audreyh1
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
So - here we have a merchant that was ignoring PCI compliance for whatever reason.The debit card PIN should be encrypted at the card reader and sent as a "block" to the issuing bank. Target's readers obviously didn't do this. As Alan noted, they probably kept the CVV digits too (and unencrypted?!?).
PCI compliance score = F
All the criminals had to do was keep targeting merchants until they found one with poor compliance.
Can't believe these merchants are so sloppy with their systems. Who are they buying their software from?!?!?!?!