OT Target Hacked

They should discount for cash if the CC cost was built in. The cost for the CC is about six cents. Everyone likes the convenience of using plastic, but we don't want to see the real cost of using them. I wonder how banks build them big home offices.

My debit card says "Visa" on it. One of the conditions for using the name, I'm told is that the legitimate user is not liable for ANY fraud. (USA law allows them to stick you with the first fifty bucks.

But my credit union goes even better. When I got cheated, I filled out a form and got the money back in a couple of days.

I know a guy one semester away from a Computer Science degree who wanted to turn off the firewall so he could play some game.

My children are (I think) quite honest. But I still won't tell them any password or PIN.

He used a PIN. Direct to the bank; no fees to the station. Using it like a credit card results in the CC processing fee. The bank likes that, because they get a portion of it. (Your "rewards" rebate comes out of that portion.)

Three to five percent, depending on the card. Some of them also add a per-transaction flat fee.

And the extra vanishes as soon as they go back and type in the amount you actually wrote.

Aldi will not process credit cards, they will only let you use a debit card or the debit function of your bank card. I use my bank card all the time as a credit card, singing a sales receipt rather than using a PIN number. If someone stole my bank card, they would have to use it as a credit card until it was declined or turned off. ^_^

TDD

I never go to Aldi, but if all they take is debit cards I would have to leave the groceries at the store as I don't have a debit card.

I know several places that have a big sign on the door about not taking cards of any kinds, but state there is a teller machine inside for cash.

Aldi will take cash and debit cards, just not credit cards.

Typically those ATM's are the "generic" kind - not affiliated with any specific bank - so the transaction fee (anywhere from $1 - $3) is paid by the customer. In addition, it's typically the high priced convenience stores, like at a gas station, that employ that technique. You pay higher prices for each item, and then tack on another few dollars for the pleasure of paying that higher price.

I'm sure the store gets a piece of that action so it's a good deal for them, although they may lose some sales too. I'll drive down the road to the next place instead of paying extra because they force me to pay cash.

The non-PIN transactions are on VISA (or MC). The PIN transactions are on them (and you). Of course they're going to check them out. How they do this (and what they put you through) depends solely on the bank.

I have seen a few who state that policy but far more who don't.

An interesting twist on that is even with a CC, a similar thing is done. I've had a card rejected because one hold didn't clear the system before the card was used again. This has happened to me a couple of times, once particularly pissed me off because we were moving and driving both cars. I could fill one but not the other. Anyway, the CC company told me that they usually clear in a few minutes but it can take several hours for a transaction to clear.

I've seen it for at least five years in the SE. It's almost ubiquitous, now.

Yep. It's very low on the inconvenience scale and it does provide

That is correct, as long as you do NOT use the PIN. If you use the pin, it's cleared thought the bank's networks, not VISA, so VISA doesn't insure it. Your bank may have the same policy (or may not) but if it's not a VISA transaction, the rules *are* different.

Yes, that's usually the case with CUs. The same happened to me when Horror Fright got hacked a couple of months ago. In my case, the perps didn't get the PIN, though I used it at HF, so the transaction was guaranteed by VISA. My CU just handled the paperwork (and go me a new card).

Amazing! I wouldn't even do that at home.

Wrong. As long as the CC companies are paying for the fraud, *THEY* are the ones who can decide when it's worth it to tighten security. As a consumer, you are *NOT* on the hook. Legislation is *NOT* necessary at all.

It was at home. :-) Fortunately, _I_ control the firewall here.

Oh, I thought you were talking about him doing at he place of employment. At home, I can almost understand it. People to all sorts of dangerous things with their own stuff. I don't have a real problem with it.

Why more legislation? Any card with a Visa or Mastercard logo is protected from fraud by the bank. It may be inconvenient while waiting on a new card, but the loss goes to the bank and whoever mishandled the data. The US government does not need to intrude with more regulations. If the issuer is happy to take the hit, they are the ones that need to wise-up. Target didn't even have a reason to store the card info, to me they are solely responsible and I'm sure the banks will sue Target for all the refunds, time & labor, new cards, and other expenses related to making things right with their customers.

Heck, they should have named the store 'TARGET' with a giant bulls eye for a logo. They almost dared someone to try! ;-)

Agreed, with a couple of points of clarification. VISA and MasterCard only guarantee the transaction if it goes through their clearing house (as a credit transaction). If it's a debit transaction, the rules are different and it's up to your bank.

AIUI, the data was lifted in transit through Target's clearing house. They certainly did have the need for the data as it passed through. This (apparently) wasn't a case where Target stored data they weren't supposed to. However, they will still be on the hook for mishandling the data. It was a hack to their system (my bet is that it was an inside job).

;-)

I have not researched the details, but are you saying a MitM attack was used? That's 40 million transactions being listened to. Someone must have access to the last hop of the router as the sales were being done in real time or at the end of the day when they send all the bulk data.

If PIN codes were captured, then it must have been in real time. And why does the merchant need the 3 digit verifier if the card is swiped?