WebProNews

Tag: credit card breach

  • Credit Card Protection: Why Won’t America Evolve?

    There has been a lot of chatter in the United States after huge breach in security that saw Target hacked and upwards of 70 million customers compromised. In the following weeks there was a great deal of paranoia regarding whether or not to go to Target or any other store.

    Neiman Marcus was also hit with a major breach. Both businesses had executives testify and attempt to defend their security practices.

    Now there are arguments regarding whether or not credit cards or debit cards are safer and which stores are better able to prevent information from leaking.

    But here is the cold truth: It doesn’t matter.

    It doesn’t matter if you use credit or debit. It doesn’t matter whether you brave Target or opt for the Walmart down the street.

    No matter where you go with your American-issued card, you are at risk. Because the technology that we use for our credit and debit cards is hopelessly out of date and so easy for criminals to hack, it is frightening.

    The technology that we use for our cards is roughly the same as what it takes to record music to a cassette tape. And as you don’t see people beating down the doors at the local music store for their favorite artist’s latest cassette release, that should clue you as to just how old this technology is.

    There’s a reason you don’t hear about these sort of threats in other parts of the world: The systems have evolved. Instead of relying on a flimsy magnetic strip, the credit cards use chips to house data. These chips use a level of security that is very hard for hackers to penetrate. Most hackers don’t even bother. Why would they? There are millions of potential victims in a very wealthy country where institutions continue to issue cards that remain steadfastly behind the curve.

    There is no major push for change because the process of updating the cards costs more money than any of these institutions are willing to spend.

    So the question becomes, what’s going to have to happen for things to change in the United States? Given the reluctance to move forward despite these major breaches, one can only imagine a huge catastrophe will have to occur.

    Usually in situations like this, the desire to evolve only arises after one’s hand is forced. Sadly, we haven’t gotten to the point of sensible proactive measures.

    Image via Wikimedia Commons

  • Free Credit Report Offered By Target; Avoid Phishing Scams

    Free Credit Report Offered By Target; Avoid Phishing Scams

    Target announced in mid-December that millions of customers were affected by a data breach. Hackers were able to obtain credit and debit card information, as well as names, addresses and phone numbers for some customers. Since the breach was announced, Target is working to make their system more secure and has also offered one year of a free credit report service to customers.

    The retailer is offering free credit reports from Experian through ProtectMyID.com. This service typically costs $15.95 per month, or approximately $190 per year, but will come at zero cost for Target customers for a period of one year. In addition to giving customers access to their credit reports, the service will include identity theft insurance.

    The free credit reporting service is available to all customers that have shopped in Target stores. Customers that decide to go with Target’s free credit report service must sign up by April 23, 2014. After signing up, customers will receive an activation code, which must be redeemed by April 30, 2014.

    Another big concern now that Target is offering the free credit reporting service is that criminals may send out emails under Target’s name. Such phishing scams can cause people to get malware on their computers or put their personal information, such as Social Security Numbers, into the wrong hands. To avoid becoming victim to such scams, Target offers up a few tips on their Credit Monitoring FAQs page:

    Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.

    Delete texts immediately from numbers or names you don’t recognize.

    Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.

    If you suspect that you received a fraudulent email under Target’s name, forward it to [email protected].

    This isn’t the first time that a large data breach has resulted in personal information being divulged. A similar breach occurred in South Carolina back in 2012. A data breach in the Department of Revenue affected approximately 4 million taxpayers. Like Target, South Carolina also offered a year of free credit monitoring service through ProtectMyID.com.

    Image via Wikimedia Commons

  • Neiman Marcus Confirms Data Breach

    Neiman Marcus Confirms Data Breach

    Upscale retailer Neiman Marcus is the latest chain to announce a data breach that may put its customers at risk for credit card fraud.

    According to Krebs on Security – the same site that broke news of the Target data breach back in December – Neiman Marcus confirmed that it is working with the US Secret Service to investigate a server break-in that exposed debit and credit card information of an unknown number of its customers.

    Early last week, cyber security reporter Brian Krebs began hearing rumors from his sources in the financial industry of fraudulent debit and credit card charges that were being traced back to cards that had been recently used at Neiman Marcus stores.

    On January 10, Krebs reported that he’d contacted the Dallas, TX-based upscale retailer about the rumors and received confirmation that they were indeed investigating a breach:

    “Neiman Marcus was informed by our credit card processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores.

    We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor, a leading investigations, intelligence and risk management firm, and a leading forensics firm to investigate the situation. On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers’ cards were possibly compromised as a result. We have begun to contain the intrusion and have taken significant steps to further enhance information security.

    The security of our customers’ information is always a priority and we sincerely regret any inconvenience. We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after making a purchase at our store.”

    Retail giant Target made a similar announcement on December 19. From there, the news just kept getting worse. On December 27, the company announced that hackers had also stolen PIN information. On Friday, Target said that the number of customers affected by the data breach was closer to 70 million than the originally estimated 40 million. Furthermore, in addition to debit and credit card numbers, the hackers may have stolen names, addresses, phone numbers, and email addresses.

    Robert Siciliano, a cyber security expert with McAfee, says it’s possible that the data breaches at Target and Neiman Marcus were perpetrated by the same group of hackers.

    Adding to the general concern about credit card safety, Reuters announced today that smaller-scale data breaches have taken place at at least three other well-known US retailers.

    Image via Wikimedia Commons

  • Target Hackers Pounced On Outdated Security System

    Target Hackers Pounced On Outdated Security System

    In the aftermath of the second-largest credit card security breach in American history, new details are emerging regarding what lead to it—and why it may very well happen again.

    On December 19th, the retailer Target announced that upwards of 40 million credit card numbers were hacked between the period ranging from the day before Thanksgiving until about December 15th. While the company conveyed in its message that the customers were not at fault and that they likely would not be in any serious danger, it fell on deaf ears. Customers were very upset, especially when it became impossible for victims of the theft to contact company personnel to ask important questions.

    Target hoped to do damage control by offering first a 10% discount to all shoppers for a couple of days and then a free credit check. The efforts seem to be coming up short in the eyes of the public. First there are those who were negatively impacted by a credit limit imposed by JPMorgan Chase as a security precaution. As a result, last minute Christmas shopping would be extremely curtailed for those who braved Target’s checkout lines.

    The free credit check is hardly generous since a free credit report is available annually from only one source: A government-sponsored website called Annual Credit Report. Regardless of Target’s mentioning it, consumers could go to the same place…So just how generous is this offer really? As for the 10% discount, it remains to be seen if it will make a dent in the negative publicity.

    If you are an impacted consumer who intends to take your business elsewhere or are breathing a sigh of relief at having avoided this particular catastrophe, then there is something you need to know. According to security experts, the problem that lead to the massive hacking is not Target’s fault alone. It’s actually an American problem. The very cards you use have an outdated security measure – the magnetic strip on the back.

    The card strips are based on the very same technology that gave us cassette tapes. That’s right, CASSETTE TAPES. Think about when those tapes were a dominant music medium and count the decades between then and now. Other wealthy countries have moved on to cards that use digital chips to hold information. These cards are secure to the point that it’s too much work to hack them. Why bother when you have one of the wealthiest nations on the planet using measures that are decades behind?

    If you were hoping to avoid a major breach in the future by taking your credit or debit card elsewhere, don’t bother. Experts say that it’s just a matter of time before the next breach happens. The only way to get around it would require millions of Americans to be upgraded to more secure and better made cards. Unfortunately, this is a pricy solution that many companies will not bother with if they don’t have to. As for the stolen cards, hackers have already started putting fake versions on the black market.

    To avoid immediate detection, it seems these individuals are selling the cards in the same areas they were stolen from. Financial institutions tend to be more mindful of card transactions that take place far from the zip code location where a card owner resides and shops. If a stolen card is being used within the same area as the victim, unless that card has been reported stolen then odds are they won’t notice.

    The best bet for all victims is to cancel the cards immediately and get new ones. Additionally, persons must carefully consider where and how they use their cards and be mindful of their credit information. If you really think about it, these are the sort of measures that sensible shoppers are meant to use regardless.

    Image via Target Official Facebook Page

  • Global Payments Security Breach Investigation Continues

    The debacle over U.S. Credit Card processing company Global Payments security breach and stolen credit numbers continued yesterday with a press release from the company answering questions.

    Global Payments made news in late March when Krebs on Security reported as many as 10 million credit cards could have been stolen in a security breach occurring between January 21 and February 25 of this year.

    Global Payments came out as the processing company whose security was breached in the theft, saying “only” around 1.5 million cards were compromised.

    They say that data collected from the security breach could be used to counterfeit new cards, but emphasized that cardholder names, addresses, and social security numbers were not compromised.

    Global Payments has since released fraud alerts to the people whose data they believe may have been stolen

    Here is a excerpt from the statement released yesterday:

    Why have card brands removed you from their list of PCI Compliant Service Providers?
    Based on our announcement of unauthorized activity in a limited segment of our North American processing system, some card brands removed us from their list of PCI compliant service providers. They have requested we revalidate our PCI status, which we will do following the current investigation. We anticipate that we will be re-instated to those lists at the conclusion of the re-validation and any required remediation.

    Can you continue to process transactions?
    Yes. Global Payments will continue to process transactions for all card brands with the same high level of service our customers have come to expect.

    Were fraud alerts issued on more cards than 1.5 million card numbers you reported?
    Yes. In any matter of this nature, the card brands cast a wide net to protect consumers, and we supply as much information as possible to assist over the course of the investigation. We continue to believe that less than 1.5 million card numbers may have been exported.

    Do you expect to release additional card numbers?
    The company has delivered, and may continue to deliver, card numbers to the card brands and other third parties to help thwart criminals and combat fraud.

    What does “exported” mean?
    Taken or stolen from our network.

    Could there be broader time periods in question?
    We have not publicly communicated any time periods and there is a full investigation underway. It would be premature and inappropriate for us to speak to or confirm any timeframes until the investigation is complete. We identified and self-reported this incident in early March, and we will continue to provide information to the appropriate parties as revealed by the investigation.

    [Source: ZDNet]