Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(USA Today)   You can do it, we can help. Help you get your credit card information into the hands of Russian hackers, that is   (usatoday.com) divider line 45
    More: Scary, Home Depot, p.f. chang, credit cards, Brian Krebs, swipe card, computer security  
•       •       •

4228 clicks; posted to Main » on 02 Sep 2014 at 5:54 PM (33 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



45 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2014-09-02 04:12:58 PM  
It would sure do me good, to do you good
Let me help.
 
2014-09-02 04:27:05 PM  
From the comments on the Krebs' Article (bold is me)

A little off topic but some relevance to Ben's post about protecting customer data. Received the following in our Chase statement today:

"Effective November 16, 2014, we will be updating your agreement. The updated agreement will explain that if you allow anyone to use your bank Card, or if you don't exercise ordinary care (examples of not exercising ordinary care:  if you keep your PIN with your Card, or select your birthday as your PIN) you will be responsible for all authorized and unauthorized transactions."


Holy carp.  O_O
 
2014-09-02 04:56:34 PM  
That's just what you get for having your money on the internet.
 
2014-09-02 05:24:49 PM  
Ah, redirected from Biz to Main.  :)

Thanks, mods!  :)
 
2014-09-02 05:28:22 PM  

Grand_Moff_Joseph: From the comments on the Krebs' Article (bold is me)

A little off topic but some relevance to Ben's post about protecting customer data. Received the following in our Chase statement today:

"Effective November 16, 2014, we will be updating your agreement. The updated agreement will explain that if you allow anyone to use your bank Card, or if you don't exercise ordinary care (examples of not exercising ordinary care:  if you keep your PIN with your Card, or select your birthday as your PIN) you will be responsible for all authorized and unauthorized transactions."

Holy carp.  O_O


Oh, so if you don't keep your PIN in the basement in a locked cabinet within a disused lavatory with a sign that says "Beware of the Leopard," they can say you didn't "exercise ordinary care"?

Lovely.
 
2014-09-02 05:42:10 PM  

xanadian: Grand_Moff_Joseph: From the comments on the Krebs' Article (bold is me)

A little off topic but some relevance to Ben's post about protecting customer data. Received the following in our Chase statement today:

"Effective November 16, 2014, we will be updating your agreement. The updated agreement will explain that if you allow anyone to use your bank Card, or if you don't exercise ordinary care (examples of not exercising ordinary care:  if you keep your PIN with your Card, or select your birthday as your PIN) you will be responsible for all authorized and unauthorized transactions."

Holy carp.  O_O

Oh, so if you don't keep your PIN in the basement in a locked cabinet within a disused lavatory with a sign that says "Beware of the Leopard," they can say you didn't "exercise ordinary care"?

Lovely.


I believe the term in business parlance is "transference of risk"

/Or "Farking the customer" - one of those two
 
2014-09-02 05:57:50 PM  

HighlanderRPI: xanadian: Grand_Moff_Joseph: From the comments on the Krebs' Article (bold is me)

A little off topic but some relevance to Ben's post about protecting customer data. Received the following in our Chase statement today:

"Effective November 16, 2014, we will be updating your agreement. The updated agreement will explain that if you allow anyone to use your bank Card, or if you don't exercise ordinary care (examples of not exercising ordinary care:  if you keep your PIN with your Card, or select your birthday as your PIN) you will be responsible for all authorized and unauthorized transactions."

Holy carp.  O_O

Oh, so if you don't keep your PIN in the basement in a locked cabinet within a disused lavatory with a sign that says "Beware of the Leopard," they can say you didn't "exercise ordinary care"?

Lovely.

I believe the term in business parlance is "transference of risk"

/Or "Farking the customer" - one of those two


Nonsense. Banks generally have the risk in sick transactions. All they're asking is that moronic millennials who save all of their info to a grindr app exercise a minimum of caution.
 
2014-09-02 05:58:07 PM  
That's the power of the Home Depot.
 
2014-09-02 06:02:16 PM  
Every day, I hate Russia more.

Can we nuke these bastards without getting nuked in return?  Be nice.
 
2014-09-02 06:13:18 PM  

Jake Havechek: Every day, I hate Russia more.

Can we nuke these bastards without getting nuked in return?  Be nice.


Give the Chechens nukes ?
 
2014-09-02 06:14:41 PM  
i'm ok with this.  i mean it's not ideal, but it's just credit card data, right?  not my problem.

/if it's more, then we can consider greater outrage...
 
2014-09-02 06:16:34 PM  

Grand_Moff_Joseph: From the comments on the Krebs' Article (bold is me)

A little off topic but some relevance to Ben's post about protecting customer data. Received the following in our Chase statement today:

"Effective November 16, 2014, we will be updating your agreement. The updated agreement will explain that if you allow anyone to use your bank Card, or if you don't exercise ordinary care (examples of not exercising ordinary care:  if you keep your PIN with your Card, or select your birthday as your PIN) you will be responsible for all authorized and unauthorized transactions."

Holy carp.  O_O


why?  they just are saying don't be farking tarded.  they aren't saying you have to prove you locked the pin in a secure safe surrounded by sharks with freaking laser beams.
 
2014-09-02 06:17:21 PM  
So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made
 
2014-09-02 06:22:52 PM  

HighlanderRPI: xanadian: Grand_Moff_Joseph: From the comments on the Krebs' Article (bold is me)

A little off topic but some relevance to Ben's post about protecting customer data. Received the following in our Chase statement today:

"Effective November 16, 2014, we will be updating your agreement. The updated agreement will explain that if you allow anyone to use your bank Card, or if you don't exercise ordinary care (examples of not exercising ordinary care:  if you keep your PIN with your Card, or select your birthday as your PIN) you will be responsible for all authorized and unauthorized transactions."

Holy carp.  O_O

Oh, so if you don't keep your PIN in the basement in a locked cabinet within a disused lavatory with a sign that says "Beware of the Leopard," they can say you didn't "exercise ordinary care"?

Lovely.

I believe the term in business parlance is "transference of risk"

/Or "Farking the customer" - one of those two


Switching to chip secured cards is too expensive (yeah, I rtfa), it's cheaper to (over)pay a lawyer to find a legal way to screw the little guy.
 
2014-09-02 06:25:08 PM  

StopLurkListen: Switching to chip secured cards is too expensive (yeah, I rtfa), it's cheaper to (over)pay a lawyer to find a legal way to screw the little guy.


Actually the US is finally going to adopt chip cards. The change in the agreement posted above is only for certain business accounts according to the commenters there.
 
2014-09-02 06:25:51 PM  

Grand_Moff_Joseph: From the comments on the Krebs' Article (bold is me)

A little off topic but some relevance to Ben's post about protecting customer data. Received the following in our Chase statement today:

"Effective November 16, 2014, we will be updating your agreement. The updated agreement will explain that if you allow anyone to use your bank Card, or if you don't exercise ordinary care (examples of not exercising ordinary care:  if you keep your PIN with your Card, or select your birthday as your PIN) you will be responsible for all authorized and unauthorized transactions."

Holy carp.  O_O


img.fark.net

I doubt that would fly. Especially with the qualifier "such as"; that means they can add whatever they want to the "failure to exercise ordinary care" list. Can I use the last 4 of my social? Can I use my wife's birthday? What about my mothers birthday? What about 0420, 2580, 0852, or 1234? How about any of the "top 20 PINs" that get published from time to time?

I have a feeling that if many people get burned by this, it'll get tested in court.
 
2014-09-02 06:36:00 PM  

themindiswatching: So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made


Can't. The store I work at has upgraded to the proper equipment. The credit card processor simply won't handle those transactions yet.
 
2014-09-02 06:38:18 PM  

mschwenk: themindiswatching: So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made

Can't. The store I work at has upgraded to the proper equipment. The credit card processor simply won't handle those transactions yet.


Interesting. Do you work at a chain or a mom and pop? I thought credit card processors were supposed to have support for that by now.
 
2014-09-02 06:41:27 PM  

mschwenk: themindiswatching: So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made

Can't. The store I work at has upgraded to the proper equipment. The credit card processor simply won't handle those transactions yet.


Texas is ready as far as I know. They've had chipped cards for years for the Lonestar/EBT, SNAP and WIC programs.
 
2014-09-02 06:42:04 PM  
Do the cards that use Chip & PIN force you to use a four digit PIN or can you use a longer one (like 6 or 8 digits)?
 
2014-09-02 06:44:02 PM  

DigitalCoffee: Do the cards that use Chip & PIN force you to use a four digit PIN or can you use a longer one (like 6 or 8 digits)?


From what I hear, yes. US chip cards won't have a PIN though.
 
2014-09-02 06:49:50 PM  
FTA:

'The real trouble is not the companies but the credit card companies and banks that aren't introducing stronger security, she said.

"They could simply encrypt the information right at the terminal. That would stop most of these attacks," she said.'

So a new encryption convenience fee in 3..2..1
 
2014-09-02 06:53:56 PM  

themindiswatching: mschwenk: themindiswatching: So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made

Can't. The store I work at has upgraded to the proper equipment. The credit card processor simply won't handle those transactions yet.

Interesting. Do you work at a chain or a mom and pop? I thought credit card processors were supposed to have support for that by now.


Small mom and pop. They aren't required to provide it untill next fall.
 
2014-09-02 06:58:37 PM  

A Fark Handle: i'm ok with this.  i mean it's not ideal, but it's just credit card data, right?  not my problem.

/if it's more, then we can consider greater outrage...


Yea, these guys aren't "identity thieves" they'll just bang out the cards as quick as possible and leave the CC company to deal with the aftermath.  It may be a slight nuisance for people using their debit card since the money will temporarily be missing.

Luckily real "identity theft" is a pretty rare occurrence, relatively speaking.
 
2014-09-02 07:08:21 PM  

jaggspb: FTA:

'The real trouble is not the companies but the credit card companies and banks that aren't introducing stronger security, she said.

"They could simply encrypt the information right at the terminal. That would stop most of these attacks," she said.'

So a new encryption convenience fee in 3..2..1


It's still not going to stop data breaches such as this one or the Target breach, where the actual company servers that store this type of information are hacked.

It MIGHT stop some skimming devices (which remains to be seen, as Chip & Pin cards have already been successfully cloned/hacked in the UK), but once implementation is more widespread in the U.S., skimmers will be hell-bent on updating their cloning methods.

I don't understand why we can have 2-factor authentication like Google Authenticator to log into a damn GAME, but no one has come up with a debit card that can use it (or something similar).
 
2014-09-02 07:12:24 PM  
So if the hackers are taking control of the terminals themselves, what would chip and pin do? Now, not only will they have your credit card details, but they'd have your PIN, too. And nothing's stopping them from replaying the same transaction if a cohort were to buy a laptop right behind you.
 
2014-09-02 07:18:32 PM  
This give GOP's Putin fanboys the deniability for funding their war in Ukraine. They just claim the donation to the Vostok Brigade or Putin's discretionary topless fund wasn't theirs. Hackers must have done it.
 
2014-09-02 07:23:39 PM  
You know, Home Depot still used DOS 6.2 in their POS system. Give me a break. How about updating your tech to this century at least? The fact is, until it costs retailers more in fraud than they can collect in payments, they won't change anything.
 
2014-09-02 08:24:28 PM  

mschwenk: themindiswatching: mschwenk: themindiswatching: So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made

Can't. The store I work at has upgraded to the proper equipment. The credit card processor simply won't handle those transactions yet.

Interesting. Do you work at a chain or a mom and pop? I thought credit card processors were supposed to have support for that by now.

Small mom and pop. They aren't required to provide it untill next fall.


My understanding was that they had to support it by 2013. Maybe not necessarily provide it to merchants then, but their internal support had to be there. It sucks because you'd think they'd want to get all the kinks out by next year.
 
2014-09-02 09:12:37 PM  

GrailOfThunder: mschwenk: themindiswatching: So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made

Can't. The store I work at has upgraded to the proper equipment. The credit card processor simply won't handle those transactions yet.

Texas is ready as far as I know. They've had chipped cards for years for the Lonestar/EBT, SNAP and WIC programs.


Oh do you need my CC info? Its XXXX-XXXX-XXXX-XXXX Exp XX-XX
 
2014-09-02 09:13:12 PM  
Damn i was pwned by the filter.
 
2014-09-02 09:41:46 PM  
Most amusing thing I've seen recently is my new local laundramat now uses prepaid cards that all use the chip technology. If the ghetto laundramat can handle chips why can't you big box retailer?!?

/works for big box retail
//our stores all upgraded the card readers to handle chips last year...its just very few utilize it
 
2014-09-02 09:49:48 PM  
Yesterday was my last official day at HD.  Started a new job this morning.  Glad I missed the fun and games that this will cause.
 
2014-09-02 09:51:07 PM  

Silentbob768768: Most amusing thing I've seen recently is my new local laundramat now uses prepaid cards that all use the chip technology. If the ghetto laundramat can handle chips why can't you big box retailer?!?

/works for big box retail
//our stores all upgraded the card readers to handle chips last year...its just very few utilize it


http://life-is-a-hack.blogspot.com/2010/07/free-laundry-for-everybod y. html
 
2014-09-02 10:01:06 PM  

themindiswatching: Silentbob768768: Most amusing thing I've seen recently is my new local laundramat now uses prepaid cards that all use the chip technology. If the ghetto laundramat can handle chips why can't you big box retailer?!?

/works for big box retail
//our stores all upgraded the card readers to handle chips last year...its just very few utilize it

http://life-is-a-hack.blogspot.com/2010/07/free-laundry-for-everybod y. html


That...is nifty...theirs are different but I'm curious if the concept will carry over
 
2014-09-02 10:34:59 PM  

Lonestar: GrailOfThunder: mschwenk: themindiswatching: So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made

Can't. The store I work at has upgraded to the proper equipment. The credit card processor simply won't handle those transactions yet.

Texas is ready as far as I know. They've had chipped cards for years for the Lonestar/EBT, SNAP and WIC programs.

Oh do you need my CC info? Its XXXX-XXXX-XXXX-XXXX Exp XX-XX


If I were admin I'd ban anyone making that haha-only-serious "joke", because we all know you're just hoping for one of today's 10,000 to fall for it.
 
2014-09-02 11:53:26 PM  

mschwenk: themindiswatching: So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made

Can't. The store I work at has upgraded to the proper equipment. The credit card processor simply won't handle those transactions yet.


That's happening next year. When the switch is made, those who haven't made the hardware upgrade get end up on the wrong end a disincentive that then makes them liable for any fraudulent charges.
 
2014-09-03 12:13:18 AM  

Grand_Moff_Joseph: From the comments on the Krebs' Article (bold is me)

A little off topic but some relevance to Ben's post about protecting customer data. Received the following in our Chase statement today:

"Effective November 16, 2014, we will be updating your agreement. The updated agreement will explain that if you allow anyone to use your bank Card, or if you don't exercise ordinary care (examples of not exercising ordinary care:  if you keep your PIN with your Card, or select your birthday as your PIN) you will be responsible for all authorized and unauthorized transactions."

Holy carp.  O_O


So basically, because the credit card & debit card (and checks for that matter) payment systems have a fundamentally insecure* design, let's blame it on the end user and charge them for it.  Not much difference than the BS "PCI compliance" fees they hit retailers with every month for the same reasons.

Bet they'll keep charging those, too.


* Credit cards, bank cards, and checks/ACH all require you to give out the numbers that give complete access to the connected bank account. This allows for someone to run charges up on your card and is the reason bank accounts and VISA cards, etc. come with chargeback protections, etc. It's because they're inherently insecure.

Contrast with Bitcoin as a payment system:  you pay with a "public key" which gives absolutely NO access to your account at all.  None.

If customers had been paying with Bitcoin or a similar technology, then the Target breach and now this Home Depot breach could not have happened.  Banks need to move out of the 1950s (when credit cards were designed) and get their technology into the 21st century.

These breaches won't stop and the more the banks try to hit us with fees the more people will get pissed off. And the more people become aware of and begin to understand Bitcoin and other examples of cryptocurrency, the more people will just walk away from traditional payment systems because they'll recognize the old systems are fundamentally broken.
 
2014-09-03 12:41:15 AM  

pseudowho: Grand_Moff_Joseph: From the comments on the Krebs' Article (bold is me)

A little off topic but some relevance to Ben's post about protecting customer data. Received the following in our Chase statement today:

"Effective November 16, 2014, we will be updating your agreement. The updated agreement will explain that if you allow anyone to use your bank Card, or if you don't exercise ordinary care (examples of not exercising ordinary care:  if you keep your PIN with your Card, or select your birthday as your PIN) you will be responsible for all authorized and unauthorized transactions."

Holy carp.  O_O

So basically, because the credit card & debit card (and checks for that matter) payment systems have a fundamentally insecure* design, let's blame it on the end user and charge them for it.  Not much difference than the BS "PCI compliance" fees they hit retailers with every month for the same reasons.

Bet they'll keep charging those, too.


* Credit cards, bank cards, and checks/ACH all require you to give out the numbers that give complete access to the connected bank account. This allows for someone to run charges up on your card and is the reason bank accounts and VISA cards, etc. come with chargeback protections, etc. It's because they're inherently insecure.

Contrast with Bitcoin as a payment system:  you pay with a "public key" which gives absolutely NO access to your account at all.  None.

If customers had been paying with Bitcoin or a similar technology, then the Target breach and now this Home Depot breach could not have happened.  Banks need to move out of the 1950s (when credit cards were designed) and get their technology into the 21st century.

These breaches won't stop and the more the banks try to hit us with fees the more people will get pissed off. And the more people become aware of and begin to understand Bitcoin and other examples of cryptocurrency, the more people will just walk away from traditional payment systems because they'll recognize th ...


Good luck with that. Bitcoin is way too unstable to be viable long-term.
 
2014-09-03 02:43:06 AM  

themindiswatching: Good luck with that. Bitcoin is way too unstable to be viable long-term.


By "unstable" I assume you mean the price? The price of the dollar is in perpetual decline, so is that better? Greater adoption should stabilize the price of Bitcoin, anyway.

But you're thinking about it as a currency, which is just one application of the software.

I'm talking about it in terms of its function as a payment system. When you contrast it with traditional payment systems, it is the superior technology in basically every respect I can think of.

The only superiority older systems like Visa, ACH, etc. have is the size of their install base.

This, too, will change as more people use adopt the newer technology.
 
2014-09-03 08:57:42 AM  

bighairyguy: mschwenk: themindiswatching: So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made

Can't. The store I work at has upgraded to the proper equipment. The credit card processor simply won't handle those transactions yet.

That's happening next year. When the switch is made, those who haven't made the hardware upgrade get end up on the wrong end a disincentive that then makes them liable for any fraudulent charges.


Liability shift( from merchant to bank/consumer ) happens in October 2015.  If the merchant still accepts a swipe of an EMV capable card( there is an indicator in the mag stripe ), they are liable.  If the customer enters a PIN, they are liable.  All else is on the bank.

To make a long story short, Christmas 2015 will be the season of online fraud. 2016 will bring about 3D Secure compliance changes for online retailers, and possibly at-home EMV-readers, issued by your bank(at your cost), to generate one-time-use online passwords.
 
2014-09-03 10:58:02 AM  

StopLurkListen: Lonestar: GrailOfThunder: mschwenk: themindiswatching: So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made

Can't. The store I work at has upgraded to the proper equipment. The credit card processor simply won't handle those transactions yet.

Texas is ready as far as I know. They've had chipped cards for years for the Lonestar/EBT, SNAP and WIC programs.

Oh do you need my CC info? Its XXXX-XXXX-XXXX-XXXX Exp XX-XX

If I were admin I'd ban anyone making that haha-only-serious "joke", because we all know you're just hoping for one of today's 10,000 to fall for it.


Literally, I mean there has been historically THENS OF THOUSAND of people who get caught by this joke. I mean I should get REPORTED. Look on how many got caught and posted their CC, and the mods and admins workload having to delete their posts.
I mean, its not like one of my headlines that has a intentional typo that the admins get reported about 20 times, and when I ask for the typo to be reintroduced they decide its going to be much more of a hassle to keep the intentional typo than to fix it. Damn I give the MODMINS ( trademark - Someone has that login ) so much work.
 
2014-09-03 11:56:47 AM  

Lonestar: StopLurkListen: Lonestar: GrailOfThunder: mschwenk: themindiswatching: So when are more businesses other than Walmart going to turn on the fancy chip readers?

/obligatory plug for EMV enabled map that I made

Can't. The store I work at has upgraded to the proper equipment. The credit card processor simply won't handle those transactions yet.

Texas is ready as far as I know. They've had chipped cards for years for the Lonestar/EBT, SNAP and WIC programs.

Oh do you need my CC info? Its XXXX-XXXX-XXXX-XXXX Exp XX-XX

If I were admin I'd ban anyone making that haha-only-serious "joke", because we all know you're just hoping for one of today's 10,000 to fall for it.

Literally, I mean there has been historically THENS OF THOUSAND of people who get caught by this joke. I mean I should get REPORTED. Look on how many got caught and posted their CC, and the mods and admins workload having to delete their posts.
I mean, its not like one of my headlines that has a intentional typo that the admins get reported about 20 times, and when I ask for the typo to be reintroduced they decide its going to be much more of a hassle to keep the intentional typo than to fix it. Damn I give the MODMINS ( trademark - Someone has that login ) so much work.


For a comedian you sure can't take a joke: http://xkcd.com/1053/
 
2014-09-03 12:24:19 PM  

pseudowho: themindiswatching: Good luck with that. Bitcoin is way too unstable to be viable long-term.

By "unstable" I assume you mean the price? The price of the dollar is in perpetual decline, so is that better? Greater adoption should stabilize the price of Bitcoin, anyway.

But you're thinking about it as a currency, which is just one application of the software.

I'm talking about it in terms of its function as a payment system. When you contrast it with traditional payment systems, it is the superior technology in basically every respect I can think of.

The only superiority older systems like Visa, ACH, etc. have is the size of their install base.

This, too, will change as more people use adopt the newer technology.


So it appears you might have some misconceptions about our current banking system. For one thing, as long as economic growth outpaces inflation, the latter is not a problem.
 
2014-09-03 07:17:14 PM  

themindiswatching: So it appears you might have some misconceptions about our current banking system. For one thing, as long as economic growth outpaces inflation, the latter is not a problem.


Really? Not a problem for whom? The inflated dollar is making it difficult for everyone I know.  Your statement is conditional; is the condition of economic growth outpacing inflation guaranteed?  Even if it were, is it necessarily ideal?


Anyway, you're conveniently ignoring my actual point about the technology.
 
Displayed 45 of 45 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report