backtop


Print 23 comment(s) - last by brotj.. on Dec 26 at 10:46 AM

The breach ran from November 27 through December 15

Target lived up to its name this holiday season when a security breach placed the bullseye on millions of its customers' debit and credit cards. 

According to Krebs on Security, Target suffered a massive security breach that resulted in 40 million credit and debit card numbers stolen throughout the U.S. 

The breach ran from November 27 through December 15, where customer information like their names, card numbers, expiration dates and CVV verification codes were compromised. 

According to Krebs on Security, the breach occurred in nearly all Target stores across the U.S. in-store, not online. 


Target Store [SOURCE: thewritersguidetopublishing.com]

The attack captured data stored on the magnetic stripes of customers' cards, which they swipe at the cash register. Other than that, the details seem a little hazy as to how the breach was launched. But Target said that it alerted authorities and banks about the situation and that it has been handled. 

However, Target also said that customers who shopped during that time period should keep an eye on their credit card statements and credit reports. 

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence,” said Gregg Steinhafel, Target’s president and CEO. “We regret any inconvenience this may cause. We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

Target is the third-largest store in America with about 1,800 stores in the U.S. It made almost $72 billion in U.S. sales last year alone.

Source: Krebs on Security



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Two Factor Authentication already
By Mitch101 on 12/19/2013 12:59:30 PM , Rating: 2
They really make it too easy. I wonder if and when they will care enough to finally add in security tokens/Two Factor or things other than a hologram on the card which prevents nothing. Has anyone really been denied a credit card purchase because of the hologram? Heck Im surprised when I don't have to sign for a credit card purchase under what $20-$30.00. It just shows that a lot of people probably never check their statements or people actually pay when there are scrupulous charges on their card otherwise they would be quicker to change to avoid problems like this. Does Target even pay a fine or premium to the credit card companies for the issue they created?

Singaporeans get hard token baked into credit card
http://www.theregister.co.uk/2012/11/08/hard_token...




RE: Two Factor Authentication already
By ERROR666 on 12/19/2013 1:06:40 PM , Rating: 2
How about just just implementing cards with chips and a pin code like the rest of the world is doing for the last 10 years?


By Mitch101 on 12/19/2013 1:08:55 PM , Rating: 2
Thats kind of what I linked to. Not sure why the US is so far behind. Crime must pay.


RE: Two Factor Authentication already
By ProfFarnsworth on 12/20/2013 3:48:33 AM , Rating: 3
Just to let you all know, the whole thing with the banks not using chip and pin.... Guess what? We will be using them soon. The only reason we haven't switched is...... BECAUSE THAT WOULD BE ENTIRE OVERHAUL OF THE ENTIRE NATION. We are alot bigger than many different countries in Europe.

A lot of people don't understand at all the infrastructure behind banks and how they work. I do. I work for one of the largest banks in the US and you have no idea what is needed and how much money it will take to spend. Soon by 2015 to 2016 you'll see them roll out but nothing will be overnight.


By retrospooty on 12/20/2013 9:40:24 AM , Rating: 2
Good news everyone! Two Factor Authentication is coming.

Hehehe


By kickoff on 12/20/2013 1:00:48 PM , Rating: 2
Actually, I worked at IBM as the executive that owned all their security products back in the 90's. We were trying to get banks to start switching to an embedded chip system back then and they knew they would eventually have to do it...and spend the money.

But the reason they put if off back then was because when we worked with them to do some pilots and the consumers were literally scared it was some government plot to get all their personal information and track what they were doing.
The average person is so paranoid (which is justified) but too stupid to understand that the chips were not some secret weapon to track them...that was being done already for many different reasons. Most of them "legitimate" as companies were trying to better target their marketing. I have no problem with this if they are up front and get people's permission to "make better offers for them". When they do it without telling us, that's when I have an issue.

And gathering that info has NOTHING to do with whether or not it has TFA (Two Factor Authentication).


RE: Two Factor Authentication already
By name99 on 12/20/2013 3:07:37 PM , Rating: 2
Ok, how much money WILL it cost? Don't just rant about how expensive it will be, share it with us. And explain WHY it will cost that much.

Because, yes, the US is big. And you know what, the US is also very populated. So the COST PER PERSON is what matters. And last time I checked, even with the 1% skimming off all the profit over the last 30 years, the US is richer per capita than most of the other countries in the world that have adopted chip-and-pin. So why exactly is it so much more expensive for the US to do this, per person, than for, say, New Zealand?


RE: Two Factor Authentication already
By ProfFarnsworth on 12/20/2013 4:14:40 PM , Rating: 2
Ok. So you gotta look at it in multiple levels. I'll try and break it down but don't have a ballpark estimate.

Merchants:
Every merchant will need to purchase these new machines. From mom and pop shops to giant retails. These things aren't cheap. Not to mention they now have to have new software to get the info off the cards.

Billing companies:
All those merchants have to go through a billing company that will handshake with the major card companies. This also requires new software and new systems. Not cheap. Having to re work entire servers and having to train your staff will cost a lot. Also new security measures will need to be implemented and regulations from the government.

Card companies:
They won't be affected as much due to infrastructure in Europe. Some will need an entire overhaul and new software. Also new systems and training. Not all companies are prepared.

Banks:
Training. Software. Regulations. Manpower. Hardware.

See a trend? It's gonna be expensive to get everything switched over. That's why it will take time for the switch.


RE: Two Factor Authentication already
By name99 on 12/20/2013 4:24:07 PM , Rating: 1
And yet a country as poor as South Africa was able to afford to do all this. Likewise Brazil. Likewise China. Likewise Turkey.

Which makes me think that either it is NOT as expensive as you claim, or the US banking industry is vastly more incompetent than their competitors around the world.

I notice you, once again, refused to provide actual numbers. Which makes me conclude that you are full of shit.


By sgestwicki on 12/21/2013 12:00:58 PM , Rating: 2
The US lead the way in a lot of areas and now we are further behind the rest of the world because we have systems that are still working but older. Other countries have been able to completely skip steps because of US innovation.

The credit card industry is one of those things. The US has a lot of infrastructure that is already set up and working. The only problem is that it is not as secure as the newer technology allows. It really just comes down to a simple equation for Visa, MasterCard, etc. "Is the amount of money we loose to fraud more then the cost of replacing the current infrastructure?" If you don't have anything in place then the question is obviously yes so they put in the new tech.


RE: Two Factor Authentication already
By brotj on 12/26/2013 10:46:48 AM , Rating: 2
Not to nitpick, but you just named four countries known for crime and poverty. More CC fraud/crime == higher need visibility == higher priority for more secure system.


RE: Two Factor Authentication already
By AntiM on 12/19/13, Rating: -1
RE: Two Factor Authentication already
By CaedenV on 12/19/2013 3:21:51 PM , Rating: 2
No kidding. I have "See ID" written on the back of my bank card for the whole 2 people who care to check it in stores. Then I went to the post office and the pricks forced me to show 2 forms of ID and sign the back of my card before they would accept it as tender... Then I slid my card and the system never even asked for a signature. WHATS THE POINT!?!?!?!?

Banking in the US needs more breaches like this so that we can get our collective act together. Our system is horribly broken, and there is no motive to ever get it fixed.


RE: Two Factor Authentication already
By CaedenV on 12/19/2013 3:25:57 PM , Rating: 2
Note: I am not annoyed that they asked for 2 forms of ID. Totally fine with that. The issue is that now there is a signature on the back of my card, and if it ever is stolen then the thief knows more or less what to aim for when forging my signature.


By Solandri on 12/19/2013 5:44:47 PM , Rating: 2
The employer pays for credit card fraud, not the employee. Most retail clerks probably don't really care.

I suspect what's actually going on is that other losses like shrinkage (i.e. shoplifting, embezzlement) are much larger than fraudulent credit card purchases. So even though the merchant ends up paying for the theft, it's just not a high priority so they don't stress the importance of credit card security with their employees.

I ran the accounting books for a hotel + gift shop for 3 years. I only recall 5 customers contesting our credit card charges, and only 2 were fraudulent purchases (the other 3 were customer error). Negotiating a good transaction rate with our credit card processor was more important than credit card fraud. I went to a lot of trouble to sort and store all our credit card receipts by date. While the records did save us from the 3 erroneous contested charges (we have to dig up the receipt and fax the signature back to the credit card processor), the total money it saved was about $200. I have asked myself if it was really worth all the extra work I did.


RE: Two Factor Authentication already
By bah12 on 12/19/2013 3:22:40 PM , Rating: 2
What really bothers me is now some stores (aka wal-mart) are no longer asking for a signature, but just the CVV code. I had a $200 bill and the machine just wanted a swipe and CVV. At least when it was a signature the clerk could check the back of the card, but now all you need is the card itself. Very weird. I totally agree we need a true 2 factor.


By sgestwicki on 12/21/2013 12:06:19 PM , Rating: 2
Two factor is absolutely better but the signature thing just annoys me. Since nobody checks it the thing is an annoyance and a waist of time. I have yet to find a company that cares what the signature is as long as you put a mark on the thing. Try signing with triangles I assure you companies will take it.


TJX Companies
By techxx on 12/19/2013 12:50:36 PM , Rating: 2
Reminds me of the TJX company breach, except in this case, was Target doing their due diligence?




Guests
By roykahn on 12/19/2013 5:09:09 PM , Rating: 2
That's the first the first time I've seen customers referred to as "guests". Makes it sound like he's running a hotel service.




Goes without saying...
By ipay on 12/20/2013 11:42:11 AM , Rating: 2
It was a very targeted security breech.




hmmm
By tamalero on 12/20/2013 11:43:58 AM , Rating: 2
Well, we can all agree that the hacking was.. (wait for it..)...
....
...ON TARGET!

not need to applaud gentlemen.




credit card security
By mmarianbv on 12/20/2013 1:31:14 PM , Rating: 2
to pay without pin, is the store choice.
in my country i enter the pin in 90% of stores.
still, there are some stores in which they just swipe the card.
i ask them why is allow to take the money without asking my pin, and they said that there was their request, and bank allowed.




This is a big deal
By mike8675309 on 12/23/2013 11:53:50 AM , Rating: 2
Somehow Target has found a way to keep the major media out of it, focusing on the 10% they gave customers for two days to make up for this. But this is a huge deal. This major corporation apparently had their POS terminal communication network infiltrated such that card swipes flowing over it NATIONALLY were intercepted and downloaded by criminals. This wasn't like a backup tape was lost and these guys grabbed the numbers off it. This is more like someone hooked into their network at their corporate server farm. Either than or they loaded malware on every POS terminal in their network.

This is crazy that there isn't more uproar over this. People may not see problems on their accounts for months. Personally if I used a credit or debit card at Target anytime in the last two months I would contact my CC company or Bank and ask for a new card with new number.

This breach is particularly troublesome because it appears the criminals have the postal code with these card numbers. Thus they can target their fraud to local areas to avoid some of the anti-fraud data checks credit card companies often perform.




"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki