If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Providence Journal)   It wasn't poor data security practices at Target, oh no, we must blame the cards themselves   (providencejournal.com) divider line 47
    More: Followup, data security, debit cards, credit cards, pins, Target  
•       •       •

2195 clicks; posted to Business » on 23 Dec 2013 at 10:26 AM (16 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



47 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2013-12-23 08:45:46 AM
FTFA: Credit card companies in the U.S. have a plan to replace magnetic strips with digital chips by the fall of 2015. But retailers worry the card companies won't go far enough. They want cards to have a chip, but they also want each transaction to require a personal identification number, or PIN, instead of a signature.

Even if they are magically able to make smart cards by 2015.  It won't really do any good unless they issue replacement cards to every holder, and convince every business or person who accepts credit cards to switch to smart card readers.  And those won't be cheap to come up with.  If you're having to replace every card reader.  That's a big chunk of change.

American culture is going to have to change too.  We're going more towards where we don't even have to sign the card receipt.  We just swipe it and go.  We scream when we're asked to show ID with our card because we've been told we don't have to.

Biggest thing this doesn't fix is internet vendors.  Smart card means nothing when I'm typing in my CC # and security code.  My wife has had her card jacked several times and in each instance, it was either an internet purchase that was leaked, or a company who had her card on file for recurring transactions that lost it.

Strangest thing I've seen in forever was a few years ago when I went to a Doctor's office and they actually had one of the old swiper / imprinter devices for CC processing.
 
2013-12-23 09:29:30 AM
I assumed all credit cards already had chips and required PIN numbers...also for smaller purchases (<$50-ish) you can just tap them on the card reader without a PIN being required.
 
2013-12-23 10:17:14 AM
Switching to phone-based payment systems will be more feasible. There's consumer demand and they can be more secure (I don't know if the current implementations actually are) from the start. Hard to justify the cost of switching from one kind of card to another. Right now those are too unstandardized though.

As for BizarreMans comment about online transactions, it wouldn't be hard to have some software to generate a unique token per transaction and pass that around instead of a static number. For recurring payments you could give each entity it's own token with limits on how much it can take, etc. invalidate that token if you want to stop paying that entity.
 
2013-12-23 10:18:16 AM

Barfmaker: I assumed all credit cards already had chips and required PIN numbers...also for smaller purchases (<$50-ish) you can just tap them on the card reader without a PIN being required.


Do you live in Europe?
I wonder how they handle online transactions with their smart cards?
 
2013-12-23 10:35:09 AM

serial_crusher: Barfmaker: I assumed all credit cards already had chips and required PIN numbers...also for smaller purchases (<$50-ish) you can just tap them on the card reader without a PIN being required.

Do you live in Europe?
I wonder how they handle online transactions with their smart cards?


His profile says Ottawa. It's a shame the US doesn't try and keep up with technology advances just because it costs them some sort term money.

/Sorry about the ice storm.
 
2013-12-23 10:38:33 AM
Horrible security.
 
2013-12-23 10:40:38 AM
Good thing Target decided to not carry the new Beyonce release.
 
2013-12-23 10:42:23 AM

BizarreMan: Strangest thing I've seen in forever was a few years ago when I went to a Doctor's office and they actually had one of the old swiper / imprinter devices for CC processing.


Those aren't useful anymore since newer cards are being issued without raised numbers.
 
2013-12-23 10:42:54 AM
gosh, catch the us up with where the world has been for over 10 years?

youdontsay.jpg
 
2013-12-23 10:49:12 AM

Barfmaker: I assumed all credit cards already had chips and required PIN numbers...also for smaller purchases (<$50-ish) you can just tap them on the card reader without a PIN being required.


No US bank has ever required a PIN for a credit card purchase - just for debit cards and ATM transactions. It floored me the first time I tried to buy something with a credit card in Oz and had to input my PIN... must have argued with the cashier for five minutes that I wasn't using a debit card. Fortunately someone else in line had been to America recently and understood my confusion.
 
2013-12-23 10:50:36 AM
Did they ever release details on what actually happened?
 
2013-12-23 11:04:11 AM
Upgrading technology is only going to give companies the edge for so long. It's a different world out there now; where one person with a really sharp mind can hack and steal stored information regardless what is done. It's just like locking your house -- it really only keeps "honest" people out.
 
2013-12-23 11:05:47 AM
In Costco a few days ago, some foreign customers couldn't use their debit card to buy stuff. The card was 21st century, with a chip. The credit/debit card reader couldn't read the card -- no magnetic strip. The cashier said the stand alone ATM machine could work. Didn't stay around to watch.

The moral: Never get behind a Mexican in a line where a credit card is used. Not only do they get the new European car models a year earlier, but even their credit cards are more advanced.
 
2013-12-23 11:07:24 AM

BizarreMan: FTFA: Credit card companies in the U.S. have a plan to replace magnetic strips with digital chips by the fall of 2015. But retailers worry the card companies won't go far enough. They want cards to have a chip, but they also want each transaction to require a personal identification number, or PIN, instead of a signature.

Even if they are magically able to make smart cards by 2015.  It won't really do any good unless they issue replacement cards to every holder, and convince every business or person who accepts credit cards to switch to smart card readers.  And those won't be cheap to come up with.  If you're having to replace every card reader.  That's a big chunk of change.

American culture is going to have to change too.  We're going more towards where we don't even have to sign the card receipt.  We just swipe it and go.  We scream when we're asked to show ID with our card because we've been told we don't have to.

Biggest thing this doesn't fix is internet vendors.  Smart card means nothing when I'm typing in my CC # and security code.  My wife has had her card jacked several times and in each instance, it was either an internet purchase that was leaked, or a company who had her card on file for recurring transactions that lost it.

Strangest thing I've seen in forever was a few years ago when I went to a Doctor's office and they actually had one of the old swiper / imprinter devices for CC processing.


If you have a card without embossed numbers and it won't swipe most retailers won't take the card as they are unable to use the old imprinters and the banks have told them they can't guarantee the cards as their is no proof the physical card was actually present at the store
 
2013-12-23 11:13:20 AM

DrewCurtisJr: Did they ever release details on what actually happened?


Not that I know of, but I've been working/asleep for the past 20 hours. In short, it will be that someone exploited some little flaw somewhere.
 
2013-12-23 11:41:18 AM
encrypted-tbn2.gstatic.com
 
2013-12-23 11:44:58 AM

BizarreMan: Biggest thing this doesn't fix is internet vendors.  Smart card means nothing when I'm typing in my CC # and security code.  My wife has had her card jacked several times and in each instance, it was either an internet purchase that was leaked, or a company who had her card on file for recurring transactions that lost it.


As for the internet vendor fix, a couple of cards I use allow me to log in to my online access and generate a one-time-use credit card number/expiry/CCV.  That's what I do when I'm buying something off an internet site I don't regularly use or in those oddball situations (medical bills seem to be the most common) where I mail in a slip of paper with a hand-written credit card number.  It's a step in the right direction... I figure eventually everything like that will be 'create a security code online, then paste it over'.
 
2013-12-23 11:48:11 AM
Good to know if I ever go to Australia. I don't know the PIN for any credit card I have, since the only reason to have it is to get a cash advance.
 
2013-12-23 11:58:54 AM

kittyhas1000legs: DrewCurtisJr: Did they ever release details on what actually happened?

Not that I know of, but I've been working/asleep for the past 20 hours. In short, it will be that someone exploited some little flaw somewhere.


Yes, according to target, a few stores had people put in hacked card readers for a few days, that somehow stole 40 million credit and debit card numbers from across the whole country.
 
2013-12-23 12:17:24 PM

limeyfellow: kittyhas1000legs: DrewCurtisJr: Did they ever release details on what actually happened?

Not that I know of, but I've been working/asleep for the past 20 hours. In short, it will be that someone exploited some little flaw somewhere.

Yes, according to target, a few stores had people put in hacked card readers for a few days, that somehow stole 40 million credit and debit card numbers from across the whole country.


So they used a wizard? Target looks like a giant horses ass over this and their excuses are even lamer. Funny thing is the person(s) that did this will probably never be caught. I think I am more afraid of identity thieves than I am of terrorists at this point.
 
2013-12-23 12:26:52 PM

limeyfellow: kittyhas1000legs: DrewCurtisJr: Did they ever release details on what actually happened?

Not that I know of, but I've been working/asleep for the past 20 hours. In short, it will be that someone exploited some little flaw somewhere.

Yes, according to target, a few stores had people put in hacked card readers for a few days, that somehow stole 40 million credit and debit card numbers from across the whole country.


Do you have a link for that?  I can't believe someone got a foot that large in their own mouth.
 
2013-12-23 12:39:32 PM

Waldo Pepper: If you have a card without embossed numbers and it won't swipe most retailers won't take the card as they are unable to use the old imprinters and the banks have told them they can't guarantee the cards as their is no proof the physical card was actually present at the store


At my company we've gotten completely away from imprinters.  We are not allowed to have them at all.  If the system is down so cards aren't working,, we point them to an ATM.
 
2013-12-23 12:41:22 PM

BizarreMan: Even if they are magically able to make smart cards by 2015.  It won't really do any good unless they issue replacement cards to every holder, and convince every business or person who accepts credit cards to switch to smart card readers.  And those won't be cheap to come up with.  If you're having to replace every card reader.  That's a big chunk of change.


So what?  Its going to happen.  And someone is going to pay for it.  Most likely the consumer.  Get over it.

BizarreMan: American culture is going to have to change too.  We're going more towards where we don't even have to sign the card receipt.  We just swipe it and go.  We scream when we're asked to show ID with our card because we've been told we don't have to.


Have you been shopping recently?  Unless you are spending more than 50 bucks - you don't get asked to sign anything.  And I've seen no one scream when asked for an ID.  This is one of those few instances I think its valid to ask for it.  Americans will be just fine.

BizarreMan: Biggest thing this doesn't fix is internet vendors.  Smart card means nothing when I'm typing in my CC # and security code.  My wife has had her card jacked several times and in each instance, it was either an internet purchase that was leaked, or a company who had her card on file for recurring transactions that lost it.


Hardly relevant to this conversation.  And if you don't want your card to be jacked - tell your wife to stop buying all that gay porn.
 
2013-12-23 12:57:03 PM

limeyfellow: kittyhas1000legs: DrewCurtisJr: Did they ever release details on what actually happened?

Not that I know of, but I've been working/asleep for the past 20 hours. In short, it will be that someone exploited some little flaw somewhere.

Yes, according to target, a few stores had people put in hacked card readers for a few days, that somehow stole 40 million credit and debit card numbers from across the whole country.


According to Robert X Cringely, Target outsources their IT to India and someone over there screwed up and allowed malware to be installed on all of the readers.
 
2013-12-23 12:59:10 PM

mcreadyblue: limeyfellow: kittyhas1000legs: DrewCurtisJr: Did they ever release details on what actually happened?

Not that I know of, but I've been working/asleep for the past 20 hours. In short, it will be that someone exploited some little flaw somewhere.

Yes, according to target, a few stores had people put in hacked card readers for a few days, that somehow stole 40 million credit and debit card numbers from across the whole country.

According to Robert X Cringely, Target outsources their IT to India and someone over there screwed up and allowed malware to be installed on all of the readers.


Hmmm. Executive bonuses all around then!
 
2013-12-23 01:10:03 PM

BizarreMan: Waldo Pepper: If you have a card without embossed numbers and it won't swipe most retailers won't take the card as they are unable to use the old imprinters and the banks have told them they can't guarantee the cards as their is no proof the physical card was actually present at the store

At my company we've gotten completely away from imprinters.  We are not allowed to have them at all.  If the system is down so cards aren't working,, we point them to an ATM.


working in automotive a customer's bill can easily exceed the amount one can get from an ATM besides we generally don't like to let a customer take their car to go to an ATM.
 
2013-12-23 01:10:55 PM

gingerjet: BizarreMan:

I've seen no one scream when asked for an ID.  This is one of those few instances I think its valid to ask for it.  Americans will be just fine.



In California, the legislature decided that the clerk at 7-11 should not get to see your address and birthdate for card-present transactions.  People who lived there and then moved to other states get an unpleasant surprise being carded with the credit card.
 
2013-12-23 01:15:54 PM

Mr. Eugenides: limeyfellow: kittyhas1000legs: DrewCurtisJr: Did they ever release details on what actually happened?

Not that I know of, but I've been working/asleep for the past 20 hours. In short, it will be that someone exploited some little flaw somewhere.

Yes, according to target, a few stores had people put in hacked card readers for a few days, that somehow stole 40 million credit and debit card numbers from across the whole country.

Do you have a link for that?  I can't believe someone got a foot that large in their own mouth.


Well considering storing full track data is expressly prohibited by the PCI-DSS and the Security Frameworks of EVERY card brand, they can't come out and say "We've been storing full track data and PINs for every transaction" without immediately having the brands tell them they can't process a card until they prove they aren't doing that.

Saying it's hacked POS terminals is as good a failsafe while you try and perform damage control as anything.
 
2013-12-23 01:36:21 PM
I was going to ask about chip-and-pin over a smartphone, like Square, PayPal, and Intuit do in the U.S., but I see they have that covered. Or sort-of, in the case of Square.
 
2013-12-23 01:38:44 PM

change1211: serial_crusher: Barfmaker: I assumed all credit cards already had chips and required PIN numbers...also for smaller purchases (<$50-ish) you can just tap them on the card reader without a PIN being required.

Do you live in Europe?
I wonder how they handle online transactions with their smart cards?

His profile says Ottawa. It's a shame the US doesn't try and keep up with technology advances just because it costs them some sort term money.

/Sorry about the ice storm.


Yes, Ottawa. I don't know for sure but I assumed it was the banks that spearheaded the change in an effort to reduce their costs to fraud etc. It's possible that they did Canada first because we're a smaller market and the US is next?

No ice storm here, managed to squeak past it. Toronto, however, got its crack smoking ass handed to it.
 
2013-12-23 01:46:09 PM

mcreadyblue: Target outsources their IT to India and someone over there screwed up and allowed malware to be installed on all of the readers.


They forgot to do the needful?
 
2013-12-23 01:51:00 PM
It's all bullshiat.  The industry wants merchants to be PCI complaint (which Target most likely was).  Didn't stop them from having a massive security breach.

Bottom line is that there is an entire industry built on the illusion of credit card security.
 
2013-12-23 01:55:00 PM
I really don't see the risk. Americans would have to have money to steal in the first place.
 
2013-12-23 02:33:18 PM

BizarreMan: Biggest thing this doesn't fix is internet vendors.  Smart card means nothing when I'm typing in my CC # and security code.  My wife has had her card jacked several times and in each instance, it was either an internet purchase that was leaked, or a company who had her card on file for recurring transactions that lost it.


My CC company (Citibank) offers "virtual card numbers". You use the service to generate a card number that's unique to each transaction. Even if compromised, the number does a thief no good. It's also useful in that if someone attempts to use it, it tells you and the CC company exactly who leaked/lost/compromised your card number. You can't use it for recurring charges, but I don't use those anyway, so no big deal from my point of view.
 
2013-12-23 02:44:19 PM

limeyfellow: kittyhas1000legs: DrewCurtisJr: Did they ever release details on what actually happened?

Not that I know of, but I've been working/asleep for the past 20 hours. In short, it will be that someone exploited some little flaw somewhere.

Yes, according to target, a few stores had people put in hacked card readers for a few days, that somehow stole 40 million credit and debit card numbers from across the whole country.


Yeah, I was curious how a hack like that could have been that widespread.
 
2013-12-23 02:51:47 PM
Whatever, it's the retailer's job to verify that I'm the one using my credit card.

Good luck out there!
 
2013-12-23 02:52:33 PM
I don't understand why American banks think it's too expensive to include those smart chips that have been around for two decades, yet they will include those RFID chips that hackers can access just by getting close enough. Was there ever any consumer demand for that? Seriously, WTF?
 
2013-12-23 03:04:03 PM
RFID credit cards used to have your name/account number in plain text on the card, which could be read by any nearby RFID scanner..

Is this still the case?  If so, do not want.
 
2013-12-23 04:30:29 PM

zimbach: I don't understand why American banks think it's too expensive to include those smart chips that have been around for two decades, yet they will include those RFID chips that hackers can access just by getting close enough. Was there ever any consumer demand for that? Seriously, WTF?


It's not the cost of the cards. That is indeed negligible. It's the cost of the readers... the merchants don't want to pay for those (as TFA says) and the banks don't want to have to change them all out. And until the readers get changed there's no point in going to smart chips since it will be unused. Until that logjam gets cleared out it's going to stay a chicken and egg scenario.
 
2013-12-23 04:48:01 PM
Citibank sent me a card with a chip when my card renewed six months ago or so, so it's coming.

That having been said, I don't know why the greatest country in the world can't handle it.  Oh right, we're a bunch of pussies these days who can't stand anything that would cost the wealthy business owners of this country a goddamn dime.  Oh, poor farking babies, buy some farking chip readers and write it off.  Waaah!  Waaah!
 
2013-12-23 04:53:18 PM

JustLookin: Citibank sent me a card with a chip when my card renewed six months ago or so, so it's coming.

That having been said, I don't know why the greatest country in the world can't handle it.  Oh right, we're a bunch of pussies these days who can't stand anything that would cost the wealthy business owners of this country a goddamn dime.  Oh, poor farking babies, buy some farking chip readers and write it off.  Waaah!  Waaah!


Greatest country in the world? I think I'm going to have to call Shenanigans.
 
2013-12-23 05:56:57 PM
Don't want to be ripped off by your CC? Use cash, dumbass.
 
2013-12-23 08:01:05 PM
If you go to Paris and try to use your US credit card to buy tickets in the Metro, most likely it will not work, even at the airport. At least at the restaurants an American credit card will work. It's chip and pin over there. What's nice in Paris is when you are ready to pay with a credit card, the server does not take your card away; the card reader is bought to you. So at least you don't have to worry about someone copying your number down.
 
2013-12-23 08:54:45 PM

skinink: If you go to Paris and try to use your US credit card to buy tickets in the Metro, most likely it will not work, even at the airport. At least at the restaurants an American credit card will work. It's chip and pin over there. What's nice in Paris is when you are ready to pay with a credit card, the server does not take your card away; the card reader is bought to you. So at least you don't have to worry about someone copying your number down.


That's true in Denmark (and most of the EU) as well.  Train tickets for four of us was not an expected "cash on hand" purchase when we arrived in Copenhagen.  We even talked to a live person and they wouldn't take our "non-PIN, non-chip" credit card.
 
2013-12-23 08:59:41 PM

Nightjars: RFID credit cards used to have your name/account number in plain text on the card, which could be read by any nearby RFID scanner..

Is this still the case?  If so, do not want.


Search for "Blink" technology... This 'chip' which differs from the European Chip and PIN can be destroyed and the card still function as a normal magnetic strip card.

/Drilled mine out
 
2013-12-23 09:02:31 PM

llamalarity: magnetic strip card.


Strip - stripe
 
2013-12-24 12:19:01 AM
The new European credit cards contain RFD that NSA satellites will use to not only track your purchases, but also track your movements, and while you keep it in your wallet, it senses your heart rate and blood pressure to report it to Obamacare computers 24/7.

Top THAT, Alex Jones!
 
Displayed 47 of 47 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report