"We take the protection of customer information very seriously, and are working to resolve the situation"
Why don't you just dial-a-stock-response and have done with it, will save a lot of time in the long run.
Carders punch holes through Staples
US office giant Staples is investigating a possible credit and debit card breach of its Northeastern stores. Evidence for the hack, reported by cybercrime and prolific breach blower Brian Krebs, is apparently based on a dozen fraud monitor sources within different US banks. Staples has contacted police and said it was …
-
Tuesday 21st October 2014 10:51 GMT DrXym
Simple solution
The USA should drag itself into the 21st century and use chip and pin. It's not clear to me why retailers, visa or customers tolerate a situation which allows cards to be cloned so easily or the virtually non existent security checks that happen at point of sale in the US.
Chip and pin isn't foolproof but it would stop card skimming / cloning which must surely be the most common cause of credit card fraud by a long stretch.
-
Tuesday 21st October 2014 12:43 GMT Tom 13
Re: Simple solution
The UK has now admitted Chip and Pin isn't infalible like they claimed it was. All it did was allow banks to dodge responsibility for fraud for a couple of years.
What security checks do you think a minimum wage monkey could actually be trusted to make? Check the signature? Right. I've been to college, I know how easily fake IDs are obtained for getting into bars and bars ARE legally liable for serving minors.
The only solution is to start holding the banks and the businesses with crap security responsible for the full extent of the economic damage they do to the users who are compromised by their failures. If that means the limited liabilities on corporations need to be modified, so be it. I'm all in for holding the officers of the corporation personally responsible for the breaches in cases like this.
-
Tuesday 21st October 2014 14:47 GMT DrXym
Re: Simple solution
"The UK has now admitted Chip and Pin isn't infalible like they claimed it was. All it did was allow banks to dodge responsibility for fraud for a couple of years."
Who said it was? Not me. But it is FAR more difficult to clone or skim via chip and pin than a magnetic stripe.
As for banks "dodging responsibility", there is no reason that the situation with US transactions must be the same, although there is reason to believe that if stores WERE responsible for bad transactions they'd audit their kit and their staff a lot more than they clearly do right now.
"What security checks do you think a minimum wage monkey could actually be trusted to make? Check the signature? Right. I've been to college, I know how easily fake IDs are obtained for getting into bars and bars ARE legally liable for serving minors."
The answer is "very few". Which is why chip and pin is important. Go shop in America some time and notice how security is virtually nonexistent. At best the store will have some broken screen you're supposed to sign but no one ever checks the card or the signature to the card.
"The only solution is to start holding the banks and the businesses with crap security responsible for the full extent of the economic damage they do to the users who are compromised by their failures.
The only solution eh? No it isn't. In this case, the immediate problem is that card skimmers are being installed in stores, possibly with collusion of staff / managers. Such skimmers wouldn't even be an issue if cards had a chip & pin and weren't swiped.
-
Wednesday 22nd October 2014 12:49 GMT Tom 13
Re: wouldn't even be an issue if cards had a chip & pin
Shoddy thinking. If the thieves have access to install a skimmer, they have access to install a device to intercept both the chip data and PIN transmission.
I shop in US stores all the time. I for one am happy they no longer engage in the kabuki theater that use to be security for a credit card purchase. I remember the bad old days of a clerk pulling out a month old book to see if my credit card was on the list of stolen credit cards. And having my credit card declined because I made the fatal mistake of buying gas for my one car from the pump before heading inside to pay the clerk for the repair work they finished on my other car.
It's not that I am unaware of the problems. In fact, I've just gone through the process of canceling one of my credit cards and getting a new one because dodgy charges showed up on it. Neither VISA nor I can identify where or how the card was compromised. But they caught it, no goods were exchanged, and the bad guys didn't get money. I don't expect chip and PIN would have prevented it, but their monitoring caught it.
-
-
-
-
-
Tuesday 21st October 2014 16:24 GMT Glenn 6
Until the government outlaws the practice of swiping credit cards into the POS system - which retailers do on purpose so they can track your purchase habits - these problems will continue.
The only place you should be sticking your card into is a bank-supplied, independant payment pin pad terminal.
-
Wednesday 22nd October 2014 12:54 GMT Tom 13
@Glenn 6
Bullshit!
Stores started swiping credit cards long before the data gathering began. They started it because transferring the numbers electronically was more accurate than running a card through a mini-mimeo machine and collecting a signature. The mini mimeo machine meant the numbers had to be transcribed later by workers at VISA. The reduction in losses was reflected in the reduced costs VISA passed along to the businesses for swiping cards instead of imprinting them. It's been about 15 years since I had to look at the numbers, but I don't expect that aspect of it has changed.
-
Biting the hand that feeds IT
