• Menu
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Before Header

  • About Us
  • Lexicon
  • Contact Us
  • Our Store
  • ↑
  • ↓
  • ←
  • →

Balloon Juice

Come for the politics, stay for the snark.

You are so fucked. Still, I wish you the best of luck.

Within six months Twitter will be fully self-driving.

If you tweet it in all caps, that makes it true!

When we show up, we win.

The truth is, these are not very bright guys, and things got out of hand.

… pundit janitors mopping up after the gop

The media handbook says “controversial” is the most negative description that can be used for a Republican.

Accountability, motherfuckers.

Our job is not to persuade republicans but to defeat them.

Come on, media. you have one job. start doing it.

Conservatism: there are people the law protects but does not bind and others who the law binds but does not protect.

Roe isn’t about choice, it’s about freedom.

This must be what justice looks like, not vengeful, just peaceful exuberance.

Putting aside our relentless self-interest because the moral imperative is crystal clear.

Chutkan laughs. Lauro sits back down.

This blog will pay for itself.

Republicans seem to think life begins at the candlelight dinner the night before.

Something needs to be done about our bogus SCOTUS.

Relentless negativity is not a sign that you are more realistic.

But frankly mr. cole, I’ll be happier when you get back to telling us to go fuck ourselves.

Everything is totally normal and fine!!!

Let’s not be the monsters we hate.

They love authoritarianism, but only when they get to be the authoritarians.

At some point, the ability to learn is a factor of character, not IQ.

Mobile Menu

  • Four Directions Montana
  • Donate with Venmo, Zelle & PayPal
  • Site Feedback
  • War in Ukraine
  • Submit Photos to On the Road
  • Politics
  • On The Road
  • Open Threads
  • Topics
  • COVID-19 Coronavirus
  • Authors
  • About Us
  • Contact Us
  • Lexicon
  • Our Store
  • Politics
  • Open Threads
  • 2024 Elections
  • Garden Chats
  • On The Road
  • Targeted Fundraising!
You are here: Home / Target’s Big Problem

Target’s Big Problem

by $8 blue check mistermix|  December 22, 20139:27 am| 88 Comments

This post is in: Jump! You Fuckers!

FacebookTweetEmail

This Target data breach is exposing some of the laziness, laxity and lies of our credit card oligopoly.

First, as Kevin Drum points out, if we had Chip and PIN in the US, Target and banks would be in much less trouble, because you need a smartcard chip and the user’s PIN to complete a transaction using the standard most other first world countries use.

Second: I have a Target Red Card, their store card, and I used it a couple of times during the breach period. Now that Target has enough call capacity to actually answer the Red Card fraud line, rather than having it just give a fast busy signal, the first thing they are eager to point out is what the credit card industry would rather obfuscate: “You have zero liability for any charges you didn’t make.” Over the past decade there have been lots of scary commercials from businesses trying to sell identity theft protection. Some of those products are from banks that issue credit cards. People watching those commercials might think that they’re in trouble if their credit card is stolen and it is used by the thief. Though they’re probably in for a big hassle, in the end the bank and card companies are liable for the transaction. That’s part of the deal with interchange, the 2-3% that banks and card companies charge retailers for every credit card transaction.

Of course, banks are now limiting transactions on accounts used at Target to cap their liability, which is another huge hassle, but I’d cut up that card and use a different one if my bank did that. They make billions of dollars of easy profits from interchange and interest on credit cards, so fuck ’em if they can’t secure the product that they’re jamming down our throats.

FacebookTweetEmail
Previous Post: « Friday Weekend Recipe Exchange: Christmas Eve Party
Next Post: Press the Meat to Shitcan Dancing Dave? »

Reader Interactions

88Comments

  1. 1.

    evap

    December 22, 2013 at 9:31 am

    The U.S. really needs to adopt chip-and-pin cards. Maybe if the banks lose enough money from fraud, they will invest in changing the system. It’s getting harder and harder to use U.S.-style credit cards in Europe, and it is impossible to use automatic ticket machines in France and Germany without a chip-and-pin card. Very annoying.

  2. 2.

    Nunca el Jefe

    December 22, 2013 at 9:35 am

    The 2-3% is probably just viewed as the angel’s cut; it wouldn’t surprise me at all to learn that there are a sizable number of execs in that industry that really do, deep down in their wallets, think that we should pay more for protection. It’s an old scam.

  3. 3.

    catclub

    December 22, 2013 at 9:36 am

    I found two chip and pin card issuers in the US. One is expensive and the other is a Credit Union in Maryland, presumably near where diplomats and military bank. So you could get one for travel.

  4. 4.

    aimai

    December 22, 2013 at 9:39 am

    Its getting hard to travel without a better CC system as European places don’t like to take our lousy cards. In addition I had something really awful happen to me while I was travelling in Turkey a few years ago and trying to pay my hotel bill. My card had been canceled and a new one reissued–but while I was traveling. Why? When I got ahold of the company they told me that all the cards of everyone in a certain zip code were replaced because: reasons. Since they sent everyone a new card and a quasi explanation they weren’t worried about what would happen to somone who was not home to get the unexpected new card and not able to access it.

  5. 5.

    Cassidy

    December 22, 2013 at 9:43 am

    Good thing the NSA wasn’t involved. This place would be apocalyptic.

  6. 6.

    BBA

    December 22, 2013 at 9:44 am

    I refer to chip cards as “metric credit cards” because they’re used everywhere but the US.

    All the networks have announced a switchover by 2017 or so. I’ve managed to convert a couple of my cards to chip-and-signature, but there are still very few chip readers in the US so unless I’m abroad I usually have to swipe the things.

  7. 7.

    srv

    December 22, 2013 at 9:47 am

    This is just another liberal plot to add another anchor around small businessmens’ necks and be more like the French.

    If you want your CC transactions to be secure, move to Paris. Here in America, we have freedom.

  8. 8.

    Villago Delenda Est

    December 22, 2013 at 9:51 am

    These assholes need to be regulated to the extent that their executives cannot visit a rest room without prior approval from a GS-4.

    They are that in need of regulation, because they are so lazy and greedy and think “fiduciary responsibility” means “all the money that flows into this place is MINE, MINE, MINE!”

  9. 9.

    OzarkHillbilly

    December 22, 2013 at 9:53 am

    “You have zero liability for any charges you didn’t make.”

    Hence I never use my debit card when ordering stuff online.

    It has always been my inviolate (but not necessarily legal) policy to never pay a bill I did not receive goods or services for, or cover a check that was not personally written by me. Because of this (and a stolen identity, and an ex-wife who played fast and loose with my SS# as well as a closed checking account) I have at various times been threatened with everything from penury, to leg breakings (no kidding, my lawyer said that agency was all ex-cops), to jail time. My response has always been, “Go fug yourself.”

    So far I’ve never been sued and have managed to remain out of jail. Also, in the years since my divorce, I have managed to repair my shredded credit rating quite well. My ex on the other hand is doing 7 years in Chillicothe.

    Your mileage may vary.

  10. 10.

    Baud

    December 22, 2013 at 9:53 am

    I blame Snowden and Obamacare.

  11. 11.

    WaterGIrl

    December 22, 2013 at 9:54 am

    How would chip and pin help if the credit cards were used over the phone?

  12. 12.

    Betty Cracker

    December 22, 2013 at 9:54 am

    I had to go through our accounts to make sure we didn’t buy anything from Target during the breach period. We didn’t. But I’d damn sure tell my bank to cram it if they tried to cap liability. Greedy fuckers.

  13. 13.

    Tumbrel for Hire

    December 22, 2013 at 9:56 am

    Chip and pin? Pshaw. If these lazy consumers would just show some personal responsibility and solve their credit problems with usurious payday loans or reverse mortgages the engine of business could finally be free from restraint.

  14. 14.

    Baud

    December 22, 2013 at 9:56 am

    So maybe making your trademark a big red bullseye wasn’t such a great idea.

  15. 15.

    KyCole

    December 22, 2013 at 9:58 am

    I used my credit card during that period. Friday I went to my bank, and they’re going to give me a new one. After the new one arrives, they’ll cancel the old one. With on-line banking its easy to see if I’ve been hacked, but better to be safe. Fortunately I didn’t use my debit card.

  16. 16.

    Villago Delenda Est

    December 22, 2013 at 10:00 am

    @Baud:

    Well, it appears it marked the spot for some hackers looking to score.

  17. 17.

    Villago Delenda Est

    December 22, 2013 at 10:02 am

    I think the biggest problem with chip-and-pin systems is that they…

    ….wait for it…

    …cut into short term profit, which is the only profit an MBA knows about.

  18. 18.

    JPL

    December 22, 2013 at 10:03 am

    The only way the banks will change is if it were paid for, by our tax dollars. Unfortunately few, in our society, realize who the real welfare queens are.
    I went to Target the twenty-fifth of November. Even though it is outside the dates identified, I’m still keeping an eye on the account.

  19. 19.

    Tokyokie

    December 22, 2013 at 10:05 am

    When I’ve traveled abroad, which I haven’t done in a few years, I’ve carried just enough foreign currency to last me about a day. The exchange rates an individual banking customer gets from a U.S. bank are terrible, in large part because those are not transactions they normally conduct. (I think I had to wait a week or so to get the Swiss francs I’d requested. The only places between the coasts where one can reliably get foreign currency are the currency exchanges in the major airports, and those places have the worst rates of anybody.) However, before U.S. banks started tacking on fees for foreign-ATM transactions, the best way to get foreign currency was to use an ATM, because that way, your transaction is bundled in with the bank’s bulk transactions, and you get a much more favorable rate. But I guess I’ll have to check out that credit union in Maryland. Does anybody know whether one gets a chip and PIN card if they were to open an account with a U.S. branch of a European-based bank?

  20. 20.

    debit

    December 22, 2013 at 10:08 am

    I used my debit card on December 9th. No weird activity on my account, but I did expect using my card to possibly be difficult for large purchases. And yet I was not prevented from spending a very large amount of money on a new bike yesterday.

  21. 21.

    Jay in Oregon

    December 22, 2013 at 10:11 am

    @aimai:
    Ugh, I got an email from my bank yesterday stating that my debit card was used during the period covered by the breach, and I’m flying out-of-state to Arizona for the holidays today.

    I don’t want them to decide that my card number is being abused. Should I call my bank and let them know, or just use my credit card this week and pay it off when I get home?

  22. 22.

    Bill E Pilgrim

    December 22, 2013 at 10:17 am

    @srv:

    If you want your CC transactions to be secure, move to Paris.

    The problem is that you still have American cards. So now you live somewhere where only your French cards work in many places. Machines, mainly. And occasionally you want to use a US card for various reasons, shuffling things around.

    Realizing you were snarking but just saying, even that doesn’t solve it entirely. Just seconding/thirding/fourthing the idea that the US needs to join the rest of the world here.

    It’s called a “flea” in French by the way. The chip. A puce. So people will look and say “ah, this card has no flea!”

  23. 23.

    Villago Delenda Est

    December 22, 2013 at 10:18 am

    A friend of mine was affected by this, and asked Target to replace his red card, and Target’s response was “sign up for this identity protection service.” No, I want a new red card. No new red card…no shop at Target!

  24. 24.

    Ultraviolet Thunder

    December 22, 2013 at 10:19 am

    @aimai:

    Its getting hard to travel without a better CC system as European places don’t like to take our lousy cards.

    I’ve been overseas twice this year for a total of 17 days. I had no trouble using Visa or Amex at hotels, restaurants or retailers. Even in smaller towns.
    The Chip/Pin cards are certainly more secure, but consider the massive capital outlay for infrastructure and training if we switched to it. Not to mention the backlash from occasional users who had to change their habits. Adoption in the US would have to be transitional, and support the legacy card types for continuity.
    The cost alone will prevent financial institutions from converting unless it makes a big difference to their bottom lines.

  25. 25.

    MattF

    December 22, 2013 at 10:19 am

    It does seem that the big weakness in current systems is for ‘physical’ transactions– point-of-sale terminals and ATMs, rather than online transactions. Is this the received wisdom on the subject or is it just a consequence of journalistic-narrative bullshit?

  26. 26.

    Ultraviolet Thunder

    December 22, 2013 at 10:22 am

    @Tokyokie:

    I can purchase Euros, MX Pesos and Canadian currency during business hours 2 miles from my house at competitive rates, from a Chase branch. I carry enough of all of those for a 2 week stay at all times. Because that happens. Just had a surprise 4 day trip to the TX/MX border, where I usually use cash for purchases.

  27. 27.

    Bill E Pilgrim

    December 22, 2013 at 10:26 am

    @Ultraviolet Thunder: For tourists it’s not bad. Where it comes up is things like metro tickets. You want to buy your monthly pass in the vending machine and can’t, so you have to stand in the long line. Stuff like that. Until you get a local bank account. Tolls also, I think more of them take swipe cards now but for years those didn’t work, had to have the chip.

    Supermarkets in the Netherlands by the way don’t take Visa or MC at all, for the most part. And certainly not Amex. I was stunned to discover there this year. Only local cards.

  28. 28.

    MattF

    December 22, 2013 at 10:31 am

    @Villago Delenda Est: About credit-card ID protection services.

    Several years ago I signed up for one of those services– but then noted, eventually, that there were times when I knew my credit score was being checked and never got a notification. So, I cancelled the service and resolved not to be fooled again. The postscript is that about six months ago I unexpectedly got a $400 credit in my CC account… It seems that there was a lawsuit– and it was found that the ID protection service was a complete fraud, and never did a thing for their customers. So, the bank refunded the money to all the people who had bought it.

    The one caution is that, over the years, you can end up spending a significant amount of money and not get anything in return. So, as ever: Buyer Beware.

  29. 29.

    Marc

    December 22, 2013 at 10:36 am

    Now that Target has enough call capacity to actually answer the Red Card fraud line, rather than having it just give a fast busy signal

    If only healthcare.gov were built with the speed, competence, and flexibility of the private sector!

  30. 30.

    Josie

    December 22, 2013 at 10:36 am

    i got an email from Chase Mastercard telling me to watch my account for spending I didn’t initiate. They also stated that I was not responsible for any charges but mine. If they see a sign of problems, they will notify me and issue a new card. I appreciated the notice.

    @Jay in Oregon: I would call and inform them of travel plans. I do that with Chase to avoid fraud alert calls. Some banks do notice out of state charges.

  31. 31.

    Ultraviolet Thunder

    December 22, 2013 at 10:37 am

    @Bill E Pilgrim:

    That’s interesting. I hadn’t thought about local businesses that might not want to pay the hefty fees to accept a ‘global’ card from the US.
    And local transportation is another case: primarily used by permanent residents so it’s configured for their payment preferences to the disadvantage of the casual out of town user.

    I used my Chase Visa at Target during the critical hacked period. I got an email from Chase saying basically ‘you have no liability for fraudulent charges’ and ‘watch your account activity and alert us of anything odd’. I thought that was a decent and honest response.

  32. 32.

    TaMara (BHF)

    December 22, 2013 at 10:40 am

    Target’s response to this has been abysmal. I don’t understand in this day and age how companies don’t understand how quickly they can trash customer confidence.

    I received an email from Target (and they’re saying it on their facebook page, too) that you don’t need to replace your debit, credit or red card, just monitor your accounts. What they don’t mention is the fact that these thieves often wait up to 6 mos, when they assume you’ve forgotten about the incident, to use the information.

    It cost me $5 to replace my debit card and I”m without for a week. And it will be a long time before I step into another Target – not be cause of the breach, but because they’ve been such assholes about the whole thing.

  33. 33.

    Ultraviolet Thunder

    December 22, 2013 at 10:44 am

    @MattF:

    We got talked into Life Lock, which turned out to be basically useless. We got some money back on that.

    I worked for Target Corp for 18 months about a decade ago. My sister works for them now. They’re a reasonably competent corporation and I expect them to handle this data breach well. I shop there infrequently and get annoyed at having to decline the offer of a RED card every time I make a purchase.
    Red in Spanish means net or network. Traveling in Mexico I was puzzled by all of the ATMs labeled RED until I figured that out.

  34. 34.

    Patrick

    December 22, 2013 at 10:45 am

    Darrell Issa is very concerned about the financial security of Americans. We have to admire all his hearings on ACA and its lack of security of its website. With that in mind, I am sure he will have hearings this very week on Target, the credit card industry and what have you. After all, he claims he is concerned about our financial security.

    But since it doesn’t involve the black guy, I won’t hold my breath.

    But I find it embarrassing that the rest of the western world have chip and pin, yet our credit card companies barely know what it is. I thought the free markets were the solver of all evils…

  35. 35.

    gbear

    December 22, 2013 at 10:52 am

    I shopped at Target during the hacked period. I’ve been checking my transactions via the card’s 1-800 number and there haven’t been any transactions that I don’t recongnize as my own. I needed to do some shopping at Target this weekend, but I thought the stores would be a crowded hassle after they announced that they’re giving every shopper 10% off on everything this weekend. I waited until 9:00pm on saturday night to go to the store, and it wasn’t bad at all (maybe no one wants to shop there any more). I stuck to items that were already on my list or that I use regularly (except for a couple of vanilla candles) and saved a few bucks.

    I should be getting my statement in a few days but I’ll be checking that 1-800 number every day until then. I may request a new card after the first of the year.

  36. 36.

    WaterGIrl

    December 22, 2013 at 10:57 am

    @Josie: @Jay in Oregon: Completely agree with Josie. It’s always best to call and let them know.

    My sister travels a lot, and when her bank tried to reach her with fraud alert questions, they always phoned the home number where she can’t possibly be reached while traveling. So of course they put a hold on her card! (She always phones to let them know when she travels now.)

  37. 37.

    Origuy

    December 22, 2013 at 10:59 am

    I didn’t have any trouble in Moscow with my American cards. Getting rubles out of the ATMs that are everywhere got a much better rate than exchanging dollars. I didn’t use credit cards as much as I would have in the US.

    I don’t think I used my cards at Target during the time in question. Keeping an eye on my account, though.

    ETA: I always call my bank before leaving the country now. Got stuck in Canada and changed to a 4-digit PIN because the ATM wouldn’t take a 5-digit one.

  38. 38.

    aimai

    December 22, 2013 at 11:02 am

    @Jay in Oregon: I don’t know what the right thing to do is. I still don’t know.

  39. 39.

    aimai

    December 22, 2013 at 11:03 am

    @WaterGIrl: But on this issue: I always let the banks know when and where I’m travelling. That was what was so irritating about the whole credit card closure/switcheroo. The office that handles that kind of thing does not check on anything with the office that handles putting the information on your card that you are, say, on a three week European/Asian trip and won’t even get the new card. They just don’t cross check.

  40. 40.

    cathyx

    December 22, 2013 at 11:09 am

    @srv: Good one.

  41. 41.

    Ultraviolet Thunder

    December 22, 2013 at 11:14 am

    @WaterGIrl:

    My sister travels a lot, and when her bank tried to reach her with fraud alert questions, they always phoned the home number where she can’t possibly be reached while traveling. So of course they put a hold on her card! (She always phones to let them know when she travels now.)

    I switched my contact phone number to my cell, since we rarely answer the land line. I was also able to set up my personal credit card for international use without notification because I travel frequently on short notice. This is riskier because someone in another country could fraudulently use your account and you wouldn’t be alerted.
    Now whenever I use a credit card to buy gas at the pump outside of my local home area (which is most of the time) I have to punch in my ZIP code for authorization. that seems like weak security since my name is on the card and a quick Google search would reveal my home address. Maybe the John Smiths of the world have an advantage there.

  42. 42.

    muricafukyea

    December 22, 2013 at 11:15 am

    Glorified reddit poster muckymux is now a credit card expert. Your argument is so dumb I’m not even going to point out the holes in it. Just ask any 14yo if you want to understand just how ill informed your ridiculous solution is.

  43. 43.

    Big Picture Pathologist

    December 22, 2013 at 11:19 am

    Could y’all consider never shopping at Target, breach or no breach? They may be slightly better than Walmart, but it ain’t by much.

  44. 44.

    Corner Stone

    December 22, 2013 at 11:20 am

    Maybe I missed it, but I didn’t see mistermix proposing a solution. Just agreeing that two factor security, like a huge chunk of the rest of the world already uses, might be a decent idea.

  45. 45.

    JPL

    December 22, 2013 at 11:22 am

    @Big Picture Pathologist: It’s not just Target, though. I’m surprised that Amazon hasn’t been hacked yet.

  46. 46.

    Corner Stone

    December 22, 2013 at 11:22 am

    My bank has just started doing a SafePass verification any time you want to login online. Even from a machine that has previously “registered” on their network. They didn’t say it was a result of this but it did coincidentally start right after Target’s issue.

  47. 47.

    Tokyokie

    December 22, 2013 at 11:25 am

    @Ultraviolet Thunder: I live up in Fort Worth and bank with Wells Fargo, and their foreign-currency exchange is pretty primitive, although I haven’t tried getting Mexican pesos. In the tourist areas of Mexico, you can usually get away with using U.S. currency, so I don’t anticipate it being a problem until our next trip to Europe. But I see Deutsche Bank has a couple of branches in Dallas; we may open an account there to facilitate European travel.

  48. 48.

    Tokyokie

    December 22, 2013 at 11:31 am

    @WaterGIrl: I let the credit union where I have a Visa know that we were going overseas and would be using it. They misinterpreted the message and cancelled the card. But at least they were apologetic afterward. I had to use my Amex instead, so it wasn’t a really big deal, just a bit of a surprise when an ATM in Florence rejected the card.

  49. 49.

    MD Rackham

    December 22, 2013 at 11:37 am

    The reason the banks offer the $0 liability for fraudulent charges is that fraud costs them nothing. It all gets pushed back to the merchants.

    As a merchant, if someone uses one those hacked Target cards with me and I ship the merchandise, I’m screwed. Why? Because sometime later I’ll be notified by the bank that what I thought was a valid transaction is now a “chargeback.” They take the full amount out of my bank account (not the amount-minus-fees that they originally deposited) along with a $30-$50 (depending on bank/card) “chargeback fee.”

    *That’s* the reason the banks don’t improve security or move to chip-and-pin (which is pretty thoroughly hacked, btw). Why spend that money when fraud doesn’t cost them anything, and in some cases may actually turn a profit? They still make their 2-3% transaction fee (plus other misc “network” fees) on the fraudulent transaction, and cover their support costs with the chargeback fee.

  50. 50.

    GHayduke (formerly lojasmo)

    December 22, 2013 at 11:38 am

    I haven’t shopped at target for several years. We stopped when we found out they donated to bigot Tom Emmer in his race against uber-mench Governor Mark Dayton.

    It’s probably been ten years since I shopped at Walmart.

    @muricafukyea:

    Derp.

  51. 51.

    Suzanne

    December 22, 2013 at 11:40 am

    My Chase debit card got essentially frozen yesterday. I found out when I tried to use it at IKEA to buy a big-girl bed for Spawn the Younger. There were multiple shoppers standing around going, “WTF?”. Mr. Suzanne called Chase and couldn’t get through, then he saw what was up on a news story on NBC. Had to run over to a branch and get cash, then return to the store. About three hours later, I finally got an email from Chase telling me what had happened. Total PITA.

    But nobody died. Perspective.

  52. 52.

    BlueNC

    December 22, 2013 at 11:40 am

    @catclub: @catclub:

    I have a chip-and-PIN card from USAA. There are also others.

  53. 53.

    BlueNC

    December 22, 2013 at 11:40 am

    @catclub: @catclub:

    I have a chip-and-PIN card from USAA. There are also others.

  54. 54.

    Nutella

    December 22, 2013 at 11:41 am

    Chip and pin is not a panacea. Those systems have been hacked.

    Chip and PIN cards are not foolproof; several vulnerabilities have been found and demonstrated, and there have been large-scale instances of fraudulent exploitation. In many cases banks have been reluctant to accept that their systems could be at fault and have refused to refund victims of what is arguably fraud

    link

    Successful attacks are listed here.

    Is chip and pin better than what we’ve got, though? I don’t know.

  55. 55.

    Patrick

    December 22, 2013 at 11:52 am

    @GHayduke (formerly lojasmo):

    I haven’t shopped at target for several years. We stopped when we found out they donated to bigot Tom Emmer in his race against uber-mench Governor Mark Dayton.

    I can’t understand why companies think this is a good idea. You alienate 50% of your customers and on top of that you paid money to do it. There are now numerous companies that are on my do not shop list because of they supported in 2012.

  56. 56.

    Ultraviolet Thunder

    December 22, 2013 at 11:57 am

    @GHayduke (formerly lojasmo):

    It’s probably been ten years since I shopped at Walmart.

    I’ve bought exactly one thing at Walmart: a pair of pants when I was sent out of the country without my luggage. I’d have shopped anywhere else but the hotel strongly cautioned that it was the only safe place for me to go alone. But that’s 375 Pesos that I wish I’d spent elsewhere. Fk the Waltons.

  57. 57.

    Peregrinus

    December 22, 2013 at 12:00 pm

    Peregrina got an email from Chase this morning on the subject, which freaked us out a bit. The email – what little of it I read over her shoulder while making breakfast – straight-out said that she was not liable for any charges she didn’t make and that they’d be mailing her a new card.

  58. 58.

    Robert Sneddon

    December 22, 2013 at 12:27 pm

    Chip and PIN is pretty much universal here in the UK. The banks love it because it makes charges of fraud by a customer more difficult to prove even if it did actually happen to them by, say, a family member using the card without their knowledge after obtaining the PIN. It still doesn’t help for internet and phone ordering, of course.

    Latest way-to-pay just coming in here is a debit card with a near-field radio which you “tap” to the receiver for small purchases to a limit of 20 quid ($30 US) a day. No signature or PIN entry needed as it’s expected that anyone who loses their card will notify the issuer within a day or two and get a stop put on it. The bank will swallow the losses up to that point. I expect the credit card companies will follow suit eventually.

  59. 59.

    Peregrinus

    December 22, 2013 at 12:36 pm

    @Robert Sneddon:

    The school I teach at uses that “tap” method for the students’ school cards on the vending machines. I can’t figure out how to get mine to work, but there it is.

  60. 60.

    Jamine Bleach

    December 22, 2013 at 12:43 pm

    @JPL:

    I stopped shopping at Target about 6 years ago, and try to avoid Amazon if possible.

    It was a rainy day and I walked from my car to the Target building between spurts of rain. I had an umbrella, which was rolled up and snapped shut because it wasn’t raining at that moment. I got into the building and walked past some workers handing out plastic bags for wet umbrellas. About 3 minutes later, security and one worker approached me in the aisles and demanded that I put my (dry) umbrella in a bag. I refused and told them I had not had it open in the rain and it was completely dry (and I showed them). They demanded (asked angrily) to put it in a bag again, and I refused, at which point I was escorted out of the store by security. Of course, as I was walked out I loudly let the store know I would never shop there again and what a gulag it was. Never have shopped there again. I figure Target is probably out selling a few hundred bucks a year of merchandise (maybe more) from that single incident. Probably a couple thousand bucks by now that other competitors got.

    Try to avoid Amazon as well.

  61. 61.

    Scout211

    December 22, 2013 at 12:59 pm

    If you are one of the affected card users, please read the blog krebsonsecurity.com. This is the guy who actually broke the story before Target announced it. There are several stories, most of them quite scary, about the security breach and the cards that are “flooding” the black market.

    I canceled my affected debit card the first day but my bank was taking an official “wait and see” approach in the beginning. They now will be sending new cards to everyone who was affected. It is a smallish regional bank and has only affected 3000 customers.

    I just read that many Chase bank branches will be open today since they put a limit on purchases for affected customers.

  62. 62.

    StringOnAStick

    December 22, 2013 at 1:08 pm

    @MD Rackham: OK, now that sucks. Just one more way to dump their costs of doing business onto the smaller, less politically-connected firms. How do small businesses survive with this chargeback crap? Oh; maybe that’s the point. My husband insists on writing “see ID” on all our cards; I notice that clerks in big stores rarely bother, but in smaller, locally owned and operated places they almost always do.

    I used to occasionally shop at Target, and then my BIL went to work there for awhile. Your job shouldn’t require anti-anxiety meds in order to deal with your OCD boss (who wouldn’t approve a transfer to a different store)or an amazingly paternalistic HR system ‘for excellence’ that, if you score above 95% will get you a whole $0.13/hour raise; thankfully he found a different job. Having to type in a new and unique set of specific goals for improving (1) your interactions with fellow “associates” and (2) with customers every 2 weeks seemed both insulting and big brotherish.

  63. 63.

    Villago Delenda Est

    December 22, 2013 at 1:09 pm

    @muricafukyea:

    Derp. Derp-Derp. Derp.

    DERP!

  64. 64.

    replicnt6

    December 22, 2013 at 1:13 pm

    If you think the 2%-3% vig covers loss from fraud, think again: the vendor who accepted the fraudulent transaction get hit with the loss. This is why the banks don’t give a shit, and we’re not going to get chip & pin anytime soon. That would cut into the issuers profits.

  65. 65.

    Ruckus

    December 22, 2013 at 1:14 pm

    @Ultraviolet Thunder:
    I do call BS here. Back a few years ago the law changed that the card reader had to encrypt the transaction, before it got to the cash register/computer. Many, many stores had to change their hardware, including mine. It wasn’t a big hassle and it made the entire transaction safer. Not as good as what the rest of the known world uses but better. The banks/card companies could have changed to chip/pin then but that would have cost them a few cents per customer and they wouldn’t spend that much with out guns pointed at them.

  66. 66.

    StringOnAStick

    December 22, 2013 at 1:17 pm

    I’d like to add that if you used Target during the affected period, you simply must cancel and get a new card, period. If your bank balks, get very, very pushy; change banks if you have to. Once your card number is out there, it simply isn’t worth the risk that now or 6 months from now it will be used by someone other than you; some banks will make you eat the fraudulent charges if you don’t notice it soon enough (in their opinion). This story is hot right now so Target and the banks involved will of course do the right thing; 6 months from now when it isn’t a hot story anymore, well maybe they won’t. Card thief rings are growing ever more sophisticated; don’t be in the vanguard of people who are about to find out the latest twist they’ve come up with.

  67. 67.

    elm

    December 22, 2013 at 1:22 pm

    The problem with chip & pin (they’re marketing it in the U.S. as EMV) is one of infrastructure. U.S. retailers don’t have card readers installed that will read the chip and U.S. merchant service providers don’t have the ability to interact with chipcards.

    I am curious to learn exactly how Target fucked up to allow this breach to happen. If they were following good PCI-DSS procedures, then this should not have happened — especially if they leaked CVV/CVC data.

    At a guess, some of their credit-card handling servers were taken over and were running data-snooping software of some sort (which captured it in the server and leaked it to the outside world). Those servers are supposed to be be locked down and isolated from the internet in order to prevent such occurrences.

  68. 68.

    Erin

    December 22, 2013 at 1:26 pm

    @MD Rackham:

    I’m glad you brought that up. After 17 years in mail order, I have to say – I’ve always had to cover the cost of transactions paid for with a stolen credit card.

    “Though they’re probably in for a big hassle, in the end the bank and card companies are liable for the transaction.”

    No – unless you ship to the verified billing address with signature confirmation – it is the merchant/retailer who is liable for the transaction. If the banks were on the hook for it, we’d have had chip and pin a long time ago.

  69. 69.

    Ruckus

    December 22, 2013 at 1:26 pm

    @MD Rackham:
    This.
    The banks/card co have the system rigged both coming and going. It is a pain in the ass to carry cash but that is the cheapest way to purchase anything. Not the easiest of course, because less money is made when you use cash. But you pay for the connivence of any card.

  70. 70.

    elm

    December 22, 2013 at 1:27 pm

    @JPL: The difference between Amazon and Target is that Amazon knows technology.

    That’s not to say that they are invulnerable — a dedicated-enough attacker could surely breach their systems — but a tech company is more challenging to hit than a brick & mortar retailer.

    Consider this: How many Computer Science PhDs does Amazon employ? How many does Target employ?

  71. 71.

    Ruckus

    December 22, 2013 at 1:31 pm

    @Nutella:
    Better is a relative word.
    Properly used chip and pin is safer. Much safer than plain card and signature. Debt card and pin is better than card and signature. Chip and pin makes the process better. But no system is foolproof. No lock is 100% secure. And given humans greedy side, never will be.

  72. 72.

    danielx

    December 22, 2013 at 1:44 pm

    @Erin:

    If the banks were on the hook for it, we’d have had chip and pin a long time ago.

    After watching the logrolling that went on to produce the bankruptcy “reform” legislation a few years back (a straight payoff to the CC industry in return for senatorial campaign donations), I have to doubt it. Converting to chip and pin would/will cost money, after all. If banks were on the hook for it, we’d have had laws to shift the liability to somebody else (like card users) a long time ago. Under the guise of some sort of consumer protection – the Consumer Advocacy Victory Excellency….Act – with the idea being that the proles are too dumb to look up the meaning of “caveat emptor”.

    No matter how cynical you become, it’s never enough to keep up. – Lily Tomlin

  73. 73.

    kc

    December 22, 2013 at 1:59 pm

    Why don’t hackers just target, say, Jaime Dimon? He’s got more money than all those Target cardholders put together . . .

  74. 74.

    Randy P

    December 22, 2013 at 2:06 pm

    I have a helluva time buying things from Europe, even over the internet. I assume this has to do with our non-chip credit cards but I think there might be something else broken between our banking system and the EU’s banking system.

    Most recently I was trying to send some Euros to somebody in Greece, and all the mechanisms she was recommending kept running into dead ends. For instance, TransferWise.com, which apparently is based in England, which can do dozens of different country/currency exchanges, informed me that they have not figured out how to offer a low-fee mechanism in dollars yet.

    You would have to make a SWIFT payment to us and this could cost you almost as much as you’re trying to send, depending on who you bank with. We are working very hard to simplify our operations in America but, right now, we are the wrong solution.

    Yet some vendors, such as French Amazon, can accept my U.S. debit card and I have managed to use it in person overseas (with mixed results, but sometimes it works) as well.

    It’s all very mysterious.

  75. 75.

    Ruckus

    December 22, 2013 at 2:06 pm

    @kc:
    Stealing a lot in one place gets you noticed. Stealing a little in a lot of places is less obvious.
    Could you ever steal enough to keep him and his friends from affording to find you? And if you did wouldn’t you then be a great target(no pun intended)?

  76. 76.

    Jebediah, RBG

    December 22, 2013 at 2:08 pm

    @Ruckus:

    But you pay for the connivence of any card.

    “Connivence” – perfectly appropriate wherever the conniving banking bastards are involved.

  77. 77.

    jehrler

    December 22, 2013 at 2:08 pm

    @Erin:

    And even if it isn’t a fraudulent transaction, but the customer doesn’t recognize it, you can wait a long, long time to get your money back from an incorrect chargeback.

    We drop ship for one of our dealers and they pay via credit card. We charged on Nov.1 and all was well and we shipped the product (several hundred dollars) to their customer. Their card got hacked and so they went to Citibank and got a new card and went through the list of charges with them. Despite them telling Citibank that our charge was ok, Citi goofed and we got a fraudulent chargeback on 11/17.

    We notified our dealer, they got Citi to confirm that they goofed and Citi said they would make it right. In the meantime, on 11/17 Citi re-charged our dealer.

    It is now 12/22 and we our out our goods, the shipping costs and the chargeback fee and no repayment in sight. But Citi has had our funds since 11/17. They get the float, the swipe fees and the chargeback fees and we got nothing but bills. Scum.

    We’ve been in business 13 years and this is our first chargeback and I really hope it is our last.

  78. 78.

    Ruckus

    December 22, 2013 at 2:11 pm

    @Jebediah, RBG:
    Auto correct strikes again! But at least this time gave me an even better word.

  79. 79.

    kc

    December 22, 2013 at 2:24 pm

    @Ruckus:

    That does make sense. This is why I haven’t turned to a life of crime . . . I’m not smart enough.

  80. 80.

    JoyfulA

    December 22, 2013 at 2:56 pm

    @GHayduke (formerly lojasmo): I haven’t shopped at Target since that campaign either.

    But then, I was never much of a Target shopper anyway; it seems like a prettier WalMart in its quality and selection.

  81. 81.

    pseudonymous in nc

    December 22, 2013 at 3:02 pm

    @Bill E Pilgrim:

    For tourists it’s not bad. Where it comes up is things like metro tickets. You want to buy your monthly pass in the vending machine and can’t, so you have to stand in the long line.

    Yeah, pain in the arse in London getting an Oyster card, but that’s very much a first world problem. And as others have said, Chip+PIN can alter the burden of proof for fraud in nasty ways.

    @elm:

    How many Computer Science PhDs does Amazon employ? How many does Target employ?

    Oh, that’s a false comparison. How many physical POS machines does Amazon have? I’m not saying that the physical/digital distinction is crucial — plenty of web stores have been hacked — but Amazon doesn’t have to maintain a physical payment infrastructure.

  82. 82.

    The Other Chuck

    December 22, 2013 at 3:11 pm

    Under “Reg E”, Debit cards have the same liability protections as credit cards. It’s just the matter of your account getting cleared out and frozen while they sort it out. Debit cards are far more popular in Europe, but they have chip and pin systems for those too. Yes, chip and pin is exploitable, but it at least requires an active attack, whereas here a stolen cc# is a commodity pretty much anyone can steal, sell, or use.

  83. 83.

    elm

    December 22, 2013 at 3:14 pm

    @pseudonymous in nc:

    How many Computer Science PhDs does Amazon employ? How many does Target employ?/blockquote>

    Oh, that’s a false comparison. How many physical POS machines does Amazon have? I’m not saying that the physical/digital distinction is crucial — plenty of web stores have been hacked — but Amazon doesn’t have to maintain a physical payment infrastructure.

    An attacker (probably) doesn’t steal 40M card numbers by attacking individual POS machines. There’s much better leverage in attacking 1-2 payment processing servers at the back-end.

    The distinction that I was making is that Amazon is a technology company that happens to do business in online retail. In addition to online retail, they offer streaming video, tablet computers, cloud computing, cloud storage, and a bunch of other tech offerings and services.

    As a company, Amazon is a lot more competent and capable of creating software and operating computing systems than retailers (online and offline).

  84. 84.

    pseudonymous in nc

    December 22, 2013 at 5:12 pm

    @elm:

    The distinction that I was making is that Amazon is a technology company that happens to do business in online retail.

    Well, maybe. It makes the comparison somewhat beside the point, because the infrastructure for card-present and card-not-present transactions is very different. Talking about how many comp-sci PhDs Amazon has on staff has nothing to bear on whether that talent could run a hacker-proof bricks-and-mortar operation. It smacks of dot-com utopianism.

  85. 85.

    elm

    December 22, 2013 at 7:11 pm

    @pseudonymous in nc:

    Talking about how many comp-sci PhDs Amazon has on staff has nothing to bear on whether that talent could run a hacker-proof bricks-and-mortar operation. It smacks of dot-com utopianism.

    Point taken, that really wasn’t what I was aiming for. In fact, I’m not even sure that I would trust a non-security-focused PhD to have much input on system security. Hubris is definitely a common and dangerous threat in that type of area.

    My claim was that a tech company has the means (though not nexessarily the motivation) to practice good info security and operations.

    I can assure you that I’m far from being a dotcom Utopian. My last decade of software development for software that handles credit cards has beaten all the optimism out of me (and I was a pessimist to start with).

  86. 86.

    Cervantes

    December 22, 2013 at 7:49 pm

    if they can’t secure the product that they’re jamming down our throats.

    Can you elaborate? What are they forcing on you?

  87. 87.

    Cervantes

    December 22, 2013 at 8:36 pm

    how many comp-sci PhDs Amazon has on staff

    Computer science is one thing — but it’s instructive to recall that Bezos hired so many people away from WalMart that he was sued by the latter for theft of trade secrets.

    Amazon’s warehouses, like WalMart’s, were and are hell-holes. Instead of paying for ventilation and air-conditioning, Bezos hired private ambulances to sit waiting, ready to cart away any employee who needed medical attention.

    We ought to think on that this holiday season, and every other season.

  88. 88.

    fuckwit

    December 22, 2013 at 10:09 pm

    I know everyone here loves to hate on Bitcoin, but this is one of the major advantages of Bitcoin. You NEVER give out your “credit card number” to any merchant. Ever. You just give them a transaction. They see your “address”, but that’s not an account number, just the number of one of maybe hundreds of addresses you might own which each have some amount of value on it, like having a wallet full of gift cards. Knowing that number does not make it possible (given that the encryption of the system is secure) for anyone to actually “withdraw” the money. You have to sign a transaction with the public key of that address in order to transfer the funds to anyone else’s address. That’s Bitcoin– the protocol– in a nutshell. I think it’s a fantastic system. Yes, I’m not happy that Bitcoin the currency/commodity is deflationary, and I recognize the economic and social/political problems that creates (essentially, it encourages centralization and hoarding of capital– the last fucking thing we need in todays’ world), but I’m very impressed with the protocol and think it could be put to good use. Avoiding credit card fraud like this is one of those uses. I think if someone adds demurrage and/or fractional reserve banking to Bitcoin (the protocol), it could be a great innovation and improve it a lot.

Comments are closed.

Primary Sidebar

Recent Comments

  • Martin on Righteous Rant Open Thread (Apr 15, 2024 @ 6:34pm)
  • WaterGirl on Righteous Rant Open Thread (Apr 15, 2024 @ 6:29pm)
  • Another Scott on Righteous Rant Open Thread (Apr 15, 2024 @ 6:25pm)
  • piratedan on Righteous Rant Open Thread (Apr 15, 2024 @ 6:20pm)
  • Kirk on Righteous Rant Open Thread (Apr 15, 2024 @ 6:20pm)

🎈Keep Balloon Juice Ad Free

Become a Balloon Juice Patreon
Donate with Venmo, Zelle or PayPal

Balloon Juice Posts

View by Topic
View by Author
View by Month & Year
View by Past Author

Balloon Juice Meetups!

All Meetups
Talk of Meetups – Meetup Planning
Proposed BJ meetups list from frosty

Fundraising 2023-24

Wis*Dems Supreme Court + SD-8
Virginia House Races
Four Directions – Montana
Worker Power AZ
Four Directions – Arizona
Four Directions – Nevada

Featuring

Medium Cool
Artists in Our Midst
Authors in Our Midst
Positive Climate News
War in Ukraine
Cole’s “Stories from the Road”
Classified Documents Primer

Calling All Jackals

Site Feedback
Nominate a Rotating Tag
Submit Photos to On the Road
Balloon Juice Mailing List Signup
Balloon Juice Anniversary (All Links)
Balloon Juice Anniversary (All Posts)

Fix Nyms with Apostrophes

Balloon Juice for Ukraine

Donate

Twitter / Spoutible

Balloon Juice (Spoutible)
WaterGirl (Spoutible)
TaMara (Spoutible)
John Cole
DougJ (aka NYT Pitchbot)
Betty Cracker
Tom Levenson
David Anderson
Major Major Major Major
ActualCitizensUnited

Political Action 2024

Postcard Writing Information

Balloon Juice for Four Directions AZ

Donate

Balloon Juice for Four Directions NV

Donate

Site Footer

Come for the politics, stay for the snark.

  • Facebook
  • RSS
  • Twitter
  • YouTube
  • Comment Policy
  • Our Authors
  • Blogroll
  • Our Artists
  • Privacy Policy

Copyright © 2024 Dev Balloon Juice · All Rights Reserved · Powered by BizBudding Inc

Share this ArticleLike this article? Email it to a friend!

Email sent!