Scam of the day – January 1, 2014 – Why Target is wrong about their PINs being safe

By now many of you may be sick of more information regarding the massive Target data breach of 40 million credit and debit cards, but the cold, hard fact is that much of the information that you are hearing may be misleading and inaccurate.  Even more important is the fact that relying on such information could lead to dire consequences for you if you were one of those people whose card data was breached.

On December 26th, I told you here on Scamicide that most likely Target was playing a semantic game when it said that the PINs used with debit cards were not compromised.  I told you that the reason for that was that Target was probably taking the position that because its PINs were encrypted, they were not compromised.  The next day, Target clarified its position by telling you exactly what I said was the truth which is that indeed PINs were taken, but that they were encrypted.  Now Target is telling everyone that because the PINs were encrypted, there is no risk to the people who used their debit cards to make purchases at Target during the time of the breach.  This is false.  While theoretically, the encryption program used by Target is unlikely to have been compromised, studies have shown that the world’s most popular PIN is 1234 and it does not take a rocket scientist or sophisticated hacker to decipher this PIN. Nor is it very difficult to guess the next most popular PINs which are, in order of popularity, 1111, 0000, 1212 7777, 1004, 2000, 4444, 2222 and 6969.  In fact, 27% of all passwords could be deciphered by trying the 20 most popular combinations.  It also should be noted that the Target hackers are obviously quite technologically sophisticated and it is possible that they may indeed have algorithm solving software that just may be up to the task of deciphering the PINs of  a great number of the stolen debit cards.

TIPS

The first thing for anyone who used a debit card at Target during the affected time period should do is get a new debit card and change the PIN.  When setting a new PIN, make it a random number and not one readily guessable, such as 1234.  Pick a sequence that has a meaning to you, but is unusual or make an unusual four letter word using the keypad that is easy for you to remember.   This should also be a wake up call for everyone who has a PIN that is not sufficiently complex to change it to a safer PIN.  Finally, as I have been advising you to do for a long time, limit your use of your debit card to ATM machines.  The risk when using it for retail purchases is, as I have described in numerous “Scams of the day” much greater than the risk when you use a credit card.