Scam of the day – December 20, 2013 – Massive hacking at Target

If you, like my wife, shopped at any of the 1,797 Target stores in the United States between November 27th and December 15th, you may be in serious danger of identity theft if you used a credit card or a debit card.  Target announced today that more than 40 million customers who made purchases at Target stores during that time period had their credit and debit card data stolen by hackers through what appears to be a point of sale security breach attack which is the same type of attack that was used against Barnes and Noble in 2012 as I explained to you then in a number of Scams of the day at that time.  The data stolen includes customers names, credit card numbers, debit card numbers, expiration dates and the three digit security code found on cards.  This information can be used easily to make the affected customers victims of identity theft.

As I have repeatedly said, debit cards are a dangerous way to shop because unlike credit cards which carry a potential liability of no more than $50 for fraudulent purchases made using your credit card, if your debit card security is compromised and your discovery of the breach of your security is delayed. you risk losing all of the money in the bank account connected to your debit card.  As more companies have become better at protecting the credit card data and debit card data including PINs that are found on the companies’ computers through encryption and other security measures, the weak link now more and more being exposed by identity thieves is the point of sale (POS) terminals that many companies use that is found at the checkout counter.  We are all familiar with these small machines through which we swipe our credit or debit card rather than giving our card to the clerk to run through the cash register’s credit or debit card processor.  Unfortunately, many stores, including Barnes and Noble as I described in my Scam of the Day on October 25, 2012 and now Target have not taken the steps necessary to protect the security of these devices which in many stores have been manipulated to provide credit card and debit card information including PINs to identity thieves.  In some instances, the identity thieves have posed as repairemen to alter these credit and debit card terminals in order to get access to the information contained therein.  Debit cards in particular present a substantial problem because once the identity thief has the card number and PIN, it is a relatively easy task to create a phony debit card that can be used at any ATM to empty the victim’s account.

The massive scope of this hacking is evidence of a very sophisticated hacker being behind this because of the necessity of physically altering the various  card processors.  Generally when this data is stolen in such a huge hacking, the card information is sold to other criminals on the black market.

TIPS

Don’t use your debit card for shopping.  The risk is just too great.  Limit its use to getting cash from an ATM.  Additionally, if you are shopping with either a credit card or a debit card (and not following my advice) don’t use the POS terminals, but rather ask the clerk to run your card through his or her cash register’s credit card terminal.  Your security is improved as the cash register’s information is generally protected better by most companies.  If you are one of the affected people in this Target hacking, make sure you monitor your credit card account or debit card activity online regularly for quite a while.  Just because you may not have yet had phony charges made is no consolation, as it sometimes takes time before the stolen card information is sold by the hackers and used by the criminals buying the information.