Post
We're checking charges daily, so far so good (fingers crossed).

My question is how do we know when the danger has passed? Presumably we won't really...
I don't think the danger ever goes away, and one needs to monitor all one's financial accounts regularly.
__________________
MichaelB is offline   Reply With Quote
Old 12-22-2013, 07:15 AM   #78
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 11,974
Quote:
Originally Posted by Midpack View Post
We're checking charges daily, so far so good (fingers crossed).

My question is how do we know when the danger has passed? Presumably we won't really...
Quote:
Originally Posted by MichaelB View Post
I don't think the danger ever goes away, and one needs to monitor all one's financial accounts regularly.
Agreed, sort of what I was getting at with the last statement. So I'm starting to think we should just cancel the CC we used at Target, get a new one, and put it behind us now. We haven't already because I feel bad for the CC companies, as it's Target's blunder - I've read that the CC companies will fine Target and raise their costs.
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 60% equity funds / 35% bond funds / 5% cash
Target WR: Approx 2.5% Approx 20% SI (secure income, SS only)
Midpack is offline   Reply With Quote
Old 12-22-2013, 07:27 AM   #79
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,455
Quote:
Originally Posted by Midpack View Post
Agreed, sort of what I was getting at with the last statement. So I'm starting to think we should just cancel the CC we used at Target, get a new one, and put it behind us now. I feel bad for the CC companies, as it's Target's blunder - I've read that the CC companies will fine Target and raise their costs.
Yes, you can replace the card, but does that really put it behind you? As soon as you begin using your new card, new opportunities arise for CC fraud. Earlier in the year I followed the advice of other members here and took out a second card used exclusively for automated billing. I'll now not change my primary card, just continue to monitor it.

CC companies, issuers and merchants could improve security for financial transactions in the US, it looks to me like they still assign higher priority to maximizing gross revenue.
__________________
MichaelB is offline   Reply With Quote
Old 12-22-2013, 07:32 AM   #80
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2005
Posts: 13,275
Quote:
Originally Posted by Bestwifeever View Post
When my debit card was compromised at my bank's ATM machine, within minutes three $500 withdrawals were made at a distant ATM--no testing the waters with a negligible amount.

When it comes to debit, I think they go all out ASAP...

Getting cash out of an ATM quickly is the quickest way to make money...
__________________

__________________
Texas Proud is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 10:46 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.