PDA

View Full Version : Target Got Me


Gaki
12-22-2013, 02:57 PM
As much as I love Target as opposed to Wal Mart and other places like that, they got me. I go there probably three times in a YEAR because they're kinda out of my way. Unfortunately, as many of you probably heard, if you shopped at Target (In the U.S.) between Black Friday and December 16th: Guess what? Your card number has been stolen and you need to change your card and if you paid debit, get a new PIN, etc etc etc. Oh and God help you if you paid with a RED Card (Target's credit card).

Well. I went on the 9th to get some toys for Toys for Tots and an xmas gift for my Dad.

Awesome. My credit union has, at my request, made my card invalid and I'm back to writing checks and paying with the 60 dollars in cash I pulled out.

The biggest suck here isn't even with Target--it's with me! I cancelled my card on a Saturday night not realizing that I couldn't get another one issued by my CU until MONDAY at 8am. I only did so because I was going to check my account for any odd purchases but the system was "down for maintenance" and I got frustrated and just cancelled the card.

Well, at least the gas station takes checks... :lol:

TheSHAD0W
12-22-2013, 03:07 PM
I also made purchases at Target while their security was breached. So far I haven't noted any fraudulent activity on my card, but I'm keeping an eye out. I plan to have them issue a new card for me in January, when the clamor should have died down.

Cia
12-22-2013, 06:55 PM
Same here. I used my check card as a credit card so they didn't get my PIN number just the three digit number on the back that the CSR entered. I'm going to the ATM then I'll call and request a new number that way at least I'll have some cash while I wait the two weeks or so to get the new card.

Headset Hellion
12-22-2013, 08:21 PM
Even if your account has not been compromised, you should be receiving a replacement card with a different number as a security precaution. Keep an eye on your mail for anything from your bank/credit card company, and don't assume any unexpected envelopes are junk mail/sales solicitations.

fma_fanatic
12-22-2013, 08:32 PM
Is it the 16th? I've been seeing the 15th (http://www.cbsnews.com/news/target-confirms-massive-credit-debit-card-data-breach/) just about everywhere. I'm like Gaki, I don't shop at Target all that often, but they were the only place that had the Pecan Pie Pringles that I bought for a friend as part of her Christmas gift. I know she's a bit unhappy since she does shop there often.

I'm keeping an eye open, just in case. I went there on December 16th, but I may just request yet another card. It would be my 2nd one this year. Earlier a local grocery store was part of a giant hack that affected 2+ million people in the area and surrounding states (because they are in a few other states besides Missouri).

Ophbalance
12-22-2013, 09:28 PM
This will be third time this year on a card replacement. First time, the card just wore out and broke. Second my hosting company had all of their stored hashes and details compromised. Now, both mine AND the wife's card got hit with this target breech. Gah... yet again, I need to go through and change out cards. I am not a happy camper, and target's response is just insanely inappropriate.

Irving Patrick Freleigh
12-23-2013, 02:03 AM
I've shopped at Target during the times card data was supposedly stolen, but I'm a huge "cash is king" guy so no card-funded transactions. I double-checked after the news came out.

Have to imagine it's absolutely CRAZY with all the people affected and needing new cards.

Sunshine
12-23-2013, 03:19 AM
So far ive had two customers that got caught up in that. Scary stuff

Food Lady
12-23-2013, 07:15 AM
I'm not sure what to do. I only ever use my Target checkcard at Target to get the discount, or on the rare occasion, cash. My concern is that it's connected to a checking acct I can't close right now. I guess I'll have to log on and check it every day.

mathnerd
12-23-2013, 12:27 PM
I'm not sure what to do. I only ever use my Target checkcard at Target to get the discount, or on the rare occasion, cash. My concern is that it's connected to a checking acct I can't close right now. I guess I'll have to log on and check it every day.

Your bank should have some sort of procedure to close/reopen an account due to fraud, regardless of why you can't close the current account. One of the more boring parts of my old job at MajorBank was dealing with fraud closures. It was boring because it was so routine. The only thing we couldn't close an account through was government freezes.

Seshat
12-23-2013, 01:32 PM
and target's response is just insanely inappropriate.

Not a US resident: what's this insanely inappropriate response?
Inquiring minds want to know. :confused:

Gaki
12-23-2013, 02:00 PM
Not a US resident: what's this insanely inappropriate response?
Inquiring minds want to know. :confused:

They have refused to cancel all of the RED Cards as a precaution, have merely "announced" that 40 million accounts were stolen, and have advised that members monitor their accounts for fraudulent purchases and report them. They have not advised closing the RED Cards (Why would they? That's how they get customers coming back.) and have not provided enough customer service to keep the hordes happy. Even their seasonal amount of phone reps is not enough to handle the flood of phone calls to cancel RED Cards.

They've done a pretty horrible job of calming the masses and have made it really really really hard to cancel your RED Card. Some claim to have been on the phone on hold for over 45 minutes and then become disconnected.

But then...we all know about SC time.

Good news though: I was informed today by my Credit Union that they have set up a special channel for all of the members who have been affected by the Target thing and they automatically sent out new cards for me as opposed to me having to jump through hoops to try to get them! Woot! Apparently that is not a normal thing (auto cards) but if you happen to mention that you're part of the Target hack, they put through an automatic card reissue. :D

Irving Patrick Freleigh
12-23-2013, 03:29 PM
Monitor your accounts? If your data was stolen it could take a while before anybody tries any funny business with your accounts. That data could end up being sold on the black market instead of being transferred to a card and used right away.

Had I used a card to pay for stuff at Target, I'd be cancelling the card and getting a different one post haste.

eltf177
12-23-2013, 04:17 PM
http://consumerist.com/2013/12/23/even-with-10-our-bad-discount-targets-sales-down-after-credit-card-disaster/

Sounds like their attempts at damage control are failing miserably...

vikingchyk
12-23-2013, 06:01 PM
Monitor your accounts? If your data was stolen it could take a while before anybody tries any funny business with your accounts. That data could end up being sold on the black market instead of being transferred to a card and used right away.

Had I used a card to pay for stuff at Target, I'd be cancelling the card and getting a different one post haste.

My credit card issuer has told people not to panic, but it would honor requests for new cards - it is still assessing the situation, so no word yet if they will automatically recard everyone. If I had used my debit card, I would have been on the credit union's doorstep/phone the next day to shut it down. That's why I don't use a debit card :p I hear the lines at my CU were very long the day after the initial announcement.

blas
12-23-2013, 08:09 PM
My parents got a letter from their bank saying they'd been compromised, and they're getting a new debit card.

ADoyle90815
12-23-2013, 08:24 PM
I paid cash when I went to Target during that period, so I know I have nothing to worry about.

Ophbalance
12-23-2013, 09:29 PM
Not a US resident: what's this insanely inappropriate response?
Inquiring minds want to know. :confused:

Others have pointed out some of the myriad of reasons. But to have 40 million guaranteed breached cards, and their only real response is "it's on you to monitor it" is an absolute failure in my opinion. At the barest minimum they should be offering free credit monitoring for those affected (big $$$, but much better good will gesture). They still haven't given a 100% "this is all that was captured" that I'm aware of. I've seen sites claiming it's everything on the mag strip, and the CVV, and address info, and PIN. Others don't include some of the above. If they've compromised your PIN, is it enough to just get new cards, or do you also need to change out your PIN?

So much fallout could come from this, and their best answer is "ya'll are on your own!" just bites hard. Target will likely upgrade that statement over time, but for now it's just pathetic.

fma_fanatic
12-24-2013, 12:54 AM
Yes, and now those stolen accounts are showing up on the black market for sale, and oh yes, let's not forget the lawsuits (http://www.usatoday.com/story/money/business/2013/12/22/target-breach-suits-and-investigations/4167977/) filed because of the fiasco.

Food Lady
12-24-2013, 02:17 AM
I asked one of the managers about my Target checkcard. She said that those PINs were never unsecured, so even if someone has my checkcard #, it's useless to him. I don't know about the Target credits. If I had used my regular debit, I'd cancel it. Seems simple enough.

Irving Patrick Freleigh
12-24-2013, 08:06 AM
At the barest minimum they should be offering free credit monitoring for those affected (big $$$, but much better good will gesture).

According to this, (http://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/) they are.

As if that's a solution. Now on top of the hassle of closing accounts and getting new cards, your information goes to a company that will send you "targeted advertising" in return for credit monitoring services later. :rolleyes:

Ophbalance
12-24-2013, 03:56 PM
I'm already seeing targeted stuff, purporting to come from my bank, that I would presume is related to this. Joy oh joy.

fma_fanatic
12-24-2013, 11:21 PM
I got a new debit card today, just to be safe. I can nao haz kitties! (the credit union I use now gives its members picture cards :D)

Teskeria
12-25-2013, 12:20 AM
PayPal is actually monitoring their customers cards if they were used at Target between the vulnerable dates. (i think they added a day before and after the announced dates. I know because I have their debit mastercard for my own PayPal account. I like the cash back. ;)
I talked to them and was told I could request a replacement if I wanted and they also told me there are a couple new scams related to the hack.
1. More emails being sent to log into your account using the link to 'verify' everything. Not from them. PayPal doesn't usually send links anyway so that one doesnt worry me.
2. phone calls pretending to be from the credit card company or the credit card processor 'verifying' information to 'be sure your card isnt compromised'.

wolfie
12-29-2013, 01:40 PM
One thing I read about this is that the crooks got CCV codes (the printed number on the signature panel) among other things. My understanding is that the CCV code is intended ONLY for "card not present" transactions (phone/internet orders, etc.), to prove that you have the card in your possession (number is not encoded on the mag stripe, so reading the printed number is the only way to get it). The cards in question were used in "card present" (person in the store) transactions, so why the hell did Target HAVE the CCV codes in the first place?

These "bulk data thefts" seem to be a regular occurrence. Why don't stores realize that credit card data should NOT be kept on a computer that's connected to the internet? I'd like to see a news story along the lines of "Hackers got into our system, but since it was designed for security, the only data they were able to grab was queued transactions that hadn't made it onto the secure storage - credit cards used at store location X between 11:10 and 11:15 are compromised, all others are unaffected".

mhkohne
12-29-2013, 01:54 PM
One thing I read about this is that the crooks got CCV codes (the printed number on the signature panel) among other things. My understanding is that the CCV code is intended ONLY for "card not present" transactions (phone/internet orders, etc.), to prove that you have the card in your possession (number is not encoded on the mag stripe, so reading the printed number is the only way to get it). The cards in question were used in "card present" (person in the store) transactions, so why the hell did Target HAVE the CCV codes in the first place?

I wonder if that part is a reporting error? Because I didn't think the CCV was anywhere on the mag stripe, so short of employees typing it (and at target they don't normally touch the card), or cameras being in places they shouldn't be, there shouldn't be a way to get that. Unless it can be computed from the stripe data somehow, which seems unlikely.

Cia
12-29-2013, 08:29 PM
They got my CCV code because I watched the CSR entered it.

My bank has a note on their website that they are constantly monitoring the credit and debit cards. I still called and asked for a new number and told the CSR that with my hubby also using his card at the magic money machines and not knowing whose card was used for a particular transaction at a MMM, it gives me a greater piece of mind just to get a new check card number. Considering I had my most favorite credit card number stolen two years ago I'm overly cautious in this regard - it ended in 666 :) a credit card that knows it's evil!

At work we have a computer paygateway for credit cards but I don't enter the CCV codes since most of the cards we receive are from the Feds and they don't allow their personnel to give those codes out and the paygateway doesn't require me to type it in. We also don't keep a record anywhere of the credit card numbers our customers give us over the phone or in person. If I need to write the number down the paper goes into the shredder as soon as I e-mail or fax the customer the receipt.

Silent-Hunter
01-01-2014, 10:52 PM
The only reason I can think of that Target would store the credit card data is for data mining, so they know who's bought what. In light of stuff like this, the governent should just make it a crime to even keep this kind of data. Once the card gets verified by the system and the transaction is complete, all the data should be sent to /dev/null or something.

raudf
01-03-2014, 06:58 PM
I wonder if that part is a reporting error? Because I didn't think the CCV was anywhere on the mag stripe, so short of employees typing it (and at target they don't normally touch the card), or cameras being in places they shouldn't be, there shouldn't be a way to get that. Unless it can be computed from the stripe data somehow, which seems unlikely.

Reading Wikipedia, there are two CCVs. A CCV1 which is encoded on the card's strip and thus can be hacked (thus used for fake credit cards.) And then there is the CCV2, which is used for the non-present purchases. Mind, this is Wikipedia and my basic understanding of it.

The reporter might have heard it was the CCV1, but is thinking the CCV2 codes?

BookstoreEscapee
01-03-2014, 07:46 PM
I only use my Discover card at Target; I haven't done so yet but I'm considering asking for a new card. Hopefully they can give me my Chihuahua design still. My big concern with that is making sure my automatic payments get updated (I have two monthly bills that charge to my card and some others that are yearly or otherwise, though if SiriusXM can't charge me it won't be the end of the world, since I'm not sure I want to keep renewing it, anyway). I have checked my recent activity a few times and so far nothing fishy.

I did take them up on their 10% discount that one weekend, though I only spent about $24 anyway.

Aethian
01-04-2014, 03:54 PM
Found out that Mom was caught on the card she used to pay on her target card with. Seems her card is having a great time over in Spain and in helping build a site called strawberry.net.

Kagato
01-04-2014, 04:04 PM
Ouch, I'm hoping the credit card company was quick off the mark to reverse the fraudulent transactions... x_x

Aethian
01-04-2014, 04:41 PM
Nope. All the money from her retirement and Soc Sec checks are gone. I'm going to give her some tomorrow to ride her over. But the school she goes to are insisting she has to show it wasn't her. So...I told her to go in Monday with a police report and do the mom look and voice if they keep giving her a hard time.

Irving Patrick Freleigh
03-15-2014, 10:54 PM
Bump because criminal negligence much? (http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data)

otakuneko
03-17-2014, 10:36 PM
Yeah, Target's got some 'splainin to do, that's for sure.

And some lawsuit-settling to do.

Target also uses data security products from the company I work for. I kept waiting for a shitstorm when I first heard of the breach. I followed the story closely because of it. A whole lotta things went wrong over there. Fortunately, it seems, none of it was us.