Credit Cards Compromised

[Midpack]

We're checking charges daily, so far so good (fingers crossed).

My question is how do we know when the danger has passed? Presumably we won't really...

BTW. I went to our local Target store yesterday and the place was packed like I've never seen! Checkout line stretched all the way across the store. Wasn't sure if it was because of last weekend before Christmas or the 10% discount on all purchases - probably both. Absolutely crazy...and a little puzzling given the huge credit card issue.

 

[MichaelB]

We're checking charges daily, so far so good (fingers crossed).

My question is how do we know when the danger has passed? Presumably we won't really...

I don't think the danger ever goes away, and one needs to monitor all one's financial accounts regularly.

 

[Midpack]

We're checking charges daily, so far so good (fingers crossed).

My question is how do we know when the danger has passed? Presumably we won't really...

I don't think the danger ever goes away, and one needs to monitor all one's financial accounts regularly.

Agreed, sort of what I was getting at with the last statement. So I'm starting to think we should just cancel the CC we used at Target, get a new one, and put it behind us now. We haven't already because I feel bad for the CC companies, as it's Target's blunder - I've read that the CC companies will fine Target and raise their costs.

 

[MichaelB]

Agreed, sort of what I was getting at with the last statement. So I'm starting to think we should just cancel the CC we used at Target, get a new one, and put it behind us now. I feel bad for the CC companies, as it's Target's blunder - I've read that the CC companies will fine Target and raise their costs.

Yes, you can replace the card, but does that really put it behind you? As soon as you begin using your new card, new opportunities arise for CC fraud. Earlier in the year I followed the advice of other members here and took out a second card used exclusively for automated billing. I'll now not change my primary card, just continue to monitor it.

CC companies, issuers and merchants could improve security for financial transactions in the US, it looks to me like they still assign higher priority to maximizing gross revenue.

 

[Texas Proud]

When my debit card was compromised at my bank's ATM machine, within minutes three $500 withdrawals were made at a distant ATM--no testing the waters with a negligible amount.

When it comes to debit, I think they go all out ASAP...

Getting cash out of an ATM quickly is the quickest way to make money...

 

[donheff]

Why a $75 limit? From what I've heard, they often test the card with a $0.99 charge to iTunes or something similar.

My Visa allows email notifications, and I have it set for anything > $0.00. It really gives me confidence to know I'm getting near real time alerts to any card use.

My Fido Amex does not offer this.

-ERD50

I have the cards that will send email confirmations set to send all of them. I too have read that $.99 transactions were used to test that a card is live and even had one cancelled when the fraud alert department called me to verify one. I suspect that card thieves are using more "normal" seeming transactions to test nowadays in the never ending battle with the CC companies' fraud detection algorithms.

 

[Dreamer]

I went to Target yesterday also and it was very busy. I was waiting at Electronics for a XBox One game, priced at $59.99. The employee was helping someone else and I waited. Finally, another employee came and asked a younger female if he could help her. She very kindly told him that I was next. The other employee asked him some questions and in the meantime a younger guy came up. When the second employee finished, he took off with the younger guy to help him and left us standing there. He finally came back and got the game I needed and when he went to ring me up, he said you know that you get 10% off of this today. I stated that I did and then he said, Oh sorry, it is not for video games. I was so irritated that I told him I would go next door and buy it at Game Stop. I stopped at customer service to make sure that the 10% did not apply and she said that was correct. Now my debit card security might have been compromised, I was treated rudely and my time wasted and I did not receive the 10% discount. I do not think that I will be going to Target any time soon. I walked next door to the Game Stop and there were plenty of people milling around the store. An employee asked me if she could help me find something and rang me up for the same $59.99 price. There is also a Wal-Mart at the same shopping center that I will be going to for other purchases.

 

[aja8888]

I went to Target yesterday also and it was very busy. I was waiting at Electronics for a XBox One game, priced at $59.99. The employee was helping someone else and I waited. Finally, another employee came and asked a younger female if he could help her. She very kindly told him that I was next. The other employee asked him some questions and in the meantime a younger guy came up. When the second employee finished, he took off with the younger guy to help him and left us standing there. He finally came back and got the game I needed and when he went to ring me up, he said you know that you get 10% off of this today. I stated that I did and then he said, Oh sorry, it is not for video games. I was so irritated that I told him I would go next door and buy it at Game Stop. I stopped at customer service to make sure that the 10% did not apply and she said that was correct. Now my debit card security might have been compromised, I was treated rudely and my time wasted and I did not receive the 10% discount. I do not think that I will be going to Target any time soon. I walked next door to the Game Stop and there were plenty of people milling around the store. An employee asked me if she could help me find something and rang me up for the same $59.99 price. There is also a Wal-Mart at the same shopping center that I will be going to for other purchases.

Surprised that Target did not knock 10% off since the CEO was on the news saying ALL items purchased receive the discount.

 

[Midpack]

Surprised that Target did not knock 10% off since the CEO was on the news saying ALL items purchased receive the discount.

Do you have evidence to backup your allegation? I agree they may have led some folks to think it was "all" but he never said that anywhere I've seen. I probably would've been fooled too, but the details are on the website (of course).

10% off storewide purchase only. Saturday 12/21 through Sunday 12/22.

Excludes all gift cards, entertainment cards, airtime cards, prepaid cards, iTunes cards, Apple, Bose, all video games, Playstation 4 consoles, Xbox One consoles, Target Mobile(SM), prescriptions, optical, clinic, and alcohol purchases. Offer cannot be combined with other storewide or category/department coupons.

 

[ERD50]

Why a $75 limit? From what I've heard, they often test the card with a $0.99 charge to iTunes or something similar.

My Visa allows email notifications, and I have it set for anything > $0.00. It really gives me confidence to know I'm getting near real time alerts to any card use.

My Fido Amex does not offer this.

-ERD50

When my debit card was compromised at my bank's ATM machine, within minutes three $500 withdrawals were made at a distant ATM--no testing the waters with a negligible amount.

Of course it isn't a 100% sure thing that they test with a small amount, but it is fairly common.

So my question still stands - if someone is going to set an alert, why not go to anything >$0.00 rather than some arbitrary $75 limit? It's not like it's a nuisance to get these alerts - how many charges between $0.00 and $75.00 would one get?

Just seems odd to me to go half-way.

-ERD50

 

[reubenray]

Our bank (Chase) notified us that the DW's debit card was at risk. The very first thing the email pointed out was we will not be liable for any charges that are not ours. Secondly Chase will be limiting ATM withdrawals to $100. If we need more we can go inside to draw the money out. They also will be sending her a new debit card to replace the at-risk one.

My card number is different from her's so it will be no issue with us until she gets her new card.

 

[Alan]

We're checking charges daily, so far so good (fingers crossed).

My question is how do we know when the danger has passed? Presumably we won't really...

We left the country end of March this year for 6 months of traveling in Europe, our last CC transaction being in New York City. I checked routinely that my Penfed card had a zero balance as I don't use it when in Europe, preferring my UK issued CHIP & PIN card.

In June I discovered many purchases in NYC stores, card present, a lot of them at Target, for hundred's of $ at a time. ($23k in total over 3 days)

The card had been cloned but the thieves waited 3 months before starting to use it, presumably to cover their tracks. I made one single purchase to purchase a take out meal for the one night we were in NY, at JFK airport, and the cloned card was used in NYC. I sure hope they caught the thieves, but of course I'll never know.

The year before when the card details were stolen and I spotted it, again while traveling, when 5 small purchases from Amazon were made, all purchases under $10. Talked to Amazon fraud department and someone had opened an account and was using my CC. Not even an email from Amazon to inform me that my CC had been registered at an account in a different name. The fraud guy said that people allow their CC cards to be used by folks with a different surname all the time. (Still no excuse not to fire off an email each time the card is registered to a new account).

 

[Rustic23]

ERD50, thanks for the feed back, I really did not have a strong reason to set it at $75. I thought about $0.01, or something real low, but then I thought I might just ignore the emails when they came in after awhile. Thought about txt msgs., which would be, in my mind, a better way to go, but they cost me money. As this is a credit card, and the bank picked up 100% of the tab, it really is about the hassle, and getting back to normal quickly. i.e. finding out the card is compromised just when you need it.

 

[Chuckanut]

Apparently if the card used at Target is from outside the US it commands a much higher price when sold on the criminal market.

 

[Bikerdude]

Apparently if the card used at Target is from outside the US it commands a much higher price when sold on the criminal market.

I'm amazed at how quickly a hack that supposedly originated in Vietnam made it to street level here in CT. Talk about organized crime!

 

[target2019]

Article on previous successful attempts at hacking POS terminals.

 

[Alan]

Article on previous successful attempts at hacking POS terminals.

Although this is a thread on computer malware I took the risk and clicked on this "naked link".

Interesting that the Barnes & Noble POS terminals hacked were not MS Windows based.

In July, security researchers at Black Hat security conference in Las Vegas showed how they were able to install malware onto POS terminals made by one vendor, by using a vulnerability in the terminals that would allow an attacker to change applications on the device or install new ones in order to capture card data and cardholder signatures.

The researchers found that the terminals, which use an operating system based on Linux, have a vulnerability that didn’t require updates to their firmware to be authenticated. The researchers installed their malware using a rogue credit card inserted into one device, which caused it to contact a server they controlled, from which they downloaded malware to the device.

 

[target2019]

Although this is a thread on computer malware I took the risk and clicked on this "naked link".

Interesting that the Barnes & Noble POS terminals hacked were not MS Windows based.

Does not your reader/browser display the link?
What makes a link naked?

Yes, it is interesting the terminals are not MS. Here is a longer article from InformationWeek. What I glean from the articles is that the bad guys are still winning. The details are interesting to those who work in security, as it raises your awareness of threats. But the public must be weary of this. Oh, just another 40 million PI cases reported.

 

[REWahoo]

Does not your reader/browser display the link?
What makes a link naked?

From the Community Rules:

Please do not post “naked” links, defined as links posted without explanation, interpretation or context.

A short quote from the linked article (such as the one Alan posted) would be appreciated, summarizing for those who don't wish to click the link to read it.

 

[MichaelB]

Does not your reader/browser display the link?
What makes a link naked?

No clothes?

Well, in the case of a link, a few words by the person posting so all the readers know what it's about.

 

[target2019]

No clothes?

Well, in the case of a link, a few words by the person posting so all the readers know what it's about.

Then I nailed it for sure.

 

[REWahoo]

Then I nailed it for sure.

I'd rate it maybe a short thumbtack, but no nail.

 

[Alan]

Thanks to REW and Michael for the "naked" link explanations.

 

[MRG]

Here's a link to a USAToday article that suggests the vulnerability of the cards being used in the US and possible ways data could be leaked. Can't attest (100%) to the technical accuracy, but it does make sense.

http://www.usatoday.com/story/money...-security-made-target-a-juicy-target/4165427/

MRG

 

[aja8888]

Do you have evidence to backup your allegation? I agree they may have led some folks to think it was "all" but he never said that anywhere I've seen. I probably would've been fooled too, but the details are on the website (of course).

From the CEO...."We take this crime seriously. It was a crime against Target, our team members, and most importantly, our guests. We’re in this together, and in that spirit, we are extending a 10% discount – the same amount our team members receive – to guests who shop in U.S. stores on Dec. 21 and 22."

Obviously no mention of a discount on everything, but it would have fooled me.

Full Text: A Message from CEO Gregg Steinhafel about Target