Target Credit Card Breach - I Got Scammed.

Status
Not open for further replies.
Stopped by my credit union card issue/billing today since my wife used our credit card at Target early this month for almost a 1k purchase. They looked it up and it so far shows no other use, plus I let them know there probably won't be any other use for about another year unless we take another flight or something. We generally only use it once a year just to keep it active.
She punched something it looked like that if it does get use no matter the amount, I'll get contacted to verify use/transaction.
Got home, told the wife, and she said before she got home from using the card, she got a call to call a 1-800 number because of card use. She checked the number which was correct, called and they just wanted to let us know the card was just used, and my wife verified she just used it for the amount and place communicated.
I guess good, so far.
 
Originally Posted By: Cutehumor
I am at target for last minute shopping for Xmas and on their free WiFi
Man I am a risk taker.
lol.gif



Target stopped the breach on December 16, so there should be no issues after that date.

I think it is amusing how the media is piling on Target, this kind of thing can happen to ANY retailer or business for that matter, it is impossible to stop all hacks, even with due dilligence. It is only a matter of time before this happens again to some other unlucky business and their customers.
 
Originally Posted By: antiqueshell

I think it is amusing how the media is piling on Target, this kind of thing can happen to ANY retailer or business for that matter, it is impossible to stop all hacks, even with due dilligence. It is only a matter of time before this happens again to some other unlucky business and their customers.


I can think of a few ways to design the network to nearly eliminate theft at the store level. I can also think of a way to prevent it at the back end level as well, but it costs $$ and may mean some things are slightly inflexibile.

Another thing that is inexcusable is that many POS systems run a version of Windows. From a security standpoint alone that is inexcusable! Run the least secure OS that has the most malware exposure and greatest hacking potential to manage transactions is just asking for trouble!

Nothing is foolproof but you can get a good foundation and that foundation starts with customized solutions and not using much COTS software and/or OS'es. IOW make the bad guys really work for it so they get detected or move along to your competitor.
 
Last edited:
I'm just wondering exactly who uses this kind of info to buy something on walmart.com. It doesn't make sense to me.

The item is going to have to be shipped to a physical address. Even if it's shipped to a Fedex Office location, someone will have to pick it up and they require positive ID. I have heard that maybe someone offers to pay someone to use a home for deliveries, but that also leaves witnesses who could squeal. I've also read of others.

Now what I do get is that the number thief probably isn't using the numbers directly, but selling the info in some sort of marketplace of stolen numbers. But the person who is doing the buying using these numbers would seem to be relatively easy to catch.

What I would expect (and it's happened to me) is that the credit card number is transferred to a blank or other credit car and then used at a point of sale terminal where they might not ask for ID. When I've been scammed, it was for gas stations from Ohio to West Virginia - probably at a pay at the pump terminal.

I have heard of the scam where someone attached a parallel card reader to a gas pump pay at the pump terminal. My bank's ATM machines use a special reader designed to pull in the card at a variable rate that it knows, but that a parallel skimmer might not know. I think the reader needs to know the exact movement to decode the stripe. Also - the Costco gas stations I've been to now all have Costco hologram tamper-evident stickers on them. I suppose they're supposed to give a sign if someone removes the reader to try and attach a skimmer.
 
Originally Posted By: dernp
You would think that in this day and age of technology and such, companies would take the necessary precautions to prevent this.


I had a credit card with one bank that would constantly question any "suspicious" activity. I would be making a random purchase and the transaction would get declined. I call the bank, spend 15-20 minutes on the phone waiting for a rep and then would confirm that it is really me who's making the purchase. This happened once at a gas station, after I filled up one of my cars and then 20 minutes later, went to fill up another, on the way out of town... the transaction got declined!

This happened 3-4 times before I had enough, so I closed my account and went to another bank.
 
Originally Posted By: dparm
Originally Posted By: Jimmy9190
My wife used her debit card at Target just last week. We each have our own separate checking and savings accounts and a joint checking account. All of our accounts are at the same bank. I had her move her checking balance to our joint checking account. We have a debit card that we never use for our joint account. We will get her a new debit card for her personal account asap and she can use the joint account until the new card arrives. We will also close her personal checking account and open another one with a different account number.

What fun this will be, having to take time off work to visit the bank and sort this all out. Mrs. Jimmy is beyond livid about this. There are no adequate words to describe my absolute hatred for online dirtbag crooks and [censored] thieves....



Don't pay as debit -- pay as credit. Much safer and you have better protection from the card issuer (Visa/MC/Discover/Amex).


On my debit card, I have the same protections from fraud as a credit card. The only difference is that I might be liable for $100 (instead of $50) in fraudulent charges on the debit side.

Mine was affected by the Target fiasco...before the news broke, I got a call from my bank that my card was canceled last week because of a "third-party security breach". I went to the bank, got a temporary card the next day (took maybe 15 minutes) and my replacement came in the mail yesterday.
 
Originally Posted By: y_p_w
I'm just wondering exactly who uses this kind of info to buy something on walmart.com. It doesn't make sense to me.

The item is going to have to be shipped to a physical address. Even if it's shipped to a Fedex Office location, someone will have to pick it up and they require positive ID. I have heard that maybe someone offers to pay someone to use a home for deliveries, but that also leaves witnesses who could squeal. I've also read of others.


I have heard of things being shipped to a VACANT house. Also...doesn't Walmart.com offer in-store pickup?

Quote:
Now what I do get is that the number thief probably isn't using the numbers directly, but selling the info in some sort of marketplace of stolen numbers. But the person who is doing the buying using these numbers would seem to be relatively easy to catch.


Sure...except nobody can be bothered to do so!

Quote:
What I would expect (and it's happened to me) is that the credit card number is transferred to a blank or other credit car and then used at a point of sale terminal where they might not ask for ID. When I've been scammed, it was for gas stations from Ohio to West Virginia - probably at a pay at the pump terminal.

I have heard of the scam where someone attached a parallel card reader to a gas pump pay at the pump terminal. My bank's ATM machines use a special reader designed to pull in the card at a variable rate that it knows, but that a parallel skimmer might not know. I think the reader needs to know the exact movement to decode the stripe. Also - the Costco gas stations I've been to now all have Costco hologram tamper-evident stickers on them. I suppose they're supposed to give a sign if someone removes the reader to try and attach a skimmer.


Yes...stolen cards are often used at gas stations and fast-food places. (No signature for less than $20, usually.)
 
Target is offering an additional 10% Discount for everyone shopping in their stores Dec 21 & 22 (Saturday & Sunday).

I predict each will be a madhouse with lots of cash payers!
 
Originally Posted By: dernp
You would think that in this day and age of technology and such, companies would take the necessary precautions to prevent this.


They will, everybody will have a barcode on their wrist someday.
 
Originally Posted By: y_p_w
I'm just wondering exactly who uses this kind of info to buy something on walmart.com. It doesn't make sense to me.

Maybe it was someone hired by Walmart to make Target look bad right before the holidays?
 
Originally Posted By: Jarlaxle
Originally Posted By: y_p_w
I'm just wondering exactly who uses this kind of info to buy something on walmart.com. It doesn't make sense to me.

The item is going to have to be shipped to a physical address. Even if it's shipped to a Fedex Office location, someone will have to pick it up and they require positive ID. I have heard that maybe someone offers to pay someone to use a home for deliveries, but that also leaves witnesses who could squeal. I've also read of others.


I have heard of things being shipped to a VACANT house. Also...doesn't Walmart.com offer in-store pickup?

Positive ID is required to pick up something at WM. I've done it myself. They've got as many security cameras as many casinos.
 
Originally Posted By: Merkava_4


They will, everybody will have a barcode on their wrist someday.



I doubt it although the powers that be would like it. Always going to be just enough people around to have serious misgivings about such things. Who is to say that that kind of "security feature" couldn't be defeated easily in the future?
 
Originally Posted By: Kestas
Originally Posted By: Turk
Same here + could not read the CVV code on the back, I had it memorized.

This post gave me a random thought. Would it be a good idea to remove the CVV code from the backs of your cards, and write it down somewhere else, to make fraud more difficult... at least they can't use it on the internet?


The other year I had my Chase Freedom card compromised. One of the charges was from 6pm.com (I think) for $100. After contacting my credit card company I contacted 6pm.com to find out about the charge. Someone had used my credit card number/name/address/phone number but with a different e-mail address to purchase a $100 egift certificate. The certificate hadn't been redeemed yet so I was easily able to cancel that. I asked the employee how could they have used my credit card without the CVV. They replied that their website didn't require it! Also, they wouldn't tell me what e-mail address was used with the account or the e-mail address the egift certificate was sent to. Nice. Don't get me started about the Rakuten.com credit card fraud I got hit with earlier this year
frown.gif
 
Originally Posted By: Merkava_4
Originally Posted By: dernp
You would think that in this day and age of technology and such, companies would take the necessary precautions to prevent this.


They will, everybody will have a barcode on their wrist someday.

One better:



Yes - that is Jane Lynch.
 
I read where Chase is limiting to $100. purchases at Target on debit cards. Also there was a discussion about why the US is targeted so much. Evidently the US uses the magnetic strip while the rest of countries generally use a digital code that changes as it is used. However since it would cost money nobody wants to make the changeover, although I've heard before that there are some that use the newer technology.
 
Originally Posted By: 65cuda
I read where Chase is limiting to $100. purchases at Target on debit cards. Also there was a discussion about why the US is targeted so much. Evidently the US uses the magnetic strip while the rest of countries generally use a digital code that changes as it is used. However since it would cost money nobody wants to make the changeover, although I've heard before that there are some that use the newer technology.

Probably more like a contact less smart card. It's conceptually pretty simple. The machine sends one code and the card sends back a number calculated from an algorithm using an encryption key. It won't likely ever send the same code and the encryption key isn't decipherable.

Garage door openers use something similar. The remote says it's ready, the opener sends a code, and the remote sends back a code using its internal key.
 
I live next to a Target so it is convenient for me to go there all the time and that's where I buy most of my stuff. I'm glad that at least I'm using their Red card so it is useless elsewhere.

They were giving out 10% off everything the last weekend, I think it is a damage control from the security breach.
 
What happened to the PayPal Virtual Card? That was brilliant. It was a rolling CC number, 1-time use. Fantastic way to prevent CC fraud. Perhaps if all CC's moved to a new, higher tech card that used an encrpted algorithm, kind of like the payPal keychain thing you can get that gives you an authorization code, instead of the traditional static CC number?? Verisign I think is the company thats real big on that stuff.


It's pretty sad that I'm linking PayPal to the higher-end of CC fraud prevention, but it's true. I pay online with my Paypal account over a CC any chance I get.
 
Last edited:
Status
Not open for further replies.

Similar threads

W
  • Locked
think i got scammed this weekend. LOL
Replies
9
Views
1K
Greggy_D
0
  • Locked
Equifax got hacked - 143 million people affected
2 3 4
Replies
73
Views
14K
oilpsi2high
R
  • Locked
2019 Ram 1500
2
Replies
34
Views
4K
GMBoy
S
  • Locked
I won't die, I'll .... (Non religious Post)
Replies
15
Views
4K
GMFan
JHZR2
  • Locked
Costco tire takes credit card??
Replies
12
Views
21K
SatinSilver
Back
Top