Posted on 12/21/2013 8:48:52 AM PST by Dallas59
These cards were used for in-store transactions. This is what I heard an expert say. These were not hacked from on-line transactions
The information I've seen is that they hacked the POS (Point of Sale) terminals at the registers where the customer swipes their card. The got the mag stripe information, and if it was a debit card they probably got the PIN number. They did not get the 3 digit security code on the back, so the information can't be used for online transactions. They can use the information to make counterfeit "cloned" cards that can be used in-person.
If anyone is interested in how these hacks are pulled off, research a hacker by the name of Albert Gonzalez. He was part of team that pulled off a massive and complex hacking scheme to steal credit cards numbers.
http://www.wired.com/threatlevel/2010/03/tjx-sentencing/
Rolling Stone did a decent piece on it as well. The guy was actually working as a Secret Service informant on other hackers, making the SS and the Gov look completely incompetent. Now think about someone like him working at or for the NSA and knowing and exploiting all the backdoors they have in place, like the RSA token vulnerability.
I read somewhere that it's important to monitor not only for charges you didn't make, but for the amounts on charges you did make. IOW..You bought something for $10.99..put it shows up on you bill as $ 20.99, or $110.99.
Is this true, and if so, how does the hacker/crook benefit from this?
Thanks
The latest article I saw, said that it wasn't an inside job, and that the thieves were likely located in an unspecified Asian country. Apparently the law enforcement agencies involved are choosing to keep most of what they know under their hat, as their investigation is still ongoing.
To the contrary. Credit cards are the safest way to conduct transactions. If they are stolen or lost, you can cancel them before any harm is done. Even if they are used fraudulently, you are protected. It's happened to me twice and both times, the charges were waived and I did not have to pay a dime. There were also times when I had charges reversed for getting a shoddy product or service.
Try getting a refund after you hand over cold, hard cash! And if your cash gets lost or stolen, you are out of luck.
I never pay cash, unless it is a very small transaction like a cup of coffee or a parking meter.
Thanks to the NSA, we're now one data leak away from having our entire financial system compromised.
Prolly Bulgarians or other East Europeans hacking Target from thousands of miles away
If these hackers can get into the Target computer data bank without difficulty, imagine what they will do with the personal information already entered in ZeroCare.
If you want your privacy, you can keep your privacy. Period.
Just pay it off monthly - and when the cost of money actually had some significance, you could get that bonus of the "float" to boot.
It was light on details, but the article I read said the POS terminals were compromised because of weak WAP settings. That seems to point to at least part of the operation being on-site.
In this case it doesn't appear they got into the database. The data was captured at the Point of Sale terminals before it ever got there.
Target was probably compromised by insiders in their IT organization and one or more of their service suppliers.
It is easy to cover-up a crime for some length of time when you are responsible for implementing the security arrangements.
Outside forensic teams have already descended on Target at the direction of executive management. Various three-letter Government Agencies are involved as well.
A key item apparently was that the PIN codes from in-store credit card readers were being stashed away in some unauthorized location, along with the three-digit authentication codes used for on-line orders. Information was likely being transmitted periodically to "dead drop" servers outside the company network.
When this thing unravels, there will probably be several key people found who have serious gambling problems, sex fetishes or drug additions which made them easy targets for organized crime to recruit.
It is very hard to completely erase tracks on such crimes, and the low-level, mid-level participants could all be identified fairly quickly. Whether they are prosecuted could depend on how much negative publicity Target wants to endure from the follow-through.
The high-level sponsors of this crime are probably beyond the reach of the American judicial system.
Correct. This happened to my wife and I last week while we were Christmas shopping. We were in the mall and had three or four quick transactions at various stores. On our way to the next store, we were contacted by the CC company that our card was de-activated until we called them back to confirm the charges. Within a minute or two, we had the card turned back on and we were on our way.
Now some consumers might see that as an annoyance but we greatly appreciated the fact that they were looking out for us (and themselves as well).
I only use my debit card to take cash out of an ATM. Other than that, it's only credit cards that are paid off monthly. The various protections make credit cards the only way to go. Using cash has no advantages whatsoever and carries much risk.
Me too. Do not own a debit card. Don't want one. Don't bank on line. No bank pin numbers. Nothing. Use credit card, pay it off every month too.
My wife worked at Target, part time for the past three years.
She left a couple of months ago-she was tired of be almost forced to ask people if they wanted a Target Credit or Debit card. The debit card was tied to an individual’s bank account and the person who received the Target Debit card had to provide the routing number and account number of that account.
I think Target’s profits are going to be a lot less this year.
I agree... this had persons on the inside helping. This is almost like a couple of developers were writing an executable and one of them said “hold muh beer and watch this”.
That's racist!!!
Unless you use $2 bills, in which case you're liable to spend a little time in jail.
What’s wrong with $2 bills? I carry a few squirreled in the wallet, just in case I absentmindedly spend the other bills.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.