Target, home depot card security:(

Here's another one:

formatting link

This wasn't just a successful hack. It was an fullscale intrusion that wasn't noticed for 6 months.

Reply to
Mayayana
Loading thread data ...

We had new cards issued -- free of charge -- more than a decade ago by a bank when we showed that purchases made supposedly with our card were made at places where we were not at the time.

We had new cards issued more recently because we had used a card at TJMaxx, which had suffered a data breach. Replacement cards were sent without us requesting them -- and free of charge.

Haven't shopped at Target in ages.

Have shopped at HD within the last couple of months but haven't seen any suspicious charges on our card.

We got "chipped" cards in preparation for a trip to Europe. I don't know how much more complicated it would have been to make purchases with a card without a chip.

We have a store-branded RFID-equipped MasterCard for our supermarket, but that's the only place I've ever noticed that an RFID card can be used.

I read recently that Australia is on the way to "contactless" payments

-- payments using a smartphone rather than a card, for example.

Perce

Reply to
Percival P. Cassidy

and you keep your RFID card where? oh, so you DO put it in an old Altoid metal box so it can't be scanned by others. ok.

Reply to
RobertMacy

| and you keep your RFID card where? oh, so you DO put it in an old Altoid | metal box so it can't be scanned by others. ok.

I have one RFID charge card that I never asked for. There's an icon on the back that indicates it. One can then look at the card on edge to find a tiny bump. I sliced open the bump and removed the tiny RFID chip, with no noticeable damage to the card.

One can also use something like an aluminum cover. I made a simple one by folding a piece of aluminum in half, so that it fits in my wallet.

Reply to
Mayayana

| One report was that the HD breach took place on cards used at the self | check out machines. | | I don't use those aisles, myself.

Nor I. I'd be interested to see a link for that if you find it. I was assuming that the break was into the main database.

Reply to
Mayayana

Better yet, pay in cash. That's what I do for just about everything purchased locally.

Reply to
Roger Blake

A lobotomy?

Reply to
ChairMan

FUCK THAT!!!!! We have enough californicators and yankee MOFO here in Tejas. I'd like them to stay where the f*ck they already are

Reply to
ChairMan

| | | "Sources now tell KrebsOnSecurity that in a conference call with | financial institutions today, officials at MasterCard shared several | updates from the ongoing forensic investigation into the breach at the | nationwide home improvement store chain. The card brand reportedly | told banks that at this time it is believed that only self-checkout | terminals were impacted in the breach, but stressed that the | investigation is far from complete." | | Hope the links works for you.

That works. Thanks. I'll keep an eye on the news.

Reply to
Mayayana

In news: snipped-for-privacy@4ax.com, Oren belched:

there's more than one, but the ones that are here are tryin to f*ck shit up, but we're doin are best not to let it happen

formatting link
when is someone goin to "86" Reid? : )

Reply to
ChairMan

FWIW, I remember a story that said the kiosks were the culprit.

Reply to
Kurt Ullman

I just read that the range is 2 to 4 inches. I know that I have to hold the card pretty close to the terminal for it to register.

Perce

Reply to
Percival P. Cassidy

That would be unfair to banks. They deserve 3% of all your purchases. If I pay cash for something I mark it down and at the end of the week send 3% to Citi Bank or Chase.

Reply to
Ed Pawlowski

Three percent? I've only been sending two percent. I'll have to total that up, and send a check before they back a charge me.

Reply to
Stormin Mormon

Hi Bob,

I feel your pain. Switch to cash, wherever possible.

I am a PCI consultant (credit card security). In my State (NV), PCI compliance is already the law. Merchants are liable when they don't comply with PCI. I only know of one that does. The rest BLOW IT OFF.

Law or no law, it does no good.

The credit card processors won't crack down on the merchants because they want their processing fees.

If you really want to make things happen, make the card processors

100% liable. That is the only way they will crack down on merchants who just don't care.

I have had merchants tell me straight to my face that they are not going to go through any expense just to take credit cards. And, also right in front of my face, pencil whip the forms. And under the law in this state, they become totally liable. And, THEY JUST DON'T CARE.

The only way the merchants will get serious is when they can't find a card processor that will take their business. Right now, they way it stands, they have processors beating down their doors for their business.

And some of those processors tell the merchants the most ignorant, incredible bull shit about security it makes my head spin. The card processors don't care either. They just want the processing fees.

-T

Reply to
Todd

Can I have an AMEN. As consumers, we have to be vigilant, watch our accounts every day, make our passwords harder and harder to crack, change them often, and when it is the fault of a merchant, we have to make sure the credit card companies cover us. And make sure you know the privacy policies of every company you deal with. And most of all, make sure your own computer is patchable and patched. Run firewalls and put your ISP provided router in stealth mode. And don't open emails from someone you don't recognize, and even if you do, don't click their links.

Reply to
Cheryl

Who are the credit card processors?

Reply to
Cheryl

formatting link

It occurred to me you want to know who the bad one are. I only know that Pay Pros is a good one and they take security very, very seriously. They rest, I wouldn't give them a second look, especially the ones doing credit cards for Quick Books.

Reply to
Todd

Good idea

Not always a good idea. If the bad guys did not manage to crack the first one, it is not a good idea to give them a new one to start over on.

And the bad guys are going around your passwords a lot now days with key loggers and cracking the vendors databases.

Maybe. XP is not patched. Last I looked, W7 is getting infected slightly more than XP.

Microsoft Operating system (Windows) are really bad from a security standpoint. Consider switching to security hardened operating system, such as Fedora Linux.

Microsoft is such chuckle heads when it comes to security. Quality too for that manner. Windows Frankenstein (w8) is atrocious!

Excellent idea. Those el-cheap-o routers for $70.00 are not firewalls, by the way.

Change the internal network away from the defaults. The script kiddies know how to get around Network Address Translation (NAT) routers on 192.168.0.0/24 and 192.168.1.0/24. Change it to something like

192.168.133.0/24

1) Outlook can execute them automatically. Don't use Microsoft browsers or eMail programs. 2) The bad guys will steel the infected person's address book and pick someone as the "From:". So, there is a really good chance you will recognize the "From:" name.

So, don't open anything "Cheesy" that has little or no intimate knowledge of your relationship with the "From:" person. If in doubt, call the sender on the phone and ask them if they sent it.

No fooling!

Don't do anything private on line. No bill paying, no banking, etc.. If you absolute have to, use a Linux Live CD

And switch to cash when you can. Credit cards are evil.

Reply to
Todd

It has been proven that cracking passwords takes a certain amount of time, I'm not up on how long these days, but changing passwords regularly throws off their ability to crack it before the next change.

Of course.

I'm a Windows person and hard to convince to convert but the more I have to work with open source software at work, the more comfortable I get with the *nix.

Very good idea.

We just have to be more careful and watch our accounts. I won't give up CC's for cash just yet.

Reply to
Cheryl

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.