1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Debit/Credit Card Breach

Discussion in 'Random Discussion' started by angelize56, Jan 26, 2007.

Advertisement
  1. angelize56

    angelize56 Always remembered in our hearts Thread Starter

    Joined:
    Apr 17, 2002
    Messages:
    82,163
    Yesterday I received a letter from my credit union saying there had been a security breach in a merchant's Master Card information system...incluidng my debit card...but MasterCard would not tell them what merchant was involved! :rolleyes: That sure seems unfair to both my credit union and myself! :mad: I'd like to know what foolish system or people let my personal credit info slip out to God knows who! :mad: Found this article especially interesting...seems maybe some laws might have been broken by the merchant! (n) :mad:And I believe this is the company involved in my debit card! (n) The credit union is issuing me a new debit card and PIN number and keeping my old card valid through February 7th! Why not just shut down the card now! That's 12 more days I can now worry if my card will be used fraudulently! :rolleyes: :mad: I think hackers are immoral, disgusting, pathetic creatures! (n)

    Data breach at TJX leads to fraudulent card use
    The company has not said how many credit and debit card numbers were exposed


    Jaikumar Vijayan

    January 25, 2007 (Computerworld) -- Credit and debit cards that were compromised in the recently disclosed security breach at TJX Companies Inc. are being fraudulently used in several states in the U.S. and even overseas, the Massachusetts Bankers Association (MBA) said today.

    The association, which represents 205 banks in the commonwealth, said that the compromised cards have so far been used to make fraudulent purchases in Georgia, Florida, Louisiana, Hong Kong and Sweden.

    "TJX has not made clear the number of cards involved in the breach, but Massachusetts banks continue to receive information from the card companies about cards that have been exposed," the MBA said in a statement. To date, about 60 banks have reported on cards that were compromised in the breach. The number is expected to rise because fewer than half of the member banks have reported in so far.

    TJX last week disclosed that somebody had illegally accessed one of its systems and made off with card data belonging to an unspecified number of customers in the U.S., Canada, Puerto Rico, the U.K. and Ireland. The retailer, which owns chains such as TJ Maxx, Marshalls and Bob's Stores, didn't disclose the number of shoppers that may have been affected by the breach, which took place in May 2006 but wasn't discovered until last month. (GREAT SECUriTY!! (n) )

    "By not disclosing which firm caused the breach, or quickly disclosing it, consumers are needlessly troubled and might feel compelled to take unwarranted action if they're left in the dark," MBA CEO Daniel Forte said in the statement. As a result, it is crucial for credit card companies to identify the source of a breach and whether they should be held liable -- especially if the retailer was storing information in violation of the Payment Card Industry data security standard, he said.

    TJX itself has not disclosed specifically what sort of information was compromised. But the company appears to have been storing so-called Track 2 data taken from the magnetic stripe on the back of cards. Track 2 data includes account numbers, expiration dates and encrypted personal identification numbers, plus other information that card-issuing banks can include at their discretion.

    The storing of such data by retailers is specifically forbidden under PCI.

    http://www.computerworld.com/action...ArticleBasic&articleId=9009158&intsrc=hm_list
     
  2. angelize56

    angelize56 Always remembered in our hearts Thread Starter

    Joined:
    Apr 17, 2002
    Messages:
    82,163
    Seeing that TJX is the most recent in the news...I'm going to assume this is the one involved with my debit card...(n)

    Analyst: Banks Must Make Credit Card Accounts Useless To Data Thieves

    By Gregg Keizer

    InformationWeek

    Jan 24, 2007 03:23 PM

    The hack that chain retailer TJX disclosed last week demonstrates that banks must shoulder their share of responsibility and add protection to credit and debit cards, an analyst said Wednesday.

    "Banks must own up to this problem and change their payment systems so that, even if data is stolen, it is useless to thieves," says Avivah Litan, an analyst with Gartner.

    On Jan. 17, TJX -- which owns hundreds of T.J. Maxx and Marshalls department stores -- said that one or more hackers had broken into its computer network and made off with a still-to-be-determined number of customer records. Those records included credit and debit card account numbers, and in some cases names and driver's license numbers.[/B (n)

    The attack, says Litan, appears well-targeted. It's just the latest breach in a numbing round of data losses and thefts that stretch back to early 2005 and one more piece to the portfolios that sophisticated cybercrooks are assembling on consumers by stitching together data stolen by phishing, keylogging, bank and brokerage account takeovers, and retailer system hacks.

    "The attacks are getting much more orchestrated and better targeted," says Litan. "It's time to shift strategy. It's clear we can't count on the retailers to secure customer data.

    "Retail payment systems were not designed with security in mind. Hackers are finding the weakest links, especially among retailers that have the most sensitive data stored."


    It's unrealistic, says Litan, to expect the United States' 5 million retailers to all become experts in security and to change their back-end systems overnight to add security. Her solution? "Banks must own up to the problem and accept responsibility."

    One U.S. bank that Litan would not name but said was "very large" will add one-time password to its debit cards this year, the first major American move in that direction. "I think there's a 70% likelihood that banks will adopt one-time passwords for Internet transactions in 2008," she predicts. "Once the infrastructure is out there, it'll start gradually moving to point-of-sale."

    TJX has not released any new details about the break-in since the original disclosure, but Litan's sources have told her that investigators are "close to finding" the hacker. "They'll figure it all out eventually." :rolleyes:

    http://www.informationweek.com/news/showArticle.jhtml?articleID=197000263
     
  3. johnnyburst79

    johnnyburst79

    Joined:
    Aug 16, 2005
    Messages:
    4,560
    Another reason not to use credit cards...I pay cash as much as possible.
     
  4. poochee

    poochee

    Joined:
    Aug 21, 2004
    Messages:
    124,720
    Angel, I happened to call my MC card yesterday to check on a credit. After discussing that business the customer service person told me about this, and we canceled my CC and a new one is being issued. She zeroed in on whether I had used it at one of the stores first. I hadn't. There is a Marshalls up the street from me but haven't been there for a long time. I haven't heard from my Credit Union yet. Suggestion: Can you take enough money out for a couple weeks and just have them cancel it right away? My Credit Union did that for me the last time it happened. I'm going to call my CU and see if they know about it.
     
  5. angelize56

    angelize56 Always remembered in our hearts Thread Starter

    Joined:
    Apr 17, 2002
    Messages:
    82,163
    That's my plan as soon as I get offline...we think alike! :)
     
  6. poochee

    poochee

    Joined:
    Aug 21, 2004
    Messages:
    124,720
    Now that I think of it, my debit card is Visa. I am going to call anyway.

    I have started carrying a $100 dollars with me. I used to just carry a $20. Sad isn't it?
     
  7. poochee

    poochee

    Joined:
    Aug 21, 2004
    Messages:
    124,720
    :) (y)
     
  8. angelize56

    angelize56 Always remembered in our hearts Thread Starter

    Joined:
    Apr 17, 2002
    Messages:
    82,163
    I called my credit union...the card will be cancelled tomorrow! I was told they aren't sure who the offending merchant is...that 700 debit/credit cards were affected in my credit union here in town...many by employees of the credit union! :eek: I guess this means a lot of their employees must shop at the same store! ;) I still think it's T J Maxx! Oh..I asked about the personal info...they said not to worry about any other credit cards because of this...does anyone agree with that???
     
  9. angelize56

    angelize56 Always remembered in our hearts Thread Starter

    Joined:
    Apr 17, 2002
    Messages:
    82,163
    More on the T J Maxx fiasco! :rolleyes:

    Fraud linked to TJX data heist spreads

    Robert Lemos, SecurityFocus 2007-01-26

    Banks and retailers in the United States and Canada have begun to report an increasing amount of illicit transactions thought to be linked to the server breach announced last week by the TJX Companies, the commercial giant that owns retail chains in the U.S., Canada and Europe.

    Last week, the TJX Companies announced that the firm had suffered an unauthorized intrusion into its "computer systems that process and store information related to customer transactions." TJX declined to mention the scope of its breach, but said that the unauthorized intruder accessed TJX's computer systems for its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico, and its Winners and HomeSense stores in Canada.

    In Vermont, one bank had to reissue cards to 1,600 customers because of the compromise, according to the Associated Press. In Canada, thousands of customer who shopped at Winners and HomeSense stores have become the victims of fraud, according to news reports.

    http://www.securityfocus.com/news/11438
     
  10. angelize56

    angelize56 Always remembered in our hearts Thread Starter

    Joined:
    Apr 17, 2002
    Messages:
    82,163
    I went to the StolenID Search site...but I sure don't want to enter my SS# there! :eek: You think this is legit???

    Free check offered for stolen information

    Published: 2007-01-24

    Identity-security firm TrustedID announced a free service on Tuesday that allows consumers to find out whether their credit-card or Social Security numbers have been stolen.

    The service, StolenID Search, enables anyone to search through a database of 2.3 million account numbers that TrustedID and other companies have found online. The information is available online, but not necessarily searchable through other search engines, the company stated.

    "The knowledge that your information has been compromised can be critically important in preventing identity theft," Scott Mitic, CEO and founder of TrustedID, said in a statement announcing the service. "The key is to find out about the compromise before the information is used to perpetrate a crime. Often, individuals are not even aware that their information has been breached, or that the breach may be ongoing."

    http://www.securityfocus.com/brief/415
     
  11. angelize56

    angelize56 Always remembered in our hearts Thread Starter

    Joined:
    Apr 17, 2002
    Messages:
    82,163
    From StolenID's site:

    About Us

    StolenID Search is a free service that tells you if your personal information has been stolen or compromised. With our easy–to–use search engine, you can search more than two million pieces of compromised personal information—credit card and social security numbers—to see if your information has been misused.

    StolenID Search is offered by TrustedID, a leading provider of innovative consumer tools and solutions to prevent identity theft. TrustedID was founded with the mission of giving individuals control over their personal information and who has access to that information. TrustedID’s products are available to consumers through leading financial institutions and consumer brands, as well as directly through the TrustedID.com website.

    TrustedID is based in Redwood City, California. The company’s market–leading products have been featured in The Wall Street Journal, The New York Times, Time Magazine, CNN Money and other leading publications. Find out more about TrustedID and its management team.


    https://www.stolenidsearch.com/about/
     
  12. poochee

    poochee

    Joined:
    Aug 21, 2004
    Messages:
    124,720
    I called both of my other card companies. Visa and MC. Neither had a problem. If it makes you feel better go ahead and check them.
     
  13. poochee

    poochee

    Joined:
    Aug 21, 2004
    Messages:
    124,720
    I won't put any of my personal info on the net. You might consider posting this in the Identity Theft Thread.
     
  14. hewee

    hewee

    Joined:
    Oct 26, 2001
    Messages:
    57,791
    Wow it took them 6 months to even find out they was hacked and then they try to hide what happen.
     
  15. coderitr

    coderitr

    Joined:
    Oct 12, 2003
    Messages:
    3,015
    While the court of public opinion carries a provebial big stick, there is no legal requirement for companies to secure their databases. The PCI compliance is something that is being forced upon businesses by VISA. Last I checked, VISA was not a legislative body but they hold enormous influence over retailers because they can and will refuse to authorize transactions from merchants who do not comply with their heavy handed demands.

    Some credit card information MUST be stored by merchants. Otherwise, they cannot settle transactions (an authorization is obtained at the point of sale -- a settlement or reconciliation is required before any money is exchanged. This settlement is usually done on the back end at the home office of the merchant so that all stores are reconciled at the same time.) Retailers must also have the ability to research transaction data and determine if an authorization was obtained fraudelently if/when a customer challenges a transaction with that company.

    There will never be perfect security in the information technology world. We work diligently to protect our resources but the customer must also be vigilant. It is not all the fault of one company when a break-in like this occurs.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Short URL to this thread: https://techguy.org/538580

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice