Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Neiman Marcus and Other Retailers Breached, Credit Card Details Stolen 151

Fnord666 writes "Another day, another data breach. Apparently high end retailer Neiman Marcus has also suffered a breach of credit card data. Brian Krebs has the report: 'Responding to inquiries about a possible data breach involving customer credit and debit card information, upscale retailer Neiman Marcus acknowledged today that it is working with the U.S. Secret Service to investigate a hacker break-in that has exposed an unknown number of customer cards. Earlier this week, I began hearing from sources in the financial industry about an increasing number of fraudulent credit and debit card charges that were being traced to cards that had been very recently used at brick-and-mortar stores run by the Dallas, Texas based high-end retail chain. Sources said that while it appears the fraud on those stolen cards was perpetrated at a variety of other stores, the common point of purchase among the compromised cards was Neiman Marcus. Today, I reached out to Neiman Marcus and received confirmation that the company is in fact investigating a breach that was uncovered in mid-December.'" The Chicago Tribune reports that "at least three other well-known U.S. retailers" suffered breaches this holiday season as well.
This discussion has been archived. No new comments can be posted.

Neiman Marcus and Other Retailers Breached, Credit Card Details Stolen

Comments Filter:
  • by Anonymous Coward on Sunday January 12, 2014 @02:25AM (#45930697)

    For the companies not breached to just come forward.

  • That's the thing about CREDIT cards, the customer generally doesn't take the financial fall for fraud.

    • by binarylarry ( 1338699 ) on Sunday January 12, 2014 @02:35AM (#45930721)

      Yay Credit Cards! We don't have to worry about getting screwed over because they protect us while they screw us! So we're used to it!

      I feel so loved.

      • Re: (Score:2, Insightful)

        by Frosty Piss ( 770223 ) *

        Yay Credit Cards! We don't have to worry about getting screwed over because they protect us while they screw us! So we're used to it!

        I've never had a problem with mine. Ever. I pay it off every month (thus I pay no interest), and I know that if an on-line retailer screws me over, I can dispute the charge, and the credit card company will back me.

        So, I don't see a problem.

        If you can't manage your finances responsibly, maybe you shouldn't have one?

        • Re: (Score:2, Interesting)

          by Anonymous Coward

          What you don't see is the money that VISA charges the company you buy from. which in turn that company charges you. And since all companies need to support VISA (because of the duopoly of VISA and MC), it's pretty hard to change. And you don't even know it because said company is not allowed to discuss that.

          • by Frosty Piss ( 770223 ) * on Sunday January 12, 2014 @03:01AM (#45930805)

            What you don't see is the money that VISA charges the company you buy from.

            I'm fully aware of the money the CC charges the retailer. That's not my problem, that one of the costs of doing business.

            which in turn that company charges you.

            The cash price would be no lower, and even without the CC tax, most businesses will charge as much as they can anyway.

            .And since all companies need to support VISA (because of the duopoly of VISA and MC), it's pretty hard to change. And you don't even know it because said company is not allowed to discuss that.

            First, companies certainly do not have to accept CREDIT cards. Secondly, retailers bitch moan and complain all the time about CC fees, they certainly can and do "discuss" it with customers many times.

            Accepting CC is a convenience for BOTH the customer AND the retailer. And since they build the CC fee into the price which they charge even CASH customers, retailers are in no position to make a stink. They are not obligated to sell their product to me, they can switch to a cash / debit card only business if they so choose. As it happens, it benefits them to accept CREDIT cards, and so they do.

            • The cash price would be no lower, and even without the CC tax, most businesses will charge as much as they can anyway.

              You are shopping in the wrong places then.

              Most small businesses, especially those in the Chinatowns or other ethnic communities, gives discount for people who pay in cash (sometimes you have to ask). The discount comes from waiving the CC merchant fees and local sales tax.

              • by Lisias ( 447563 )

                The discount comes from waiving the CC merchant fees and local sales tax.

                Waiving the CC fee is ok. Waiving the tax is not.

                I'll not even discuss about ethics, but for plain value: by waiving the tax, you're are waiving the right to get the product replaced if defective - and so, you will eventually taking home rejected products that wouldn't be sell to consumers otherwise.

                • Waiving the CC fee is ok. Waiving the tax is not.

                  Neither is "ok". Waiving the fee is a violation of their contract with the CC companies. Some merchants, such as gas stations, are allowed to charge a fee, but most are not.

                  I'll not even discuss about ethics, but for plain value: by waiving the tax, you're are waiving the right to get the product replaced if defective

                  This is only true if your probability of returning is higher than the tax rate. In SF's Chinatown, the tax rate is nearly 9%. There is no way I return 9% of what I buy. In Chinatown, I mostly buy restaurant food.

                  • by Lisias ( 447563 )

                    Waiving the CC fee is ok. Waiving the tax is not.

                    Neither is "ok". Waiving the fee is a violation of their contract with the CC companies. Some merchants, such as gas stations, are allowed to charge a fee, but most are not.

                    I don't see how. If I'm taking money, I'm not using the CC infraestructura, why in hell I can't give my customer a discount? And how in hell the CC company will track it down in order to detect the "violation"?

                    This is plain insane. And dumb.

                    I'll not even discuss about ethics, but for plain value: by waiving the tax, you're are waiving the right to get the product replaced if defective

                    This is only true if your probability of returning is higher than the tax rate. In SF's Chinatown, the tax rate is nearly 9%. There is no way I return 9% of what I buy. In Chinatown, I mostly buy restaurant food.

                    Your logic is twisted. It's enough that just one single expensive product (as a computer or LCD TV) be defective to destroy any saving in waived taxes for a very long time. It's also very easy to move/rename the shop when no taxes are applied, so the seller just harvester the clients until he/she burns his reputation, and then just open another shop and starts again.

                    (been there, saw that - #paraguayFeeligns)

                    The only class of products that worths cheating taxes are food, consumables and cheap and disposable

                    • The only class of products that worths cheating taxes are food, consumables and cheap and disposable gadgets

                      ... which is exactly what is for sale in Chinatown.

            • by DarkOx ( 621550 ) on Sunday January 12, 2014 @05:18AM (#45931059) Journal

              a couple things. Handling cash costs retailers money too. Might not impact smaller ones as much but box stores and like it makes a difference. Cash transactions take longer, so they need more checkers, it takes longer to get cash to the bank do they lose interest. Assistant managers often still hourly have to count it, and they usually need an armored car service to come pick it up, and it increases theft risks.

              For bigger retailers the swipe fees can be a bargain. It's been proven over and over again customers spend more when they don't have to think about how much cash they have on them too. As an individual I like the fees too, I can track what I spend on my card so I never pay any interest, yet I still get the cash back awards and points which part of the swipe fee pay for.

              As the merchant agreements usually force places not to discount cash, it's like a tax I get to charge. As others have pointed out the cards provide useful consumer protections as well.

              Everybody wins except the folks who can't keeps and track receipts and get surprised with a bill they can't afford at months end or the folks who have messed up so bad they can't get a card

              • by mjwx ( 966435 )

                a couple things. Handling cash costs retailers money too. Might not impact smaller ones as much but box stores and like it makes a difference. Cash transactions take longer, so they need more checkers, it takes longer to get cash to the bank do they lose interest. Assistant managers often still hourly have to count it, and they usually need an armored car service to come pick it up, and it increases theft risks.

                You've never run a business.

                I'm not asking, I'm telling because I ran a business and Merchant Service Fees were higher than my staffing costs or my utility bills. Sometimes they were even higher than my rent.

                If you honestly think cash is more expensive than credit to accept, you've never seen the figures.

                Add to this that electronic transactions can take several days to go through (this is due to the bank interchange system, so switching banks doesn't help), if you're a business that has to buy stuf

                • by DarkOx ( 621550 )

                  I have seen the numbers actually for a major nation wide retail chain; from an activity based costing perspective.

                  I know for a fact the average ticket total is always larger when the tender type is credit. I never said cash handling cost more than credit processing fees and the associated IT infrastructure to support it, just that cash handling was by no means without cost.

                  Retailers participate in these contracts because they represent a net win. At least the big ones understand perfectly well both the co

                  • Which is why the interchange rates for "big box" retailers are much lower than for other merchants. Interchange rates should be based on the actual transaction costs now rather than the transaction costs when credit cards were manually processed with knuckle busters.

                    Smaller merchants subsidize purchases at the "big box" stores.

                  • by mjwx ( 966435 )

                    I have seen the numbers actually for a major nation wide retail chain; from an activity based costing perspective.

                    And here's where you're lying.

                    Because beyond running my own business I've seen the MSF (Merchant Service Fee) costs for several fuel supply companies (we're talking multinationals here).

                    The costs on accepting credit cards are insane, staff costs are about half of what they pay in MSF's.

                    I used to run a PC hardware supply business. My shop front cost me $580 per week in rent, my 3% merchant service fee (a very average MSF) meant that if I did 25,000 turnover in a week, which was not common, but somet

              • by DogDude ( 805747 )
                Cash transactions take longer, so they need more checkers, it takes longer to get cash to the bank do they lose interest.

                Sorry, none of this is true. Cash takes the same amount of time as credit/debit, sometimes less. Cash gets to the bank immediately, credit cards/debit cards take 2-3 days. Credit/debit costs about 2-3%. Cash doesn't cost anywhere near that amount. If the business is using a credit union, the cost of accepting cash is near 0%.
                • Cash gets to the bank immediately, credit cards/debit cards take 2-3 days.

                  Really? There is a magic pneumatic tube from the cash register to the bank and the cash requires no additional handling between purchase and deposit? Wow.

            • by gl4ss ( 559668 )

              somehow you don't seem to be grasping the cost of doing business going directly to the price... but here's the real kicker here: you and every other US customer is paying the price for this data breach shit of massive scale.

              anyhow, the real problem is the shit enforcing of the rules about them. you see, when you start processing credit card data you agree to certain rules about how to handle it...

              of course, that the US version of credit cards is from the early '80s or so doesn't really help. but who is goin

          • Then you had damned well be using a credit card. If you're using cash and not getting the benefits provided by most major credit cards, you're the one getting screwed, not me.
      • If you are getting screwed with credit cards, there is a strong possiblity that youre making poor choices (like not paying your bill in full each month).

    • yeah, we don't immediately have to pay for it, the cost is just spread out to everybody over the next year or so

      • Visa doesnt charge consumers a dime to use their cards, so Im not clear how those costs are being spread.

        • by DogDude ( 805747 )
          Visa doesnt charge consumers a dime to use their cards, so Im not clear how those costs are being spread.

          Are you kidding?
        • by lgw ( 121541 )

          Prices everywhere reflect the Visa tax, and would be lower without it. Money well spent for the fraud protection, IMO, but it's still a real cost. There's really no difference between a fee/tax/whatever that most merchants pay, or the the customer pays directly - either way the price is higher.

    • by Mitreya ( 579078 ) <mitreya.gmail@com> on Sunday January 12, 2014 @02:46AM (#45930763)

      That's the thing about CREDIT cards, the customer generally doesn't take the financial fall for fraud.

      Maybe not, but Visa/Mastercard might just pass the pain onto the retailers.
      My dad runs a small business, and usually if there is any problem with a credit card charge, Visa/MC will extract money back from him in a blink of an eye.

      • by Frosty Piss ( 770223 ) * on Sunday January 12, 2014 @02:49AM (#45930771)

        My dad runs a small business, and usually if there is any problem with a credit card charge, Visa/MC will extract money back from him in a blink of an eye.

        What kind of "problem" would that be? If your father is not providing adequate customer service such that customers seek redress from their credit card company, maybe the problem isn't the credit card?

        • by Mitreya ( 579078 ) <mitreya.gmail@com> on Sunday January 12, 2014 @03:58AM (#45930917)

          What kind of "problem" would that be? If your father is not providing adequate customer service such that customers seek redress from their credit card company, maybe the problem isn't the credit card?

          Do I have to spell it out for you? "Credit card owner called and they do not recognize the charge because their card was stolen" qualifies as a charge-back problem. And because the items are sent within a day or two, it will often happen after the purchase has already been sent.

          The point is -- just because you, as a consumer, do not have to pay the costs of stolen credit cards, do not assume that a faceless credit-card corporation will eat these costs. In reality, it will not.

          • by chihowa ( 366380 ) *

            So... the retailer is accepting stolen cards. How else would they expect that to play out?
            You never get to keep stolen property, even if you pay for it in good faith. Why would the retailer get to profit from a fraudulent transaction? This is an avoidable situation, especially with mail-order items. Only ship to the billing address of the card and you'll cut these events down to a tiny number.

            Now I agree that the credit card system is extremely poorly set up, but almost every situation that results in a mer

            • "Now I agree that the credit card system is extremely poorly set up, but almost every situation that results in a merchant chargeback can be traced to poor behavior on the merchant's part (not verifying the cardholder's ID, not addressing the customer's complaints, etc)."

              I can't speak to brick and mortar...however:

              I run an online business (I'm not gonna pimp it here), and we deal with virtual goods. We have a paypal dispute probably once a week if not more. Customers who either legitimately don't want the p

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          My dad runs a small business, and usually if there is any problem with a credit card charge, Visa/MC will extract money back from him in a blink of an eye.

          By brother ran a small business, a fast food restaurant. These kinds of complaints arise more often than you think.

          Once a customer ate his meal, complained, asked for a refund (which was met with an offer of more food, but not a return of the charge), and called his credit card company to have the transaction reversed. It was. As a small retailer, there's precious little recourse. The card company will typically take any customer complaint over the shop owner's defense.

          What kind of "problem" would that be? If your father is not providing adequate customer service such that customers seek redress from their credit card company, maybe the problem isn't the credit card?

          What kind of a statement is that?

        • At a gas station, I've seen numerous charge backs that are entirely customer's fault. For example, woman disputes credit card charges at pump because she sees two charges on one day. Come to find out after pulling pictures of vehicle and plate number, her it was her husband in his car. Or customer swipes his card at one pump, thinks card didn't process, drives to another pump swipes card again, then wonders why he has two charges.

    • Actually the merchants that accepted the transactions made on stolen cards, take the hit. Visa doesnt have any sort of risk in this business.

      • Actually the merchants that accepted the transactions made on stolen cards, take the hit. Visa doesnt have any sort of risk in this business.

        Exactly, but many of these same merchants would tell me to get fucked if it were not for the fact that the credit card company will back me on the refund.

      • I wonder were the stolen cards used to purchase online or in person. If they were used in person, They must have been used for small POS purchases like gas or fast food, which don't require even a signature. If they were used online, then a zip code should have been used to verify the billing address. Some gas stations also require the zip code. Also, I don't believe that the credit cards are even encoded with the 3 or 4 digit security code on the card, so it can't be read by an infected reader, and those c
    • by mjwx ( 966435 )

      That's the thing about CREDIT cards, the customer generally doesn't take the financial fall for fraud.

      The nice banks will certainly take it out of their bottom line. They'd never charge additional fees to recoup their loses.

      They'll certainly never make the merchant pay fees (which will get passed onto you in the form of higher prices.

    • by Monoman ( 8745 )

      In the long run the customer and/or the taxpayer pay.

    • by hawguy ( 1600213 )

      That's the thing about CREDIT cards, the customer generally doesn't take the financial fall for fraud.

      Actually, Visa doesn't take the risk -- the merchant accepting the card does. Visa charges back fraudulent purchases to the merchant that accepted the card.

      If Visa was taking on the risk, they'd have mandated smart credit cards by now.

  • by thesandbender ( 911391 ) on Sunday January 12, 2014 @02:48AM (#45930765)
    The primary justification for not overhauling the inherently weak credit card system in the US has been the cost to the retailers, banks and credit card processors. And there's some validity to this, upgrading the system would have a major impact everyone from the banks and large retailers on down the the mom and pops and the card holders themselves. However, the cost of continually cleaning up these messes is going to start adding up. It's time to accept the fact that the current system is horribly outdated and fix it (most retailers in Europe won't even accept chip-less us cards anymore).
    • by AK Marc ( 707885 ) on Sunday January 12, 2014 @03:09AM (#45930819)
      The "fix" is to hold the breaches responsible for every fraudulent charge and re-issued card. The stores store the numbers, often in violation of their agreements, and nobody cares. They should get sued for their negligence. When that happens some, nobody will want to store the card numbers (like they are supposed to), and breaches will net nothing more than customer names and addresses, at most.
      • by bill_mcgonigle ( 4333 ) * on Sunday January 12, 2014 @03:28AM (#45930855) Homepage Journal

        The "fix" is to hold the breaches responsible for every fraudulent charge and re-issued card.

        Not just the card itself, the bank's time and to send a letter, reissue all the cards, mail them.

        And then, I read earlier today, 140 million Americans are affected by the Target breach. Each of them with a current card that's getting cancelled has to go set up new automatic payments on their various autopay services, etc.

        Target should be giving them a concession, say $100 or so per person for all the time they'll waste.

        Now then, given acutal liability for their actions, Target would never assume such risk without getting an insurance policy to cover it. And the insurance company would have a squad of auditors in their IT center to scour the thing before they issued the policy.

        In the end, we'd wind up with the secure solution we're actual looking for. So the actual problem here is that corporations aren't held responsible for their negligence. Which is exactly why they form these big corporations in the first place.

        • Which is why, you shouldn't use pull autopay. You should use push auto pay.

          If the credit card companies want to be involved in auto-pay or one-click situations, they should bring their id/authentication out of the 1950s.

        • ...140 million Americans are affected by the Target breach.

          Half of all Americans shop at Target? That may be right, but it seems wrong.

        • 140 million Americans are affected by the Target breach.

          Surely not directly? Are they saying 2 of every 3 adult Americans shopped at a brick and mortar Target in December and used a credit card? I can vouch that I was one of those that did not.
          Are they saying everyone who has a Visa or Mastercard is "affected"? That number does seem pretty close to the number of adults with a visa or mastercard (estimated at well above half of the adult population but I couldn't find an exact number).

          • by Mr Krinkle ( 112489 ) on Sunday January 12, 2014 @11:43AM (#45932343) Homepage

            No, you missed the latest fun with target...

            They lied..
            The cards stolen weren't by someone intercepting CC numbers when used, They kept EVERYTHING in a linked database that was stolen. Name, address, phone number, multiple CC numbers etc. (they haven't said a db, but they said a source containing historic information. Maybe it was a flat file, but I'd hope not)
            The fact they lied repeatedly and that they kept this info makes it a LOT worse than the Sony breach in my mind.

            They should be very liable.

        • That insurance company's squad of auditors would be no more and no less effective than the PCI/DSS audit system.

          • That insurance company's squad of auditors would be no more and no less effective than the PCI/DSS audit system.

            I've sat across the table from a PCI auditor and told him, "no, we are not going to encrypt our passwords - they're hashed for a good reason" and had him give me a blank stare. Forgive me for not putting faith in the PCI system.

          • The PCI council thinks a WAF is sufficient to protect a vulnerable web application. So that's PCI compliance for you...and many companies don't even meet THAT compliance. If they fail at something this obvious/small imagine a system this big and complex..?

      • While I'm not arguing that they should not be held accountable, what you're proposing is not a "fix". The system should be designed so that they can't be negligent in the first place.
        • The system should be designed so that they can't be negligent in the first place.

          Since negligence includes failing to follow the system properly (and often does), this is not possible.

          • by Rich0 ( 548339 )

            The system should be designed so that they can't be negligent in the first place.

            Since negligence includes failing to follow the system properly (and often does), this is not possible.

            Sure it is - design the system so that if you don't follow it, transactions are impossible.

            It is fairly trivial to design a system such that a transaction is impossible without the card present and the card owner's authorization (two factor authentication). All data entering and leaving the card could be intercepted or recorded, and the most that could be done by an attacker would be to block the transaction (denial of service). The credentials required to authorize a transaction (one time only) would nev

          • by ceoyoyo ( 59147 )

            You miss his point. The system should be set up so that the retailer CAN'T compromise it. I don't live in the US. When I make an online credit card transaction, the retailer collects the number, then redirects me to a confirmation page from the card company. There I enter a password that the retailer never sees, and so cannot abuse.

            A credit card number should be useless without a second factor that is never known by anyone other than the customer and the card issuer.

      • But the card number does not have to be stored for it to be vulnerable. They could also capture the data in transit. If you can get access to a database, its pretty reasonable that other things on these systems can be accessed such as memory and network interfaces where data is in transit. All you need is a monitoring program that records everything passing through the system.

        • by AK Marc ( 707885 )
          When it's encrypted end to end, that MITM won't do you much good. But when the systems assume secure dial-up lines, the information isn't very secure. There's no reason I need to know the number on the card to process is, so long as the bank agrees to pay the amount, based on the hash/communication with the cardholder.
    • Yes, we should use government issued IDs with biometrics to prove our identity with every transaction. It's the last link in the chain they haven't quite closed yet... well that and paper cash.

    • by eyenot ( 102141 )

      What impact? Mom and pops aren't in charge of how the banking system runs. The efforts required to fix the problem don't "scale down" -- it's all up at the top with the people who hate parting with their hoarded money.

    • How do I check if my card number is compromised?

      Does this affect only cards used in brick-and-mortar store cashier machines?

      • by Sponge Bath ( 413667 ) on Sunday January 12, 2014 @10:17AM (#45931961)

        How do I check if my card number is compromised?

        Add the digits of the CC number, multiply by the CSC then divide by the expiration month. Write that number on a piece of paper and fold it in half. Then check your CC statement to see if you shopped at Target or Neimen Marcus. If so, burn the paper. If the Eye of Sauron appears in the flames, you are OK. If not, you are compromised.

  • Is this the next false flag? We've already got just about everyone convinced that magic card numbers are "identity" And we've already convinced the public that breech of this "identity" somehow hurts the person identified (not the banks or retailers) and that the banks and retailers are being generous by helping us out of this mess when it happens. And on top of that? When it happens, we get "free credit monitoring services!"

    We're now seeing an avalanche of these types of breeches. What are they planni

    • by lxs ( 131946 )

      Put down the bong. Like the whole credit crisis this is the result of cutting corners to put short term profit over long term benefit. Steal a little here fudge a little there. It all works fine until the shit hits the fan. Domesticated monkey politics at its finest. It takes a crisis to get us off of our collective asses.

  • The companies don't wanna pay good money for real security, and they want to throw you behind bars if you go vigilante white-hat on them, so give up. I agree with another /.'er who stated yesterday about the news of the Australian white-hat kid: let 'em burn. If that means going cash, too, go cash.

    Keeping everything consolidated on just one card doesn't hurt, either. If it's a debit card you can coal-load it. When you need to make purchases, tally them up first and then go deposit the money you'll need. Cha

    • Have fun getting mugged.

      At least with credit your liability is generally zero.

      • by eyenot ( 102141 )

        > "Have fun getting mugged"

        Stupid on so many levels that I'm not even sure why you said it. Do you really go around your life worried that you're a target for mugging? Maybe you should put the fancy tablet away when you're hanging out in the ghetto. Honestly I don't know what to say to you, your response should be modded down for trolling.

        As far as the liability is concerned, who cares? You're still in purchasing limbo until you straighten out a new card. "Have fun" waiting for the mail to arrive and goi

      • by gweihir ( 88907 )

        But the mugger is bound to be a lot harder on you if you cannot give them cash. Your risk-model sucks.

    • by DamonHD ( 794830 )

      There are various virtual cards available on-line (I was CTO of one issuer) where you can create a new card with a new number with exactly the limit required for each transaction, eg if you don't trust the retailer fully.

      Rgds

      Damon

    • by gweihir ( 88907 )

      This is made worse by US banks trying to do this cheap, cheap, cheap. With my European card, I have gotten replacements for free and without asking for them 2 times now because they suspected something could be up. Cancellations are easy (mark it on a copy of the statement, send it back), and while the risk is with the vendor, they can use a processor that asks an additional password not found on the card ("verified by Visa", "Mastercard secure code"), which drives fraud nearly down to zero. In 14 years I h

  • It is not so difficult keeping hackers out. Sound security implementations, regularly independently and competently reviewed (no, I am not talking about pen-tests, these are borderline useless and can maybe help keeping the script-kiddies out) and fixed as soon as flaws are found are quite enough to drive the attacker-effort though the roof. Unfortunately, many clueless MBAs in "management" thing this is not needed. If you take into account that we are only hearing about the tip of the iceberg, things are r

    • It is not so difficult keeping hackers out. Sound security implementations, regularly independently and competently reviewed

      Yes. A system can be designed that is virtually impregnable when followed to the letter, but in systems involving implementation by humans, some genius will invariably skip a step that saves him 13 seconds of personal time.

      Foolproof is impossible, because just as soon as that level of assurance is reached, they make a little bit better fool.

  • It was probably just that lady trying to get her money back for the cookie recipe.

  • I was purchasing stock in a couple of smart card manufacturers.
  • One reason that you may not hear of these breaches in places outside the US is that many use PIN and CHIP cards that make it MUCH more difficult to use or steal the credit card numbers.

    Visa and MasterCard and Amex already use these outside the US... http://en.wikipedia.org/wiki/EMV [wikipedia.org] and they are supposed to be mandatory for the us in the next couple of years. Maybe the deployment should be expedited? For a standard that has been in wide use for over 15 years elsewhere, its about time that the US finally catches up....

    • by chihowa ( 366380 ) * on Sunday January 12, 2014 @11:37AM (#45932313)

      In the US, moving to this system would almost surely come with the banks relieving themselves of all liability for fraud. Since the EMV system is completely and totally secure (which, of course, it's not [wikipedia.org]), any charge must have been authorized by the cardholder and can't be disputed.

      The meager customer protections that exist for credit cards are a relic of the past. In the current US, there's no way a new system would make anyone with money hold any of the risk.

  • Just cut up the cards and go back to using cash. A simple solution that has a proven track record of not being able to be hacked.
    • by dkf ( 304284 )

      Just cut up the cards and go back to using cash. A simple solution that has a proven track record of not being able to be hacked.

      The methods of hacking cash-based systems are rather older, and tend to start with crimes like armed robbery.

  • ``The Chicago Tribune reports that "at least three other well-known U.S. retailers" suffered breaches this holiday season as well.''

    So how/why was the Tribune sworn to secrecy regarding the names of the other three companies that were hacked? They were ``well-known''. Well, gosh, thanks a pile for narrowing it down for us consumers. Now your readers have to wait until they discover themselves that they're a victim of these hacks.

    It doesn't surprise me one bit that the business-friendly Tribune would conc

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...