Neiman Marcus and Other Retailers Breached, Credit Card Details Stolen 151
Fnord666 writes "Another day, another data breach. Apparently high end retailer Neiman Marcus has also suffered a breach of credit card data. Brian Krebs has the report: 'Responding to inquiries about a possible data breach involving customer credit and debit card information, upscale retailer Neiman Marcus acknowledged today that it is working with the U.S. Secret Service to investigate a hacker break-in that has exposed an unknown number of customer cards. Earlier this week, I began hearing from sources in the financial industry about an increasing number of fraudulent credit and debit card charges that were being traced to cards that had been very recently used at brick-and-mortar stores run by the Dallas, Texas based high-end retail chain. Sources said that while it appears the fraud on those stolen cards was perpetrated at a variety of other stores, the common point of purchase among the compromised cards was Neiman Marcus. Today, I reached out to Neiman Marcus and received confirmation that the company is in fact investigating a breach that was uncovered in mid-December.'"
The Chicago Tribune reports that "at least three other well-known U.S. retailers" suffered breaches this holiday season as well.
Perhaps it would be easier (Score:5, Funny)
For the companies not breached to just come forward.
Good thing Visa takes the risk... (Score:2)
That's the thing about CREDIT cards, the customer generally doesn't take the financial fall for fraud.
Re:Good thing Visa takes the risk... (Score:5, Funny)
Yay Credit Cards! We don't have to worry about getting screwed over because they protect us while they screw us! So we're used to it!
I feel so loved.
Re: (Score:2, Insightful)
Yay Credit Cards! We don't have to worry about getting screwed over because they protect us while they screw us! So we're used to it!
I've never had a problem with mine. Ever. I pay it off every month (thus I pay no interest), and I know that if an on-line retailer screws me over, I can dispute the charge, and the credit card company will back me.
So, I don't see a problem.
If you can't manage your finances responsibly, maybe you shouldn't have one?
Re: (Score:2, Interesting)
What you don't see is the money that VISA charges the company you buy from. which in turn that company charges you. And since all companies need to support VISA (because of the duopoly of VISA and MC), it's pretty hard to change. And you don't even know it because said company is not allowed to discuss that.
Re:Good thing Visa takes the risk... (Score:4, Interesting)
What you don't see is the money that VISA charges the company you buy from.
I'm fully aware of the money the CC charges the retailer. That's not my problem, that one of the costs of doing business.
which in turn that company charges you.
The cash price would be no lower, and even without the CC tax, most businesses will charge as much as they can anyway.
.And since all companies need to support VISA (because of the duopoly of VISA and MC), it's pretty hard to change. And you don't even know it because said company is not allowed to discuss that.
First, companies certainly do not have to accept CREDIT cards. Secondly, retailers bitch moan and complain all the time about CC fees, they certainly can and do "discuss" it with customers many times.
Accepting CC is a convenience for BOTH the customer AND the retailer. And since they build the CC fee into the price which they charge even CASH customers, retailers are in no position to make a stink. They are not obligated to sell their product to me, they can switch to a cash / debit card only business if they so choose. As it happens, it benefits them to accept CREDIT cards, and so they do.
Re: (Score:2)
The cash price would be no lower, and even without the CC tax, most businesses will charge as much as they can anyway.
You are shopping in the wrong places then.
Most small businesses, especially those in the Chinatowns or other ethnic communities, gives discount for people who pay in cash (sometimes you have to ask). The discount comes from waiving the CC merchant fees and local sales tax.
Re: (Score:2)
The discount comes from waiving the CC merchant fees and local sales tax.
Waiving the CC fee is ok. Waiving the tax is not.
I'll not even discuss about ethics, but for plain value: by waiving the tax, you're are waiving the right to get the product replaced if defective - and so, you will eventually taking home rejected products that wouldn't be sell to consumers otherwise.
Re: (Score:2)
Waiving the CC fee is ok. Waiving the tax is not.
Neither is "ok". Waiving the fee is a violation of their contract with the CC companies. Some merchants, such as gas stations, are allowed to charge a fee, but most are not.
I'll not even discuss about ethics, but for plain value: by waiving the tax, you're are waiving the right to get the product replaced if defective
This is only true if your probability of returning is higher than the tax rate. In SF's Chinatown, the tax rate is nearly 9%. There is no way I return 9% of what I buy. In Chinatown, I mostly buy restaurant food.
Re: (Score:2)
Waiving the CC fee is ok. Waiving the tax is not.
Neither is "ok". Waiving the fee is a violation of their contract with the CC companies. Some merchants, such as gas stations, are allowed to charge a fee, but most are not.
I don't see how. If I'm taking money, I'm not using the CC infraestructura, why in hell I can't give my customer a discount? And how in hell the CC company will track it down in order to detect the "violation"?
This is plain insane. And dumb.
I'll not even discuss about ethics, but for plain value: by waiving the tax, you're are waiving the right to get the product replaced if defective
This is only true if your probability of returning is higher than the tax rate. In SF's Chinatown, the tax rate is nearly 9%. There is no way I return 9% of what I buy. In Chinatown, I mostly buy restaurant food.
Your logic is twisted. It's enough that just one single expensive product (as a computer or LCD TV) be defective to destroy any saving in waived taxes for a very long time. It's also very easy to move/rename the shop when no taxes are applied, so the seller just harvester the clients until he/she burns his reputation, and then just open another shop and starts again.
(been there, saw that - #paraguayFeeligns)
The only class of products that worths cheating taxes are food, consumables and cheap and disposable
Re: (Score:2)
The only class of products that worths cheating taxes are food, consumables and cheap and disposable gadgets
... which is exactly what is for sale in Chinatown.
Re:Good thing Visa takes the risk... (Score:4, Interesting)
a couple things. Handling cash costs retailers money too. Might not impact smaller ones as much but box stores and like it makes a difference. Cash transactions take longer, so they need more checkers, it takes longer to get cash to the bank do they lose interest. Assistant managers often still hourly have to count it, and they usually need an armored car service to come pick it up, and it increases theft risks.
For bigger retailers the swipe fees can be a bargain. It's been proven over and over again customers spend more when they don't have to think about how much cash they have on them too. As an individual I like the fees too, I can track what I spend on my card so I never pay any interest, yet I still get the cash back awards and points which part of the swipe fee pay for.
As the merchant agreements usually force places not to discount cash, it's like a tax I get to charge. As others have pointed out the cards provide useful consumer protections as well.
Everybody wins except the folks who can't keeps and track receipts and get surprised with a bill they can't afford at months end or the folks who have messed up so bad they can't get a card
Re: (Score:3)
a couple things. Handling cash costs retailers money too. Might not impact smaller ones as much but box stores and like it makes a difference. Cash transactions take longer, so they need more checkers, it takes longer to get cash to the bank do they lose interest. Assistant managers often still hourly have to count it, and they usually need an armored car service to come pick it up, and it increases theft risks.
You've never run a business.
I'm not asking, I'm telling because I ran a business and Merchant Service Fees were higher than my staffing costs or my utility bills. Sometimes they were even higher than my rent.
If you honestly think cash is more expensive than credit to accept, you've never seen the figures.
Add to this that electronic transactions can take several days to go through (this is due to the bank interchange system, so switching banks doesn't help), if you're a business that has to buy stuf
Re: (Score:3)
I have seen the numbers actually for a major nation wide retail chain; from an activity based costing perspective.
I know for a fact the average ticket total is always larger when the tender type is credit. I never said cash handling cost more than credit processing fees and the associated IT infrastructure to support it, just that cash handling was by no means without cost.
Retailers participate in these contracts because they represent a net win. At least the big ones understand perfectly well both the co
Re: (Score:2)
Which is why the interchange rates for "big box" retailers are much lower than for other merchants. Interchange rates should be based on the actual transaction costs now rather than the transaction costs when credit cards were manually processed with knuckle busters.
Smaller merchants subsidize purchases at the "big box" stores.
Re: (Score:2)
I have seen the numbers actually for a major nation wide retail chain; from an activity based costing perspective.
And here's where you're lying.
Because beyond running my own business I've seen the MSF (Merchant Service Fee) costs for several fuel supply companies (we're talking multinationals here).
The costs on accepting credit cards are insane, staff costs are about half of what they pay in MSF's.
I used to run a PC hardware supply business. My shop front cost me $580 per week in rent, my 3% merchant service fee (a very average MSF) meant that if I did 25,000 turnover in a week, which was not common, but somet
Re: (Score:2)
Better than what?
The GP was saying that credit cards were better than cash (for larger stores at least, where he's seen the evidence), oh AC who doesn't even read the message he is replying to. That's a new low, even for Slashdot.
Re: (Score:2)
Sorry, none of this is true. Cash takes the same amount of time as credit/debit, sometimes less. Cash gets to the bank immediately, credit cards/debit cards take 2-3 days. Credit/debit costs about 2-3%. Cash doesn't cost anywhere near that amount. If the business is using a credit union, the cost of accepting cash is near 0%.
Re: (Score:2)
Cash gets to the bank immediately, credit cards/debit cards take 2-3 days.
Really? There is a magic pneumatic tube from the cash register to the bank and the cash requires no additional handling between purchase and deposit? Wow.
Re: (Score:2)
somehow you don't seem to be grasping the cost of doing business going directly to the price... but here's the real kicker here: you and every other US customer is paying the price for this data breach shit of massive scale.
anyhow, the real problem is the shit enforcing of the rules about them. you see, when you start processing credit card data you agree to certain rules about how to handle it...
of course, that the US version of credit cards is from the early '80s or so doesn't really help. but who is goin
Re: (Score:2)
Re: (Score:3)
If you are getting screwed with credit cards, there is a strong possiblity that youre making poor choices (like not paying your bill in full each month).
Re: (Score:2)
yeah, we don't immediately have to pay for it, the cost is just spread out to everybody over the next year or so
Re: (Score:2)
Visa doesnt charge consumers a dime to use their cards, so Im not clear how those costs are being spread.
Re: (Score:2)
Are you kidding?
Re: (Score:2)
Prices everywhere reflect the Visa tax, and would be lower without it. Money well spent for the fraud protection, IMO, but it's still a real cost. There's really no difference between a fee/tax/whatever that most merchants pay, or the the customer pays directly - either way the price is higher.
Re:Good thing Visa takes the risk... (Score:4, Informative)
That's the thing about CREDIT cards, the customer generally doesn't take the financial fall for fraud.
Maybe not, but Visa/Mastercard might just pass the pain onto the retailers.
My dad runs a small business, and usually if there is any problem with a credit card charge, Visa/MC will extract money back from him in a blink of an eye.
Re:Good thing Visa takes the risk... (Score:4, Insightful)
My dad runs a small business, and usually if there is any problem with a credit card charge, Visa/MC will extract money back from him in a blink of an eye.
What kind of "problem" would that be? If your father is not providing adequate customer service such that customers seek redress from their credit card company, maybe the problem isn't the credit card?
Re:Good thing Visa takes the risk... (Score:4, Interesting)
What kind of "problem" would that be? If your father is not providing adequate customer service such that customers seek redress from their credit card company, maybe the problem isn't the credit card?
Do I have to spell it out for you? "Credit card owner called and they do not recognize the charge because their card was stolen" qualifies as a charge-back problem. And because the items are sent within a day or two, it will often happen after the purchase has already been sent.
The point is -- just because you, as a consumer, do not have to pay the costs of stolen credit cards, do not assume that a faceless credit-card corporation will eat these costs. In reality, it will not.
Re: (Score:2)
So... the retailer is accepting stolen cards. How else would they expect that to play out?
You never get to keep stolen property, even if you pay for it in good faith. Why would the retailer get to profit from a fraudulent transaction? This is an avoidable situation, especially with mail-order items. Only ship to the billing address of the card and you'll cut these events down to a tiny number.
Now I agree that the credit card system is extremely poorly set up, but almost every situation that results in a mer
Re: (Score:2)
"Now I agree that the credit card system is extremely poorly set up, but almost every situation that results in a merchant chargeback can be traced to poor behavior on the merchant's part (not verifying the cardholder's ID, not addressing the customer's complaints, etc)."
I can't speak to brick and mortar...however:
I run an online business (I'm not gonna pimp it here), and we deal with virtual goods. We have a paypal dispute probably once a week if not more. Customers who either legitimately don't want the p
Re: (Score:2)
Maybe things are different in the US, but in Canada many merchants check ID, certainly in person. I've had online ones call me to confirm, and occasionally ask for a photocopied government ID to be e-mailed to them. Credit cards are all chip and pin now, and online transactions are password verified through VISA/Mastercard.
The real problem is the VISA and Mastercard still allow insecure transactions. The problem is not that companies are failing to protect credit card information, it's that those compani
Re: (Score:2, Insightful)
My dad runs a small business, and usually if there is any problem with a credit card charge, Visa/MC will extract money back from him in a blink of an eye.
By brother ran a small business, a fast food restaurant. These kinds of complaints arise more often than you think.
Once a customer ate his meal, complained, asked for a refund (which was met with an offer of more food, but not a return of the charge), and called his credit card company to have the transaction reversed. It was. As a small retailer, there's precious little recourse. The card company will typically take any customer complaint over the shop owner's defense.
What kind of "problem" would that be? If your father is not providing adequate customer service such that customers seek redress from their credit card company, maybe the problem isn't the credit card?
What kind of a statement is that?
Re: (Score:2)
At a gas station, I've seen numerous charge backs that are entirely customer's fault. For example, woman disputes credit card charges at pump because she sees two charges on one day. Come to find out after pulling pictures of vehicle and plate number, her it was her husband in his car. Or customer swipes his card at one pump, thinks card didn't process, drives to another pump swipes card again, then wonders why he has two charges.
Re: (Score:2)
Re:why don't people take their business elsewhere? (Score:2)
"AmEx isn't one of the big 2, and they charge the most of anyone."
However, if I chime my voice in as "just one from the average streetgoer", American Express has made its name in infamy as the card many businesses don't accept! (Because of those higher fees.)
So to be sure someone has held a few meetings over at AmEx, and decided losing those smaller accounts aren't worth whatever other clout they have among the executive set.
In contrast, I can't think of any tangible difference to me between Visa and Master
Re: (Score:2)
Scam for merchants or for consumers? If you're a merchant you are forced to take whatever payment methods customers want. A gas station, for example, that didn't take credit cards would have a lot of customers filling up and then complaining that they don't have any cash. If you're a consumer, credit cards are great.
Re: (Score:2)
Re: (Score:2)
Actually the merchants that accepted the transactions made on stolen cards, take the hit. Visa doesnt have any sort of risk in this business.
Re: (Score:3)
Actually the merchants that accepted the transactions made on stolen cards, take the hit. Visa doesnt have any sort of risk in this business.
Exactly, but many of these same merchants would tell me to get fucked if it were not for the fact that the credit card company will back me on the refund.
Re: (Score:2)
Okay, but what risk is Visa or credit card company assuming? I dont really see your point.
Re: (Score:2)
Re: (Score:2)
That's the thing about CREDIT cards, the customer generally doesn't take the financial fall for fraud.
The nice banks will certainly take it out of their bottom line. They'd never charge additional fees to recoup their loses.
They'll certainly never make the merchant pay fees (which will get passed onto you in the form of higher prices.
Re: (Score:2)
In the long run the customer and/or the taxpayer pay.
Re: (Score:2)
That's the thing about CREDIT cards, the customer generally doesn't take the financial fall for fraud.
Actually, Visa doesn't take the risk -- the merchant accepting the card does. Visa charges back fraudulent purchases to the merchant that accepted the card.
If Visa was taking on the risk, they'd have mandated smart credit cards by now.
Re: (Score:2)
If you used cash there would be no details on file to be hacked!
On-line retailers don't take cash.
Re: (Score:2)
Re: (Score:2)
The cards in question (it's even in the summary) were used at brick and mortar retailers. I want to know how/why these credit card numbers were being stored in the first place. If I walk into a store and buy something with a credit card, they have NO business keeping that information after they've received the money!
If you have a habit of returning items purchased with Credit Cards, often they return the dollar amount to your card rather than cash, to prevent fraud.
If you are paying for a service such as a hotel room, they retain your info as a guarantee you will pay when you check out, and be responsible for damage (the same is true of rental cars).
These are two reasons, there are others. Try not to be paranoid, and if you must, simply use cash if as it seems you don't like the convenience of Credit Cards.
As I said, i
Re: (Score:2)
First, the stores know it was a credit card purchase because you usually have to bring in your receipt to get the return, or did you think they would be able to look up the sale in the computer just by looking at the product?!?
As for the rest of your explanations, those are all related to rentals where a "you may owe us money if you fuck it up" agreement is always presented clearly before they record your information, but I can see by the hilarious link in your signature that you may have difficulty followi
Re: Good thing Visa takes the risk... (Score:2)
That's important and an even BIGGER issue. I'd be certain those card scanners are "rented" directly from "the bank" and not controlled by the store IT themselves. That means somebody POC certified BETWEEN the store and exchange has a really big PHYSICAL breech where CERTIFIED HARDWARE has been tampered with on their watch.
I'd bet this affects a whole model/serial number batch of devices all across the country, not just the big sellers.
Or bitcoins... (Score:2)
More online retailers are accepting it. Overstock.com being the most recent example.
Re: (Score:2)
Conversely, if you get mugged, its a lot better to have credit than cash.
Re: (Score:2)
Time to overhaul the Credit Card system in the US. (Score:5, Interesting)
Re:Time to overhaul the Credit Card system in the (Score:4, Insightful)
Re:Time to overhaul the Credit Card system in the (Score:4, Interesting)
The "fix" is to hold the breaches responsible for every fraudulent charge and re-issued card.
Not just the card itself, the bank's time and to send a letter, reissue all the cards, mail them.
And then, I read earlier today, 140 million Americans are affected by the Target breach. Each of them with a current card that's getting cancelled has to go set up new automatic payments on their various autopay services, etc.
Target should be giving them a concession, say $100 or so per person for all the time they'll waste.
Now then, given acutal liability for their actions, Target would never assume such risk without getting an insurance policy to cover it. And the insurance company would have a squad of auditors in their IT center to scour the thing before they issued the policy.
In the end, we'd wind up with the secure solution we're actual looking for. So the actual problem here is that corporations aren't held responsible for their negligence. Which is exactly why they form these big corporations in the first place.
Re: (Score:2)
Which is why, you shouldn't use pull autopay. You should use push auto pay.
If the credit card companies want to be involved in auto-pay or one-click situations, they should bring their id/authentication out of the 1950s.
Re: (Score:2)
...140 million Americans are affected by the Target breach.
Half of all Americans shop at Target? That may be right, but it seems wrong.
Re: (Score:2)
140 million Americans are affected by the Target breach.
Surely not directly? Are they saying 2 of every 3 adult Americans shopped at a brick and mortar Target in December and used a credit card? I can vouch that I was one of those that did not.
Are they saying everyone who has a Visa or Mastercard is "affected"? That number does seem pretty close to the number of adults with a visa or mastercard (estimated at well above half of the adult population but I couldn't find an exact number).
Re:Time to overhaul the Credit Card system in the (Score:4, Interesting)
No, you missed the latest fun with target...
They lied..
The cards stolen weren't by someone intercepting CC numbers when used, They kept EVERYTHING in a linked database that was stolen. Name, address, phone number, multiple CC numbers etc. (they haven't said a db, but they said a source containing historic information. Maybe it was a flat file, but I'd hope not)
The fact they lied repeatedly and that they kept this info makes it a LOT worse than the Sony breach in my mind.
They should be very liable.
Re: (Score:2)
That insurance company's squad of auditors would be no more and no less effective than the PCI/DSS audit system.
Re: (Score:2)
That insurance company's squad of auditors would be no more and no less effective than the PCI/DSS audit system.
I've sat across the table from a PCI auditor and told him, "no, we are not going to encrypt our passwords - they're hashed for a good reason" and had him give me a blank stare. Forgive me for not putting faith in the PCI system.
Re: (Score:2)
The PCI council thinks a WAF is sufficient to protect a vulnerable web application. So that's PCI compliance for you...and many companies don't even meet THAT compliance. If they fail at something this obvious/small imagine a system this big and complex..?
Re: (Score:2)
Re: (Score:2)
Since negligence includes failing to follow the system properly (and often does), this is not possible.
Re: (Score:2)
Since negligence includes failing to follow the system properly (and often does), this is not possible.
Sure it is - design the system so that if you don't follow it, transactions are impossible.
It is fairly trivial to design a system such that a transaction is impossible without the card present and the card owner's authorization (two factor authentication). All data entering and leaving the card could be intercepted or recorded, and the most that could be done by an attacker would be to block the transaction (denial of service). The credentials required to authorize a transaction (one time only) would nev
Re: (Score:2)
You miss his point. The system should be set up so that the retailer CAN'T compromise it. I don't live in the US. When I make an online credit card transaction, the retailer collects the number, then redirects me to a confirmation page from the card company. There I enter a password that the retailer never sees, and so cannot abuse.
A credit card number should be useless without a second factor that is never known by anyone other than the customer and the card issuer.
Re: (Score:2)
But the card number does not have to be stored for it to be vulnerable. They could also capture the data in transit. If you can get access to a database, its pretty reasonable that other things on these systems can be accessed such as memory and network interfaces where data is in transit. All you need is a monitoring program that records everything passing through the system.
Re: (Score:2)
Re: (Score:2)
Yes, we should use government issued IDs with biometrics to prove our identity with every transaction. It's the last link in the chain they haven't quite closed yet... well that and paper cash.
Re: (Score:2)
What impact? Mom and pops aren't in charge of how the banking system runs. The efforts required to fix the problem don't "scale down" -- it's all up at the top with the people who hate parting with their hoarded money.
How do I check if my card number is compromised? (Score:2)
How do I check if my card number is compromised?
Does this affect only cards used in brick-and-mortar store cashier machines?
Re:How do I check if my card number is compromised (Score:5, Funny)
How do I check if my card number is compromised?
Add the digits of the CC number, multiply by the CSC then divide by the expiration month. Write that number on a piece of paper and fold it in half. Then check your CC statement to see if you shopped at Target or Neimen Marcus. If so, burn the paper. If the Eye of Sauron appears in the flames, you are OK. If not, you are compromised.
Re: (Score:2)
You're assuming it would have made any difference. Remember that these systems have to store the data whilst the transactions are in flight. No, the solution has been known for decades - it's EMV, and every Slashdot story on these card breaches contains exactly the same discussions about how the USA needs to upgrade. Seriously, the USA is more than 10 years behind by now. It doesn't just dick over Americans. The need to be able to travel to the USA means banks everywhere else still need to support stupid ma
Re: (Score:2)
You're assuming it would have made any difference. Remember that these systems have to store the data whilst the transactions are in flight. No, the solution has been known for decades - it's EMV.
I'm hoping it's just ignorance of how EMV actually works that makes you say that. Some people are under the mistaken belief that EMV means account details are encrypted (yes their are private keys on it), or that EMV somehow protects your account details from being used to charge your account - and they're wrong on both counts.
In this particular instance the problem only looks like it's related to Target, the common factor is the Indian card processor, the people behind it have been operating this and simil
Re: (Score:2)
You should read the EMV wiki page [wikipedia.org]. When used with DDA cards, which modern cards all are, it protects against cloning of the card and thus protects card-present transactions. Yes, EMV
Re: (Score:2)
You should read the EMV wiki page [wikipedia.org].
Wikipedia [wikipedia.org] huh? [cam.ac.uk]
Maybe if I get bored I'll add a link to a paper recently published by, um, some Australian researcher showing much simpler techniques. Though I expect the industry shills will just pull it off Wikipedia (again) - it's the only way they can avoid losing in the courts as EMV isn't to protect you - it's to protect banks from liability.
And math skills aren't required - EMV can also be defeated with a paper-clip. I'm sure you can do your own reseach (clicking on Wikipedia barely qualifies as res
Re: (Score:2)
I remember Albert Gonzalez [wikipedia.org] from the major TJ Maxx credit card theft incident. He was on the secret service payroll at the time, in a Frank Abagnale [wikipedia.org] type prison-work release.
As a founder of ShadowCrew (an early credit @ Atm numbers acquisition venture of his), his site moderators forced members to provide refunds if the stolen credit card was no good.
Re: (Score:2)
How is paying with cash more secure than a wireless credit card? If you lose the credit card you can cancel it as soon as you notice. If you lose the cash, too bad.
Re: (Score:2)
PINs are sort of stupid in a retail setting, any way. The way most pads are set up, the other customers can clearly see what digits you're inputting, and voila, now they can use your card at any ATM.
Signatures are just as pointless. They don't prove anything unless you have a meticulous signature. People in general aren't that anal and unless you're Benjamin Franklin or some shit with a degree in calligraphy, the makeup of your signature fluctuates over time.
The US appears to be using a system that's outli
Re: (Score:2)
Signatures aren't meant to be your password. They're meant to be a deliberate act signifying your acceptance of terms. Any deliberate mark will do, which is why old movies have (usually illiterate) characters literally signing contracts with an X.
Another problem wit trying to use a signature for ID is that your calligraphy plan won't work. It only even sort-of works as id when muscle memory kicks in - when you sign as quickly as possible.
I'm beginning to wonder (Score:2)
Is this the next false flag? We've already got just about everyone convinced that magic card numbers are "identity" And we've already convinced the public that breech of this "identity" somehow hurts the person identified (not the banks or retailers) and that the banks and retailers are being generous by helping us out of this mess when it happens. And on top of that? When it happens, we get "free credit monitoring services!"
We're now seeing an avalanche of these types of breeches. What are they planni
Re: (Score:2)
Put down the bong. Like the whole credit crisis this is the result of cutting corners to put short term profit over long term benefit. Steal a little here fudge a little there. It all works fine until the shit hits the fan. Domesticated monkey politics at its finest. It takes a crisis to get us off of our collective asses.
burn indeed (Score:2)
The companies don't wanna pay good money for real security, and they want to throw you behind bars if you go vigilante white-hat on them, so give up. I agree with another /.'er who stated yesterday about the news of the Australian white-hat kid: let 'em burn. If that means going cash, too, go cash.
Keeping everything consolidated on just one card doesn't hurt, either. If it's a debit card you can coal-load it. When you need to make purchases, tally them up first and then go deposit the money you'll need. Cha
Re: (Score:2)
Have fun getting mugged.
At least with credit your liability is generally zero.
Re: (Score:2)
> "Have fun getting mugged"
Stupid on so many levels that I'm not even sure why you said it. Do you really go around your life worried that you're a target for mugging? Maybe you should put the fancy tablet away when you're hanging out in the ghetto. Honestly I don't know what to say to you, your response should be modded down for trolling.
As far as the liability is concerned, who cares? You're still in purchasing limbo until you straighten out a new card. "Have fun" waiting for the mail to arrive and goi
Re: (Score:2)
But the mugger is bound to be a lot harder on you if you cannot give them cash. Your risk-model sucks.
Re: (Score:2)
There are various virtual cards available on-line (I was CTO of one issuer) where you can create a new card with a new number with exactly the limit required for each transaction, eg if you don't trust the retailer fully.
Rgds
Damon
Re: (Score:2)
Nice! Do you have some links?
Re: (Score:2)
The product/site is Entropay:
https://www.entropay.com/ [entropay.com]
(so-named given my obsession with constructing a good entropy pool to draw the random new card IDs from, amongst other things!)
Rgds
Damon
Re: (Score:3)
This is made worse by US banks trying to do this cheap, cheap, cheap. With my European card, I have gotten replacements for free and without asking for them 2 times now because they suspected something could be up. Cancellations are easy (mark it on a copy of the statement, send it back), and while the risk is with the vendor, they can use a processor that asks an additional password not found on the card ("verified by Visa", "Mastercard secure code"), which drives fraud nearly down to zero. In 14 years I h
These cretins are learning security is not free... (Score:2)
It is not so difficult keeping hackers out. Sound security implementations, regularly independently and competently reviewed (no, I am not talking about pen-tests, these are borderline useless and can maybe help keeping the script-kiddies out) and fixed as soon as flaws are found are quite enough to drive the attacker-effort though the roof. Unfortunately, many clueless MBAs in "management" thing this is not needed. If you take into account that we are only hearing about the tip of the iceberg, things are r
Re: (Score:2)
It is not so difficult keeping hackers out. Sound security implementations, regularly independently and competently reviewed
Yes. A system can be designed that is virtually impregnable when followed to the letter, but in systems involving implementation by humans, some genius will invariably skip a step that saves him 13 seconds of personal time.
Foolproof is impossible, because just as soon as that level of assurance is reached, they make a little bit better fool.
Cookies (Score:2)
It was probably just that lady trying to get her money back for the cookie recipe.
Sorry I got here so late... (Score:2)
What about EMV (chip and PIN) cards in the US? (Score:3)
One reason that you may not hear of these breaches in places outside the US is that many use PIN and CHIP cards that make it MUCH more difficult to use or steal the credit card numbers.
Visa and MasterCard and Amex already use these outside the US... http://en.wikipedia.org/wiki/EMV [wikipedia.org] and they are supposed to be mandatory for the us in the next couple of years. Maybe the deployment should be expedited? For a standard that has been in wide use for over 15 years elsewhere, its about time that the US finally catches up....
Re:What about EMV (chip and PIN) cards in the US? (Score:4, Informative)
In the US, moving to this system would almost surely come with the banks relieving themselves of all liability for fraud. Since the EMV system is completely and totally secure (which, of course, it's not [wikipedia.org]), any charge must have been authorized by the cardholder and can't be disputed.
The meager customer protections that exist for credit cards are a relic of the past. In the current US, there's no way a new system would make anyone with money hold any of the risk.
Cash is King (Score:2)
Re: (Score:2)
Just cut up the cards and go back to using cash. A simple solution that has a proven track record of not being able to be hacked.
The methods of hacking cash-based systems are rather older, and tend to start with crimes like armed robbery.
So who were the other companies? (Score:2)
So how/why was the Tribune sworn to secrecy regarding the names of the other three companies that were hacked? They were ``well-known''. Well, gosh, thanks a pile for narrowing it down for us consumers. Now your readers have to wait until they discover themselves that they're a victim of these hacks.
It doesn't surprise me one bit that the business-friendly Tribune would conc