• Hey Guest!
    British Car Forum has been supporting enthusiasts for over 25 years by providing a great place to share our love for British cars. You can support our efforts by upgrading your membership for less than the dues of most car clubs. There are some perks with a member upgrade!
    **Upgrade Now**
    (PS: Upgraded members don't see this banner, nor will you see the Google ads that appear on the site.)
Tips
Tips

Targeted?

Share this page

NutmegCT

NutmegCT

Great Pumpkin
Bronze
Offline
Like millions of others, I've at least once bought something at a Target store. Used a credit card, probably five or six years ago.

I've been following the story on the "credit card info" hacking.

Yesterday I got an email from Target (yep, really from Target) about their offering a free year of credit card protection through Experian.

I went to the Experian website, and realized that to register, I'd have to enter all my personal ID (name, address, phone, social security number, etc.) at the website.

I started wondering - what happens if Experian is hacked?

To me it's becoming a massive problem: to get just about anything online, you need to pay and/or register for it. But you pay/register on a website used by 100s of millions of people, which may be hacked at any time. It's not like the "old days", where your local department store only kept paper records of a couple thousand customers.

If we finally move to credit cards with built-in chips like many other countries, it'll help. But only for a while. And the recent growth of internet-connected devices like cars, phones, appliances, home lighting systems, etc., doesn't help.

A quandary.

Tom

29e04c3.jpg
 
Look at it this way... you're opening an account to get access to the data Experian already has on you and just about every other consumer in the US. They already have your SS number, your name and your address. So do EquiFax and TransUnion. You have to supply your SSN each time you request a fdree yearly credit profile from each company.They already make that available to whomever needs to check your credit / bill-paying history when you apply for credit of any sort.

What Experian is asking you to do is to verify your data so they include the correct person in the monitoring program. Your data won't be any more vulnerable after you sign up than it is right now. I'd be a heck of a lot more concerned over the fact you SS number was used by you as a personal identifier long before it ever became a source of concern. Example: just about every medical / dental facility you have ever visited has all that data on paper in files available to anybody in the facility unless YOU have personally insured that your SS number is not used as an identifier and has been removed from all these records.
 
Last edited:
Tom, I believe the cards with chips are the ones that allow your data to be stolen while the card is in your wallet. You need to carry it in a theft proof case. Just adds to the worry doesn't it?
 
When I'm back in the US, the wallet I carry has a doubled piece of heavy duty aluminum foil lining the bill compartment closest to the outside of the wallet. That foils card readers...(pun intended).
 
That's actually an interesting point. So they already have my data.

Then ... why register? I took a look at the identify theft policy details, and it seems the coverage is for costs relating to obtaining notarized affidavits, refiling of loan and grant applications for loans and grants rejected due to erroneous credit information, and to obtain further credit reports. Here's the text:

https://www.protectmyid.com/summary-of-benefits/

So if you do have your identify stolen, you still go through the hassles.

I'm pretty naive: it doesn't seem like you really get much for $16/mo. But as it's free for a year, I'll probably sign up anyway.
 
"That foils card readers...(pun intended)."

smiley-rimshot.gif
 
Why register? You got the email because you once gave Target that email address.

Target identified you as being among the consumers at risk because of the theft of data from Target's servers.

Experian is undoubtedly keeping all those consumers in a separate identifiable population.
 
Never shopped at Target with or without a credit card, but probably just dodged a bullet since there is a relatively new target just a couple blocks from where I work. I did walk though it before Christmas but didn't end up buying anything.

New report says the hacking was part of a broad and sophisticated hacking campaign that used a very sophisticated code that infected the retailer's servers. Bet that makes you feel better. Not.

If you're concerned about identity theft you might want to go to C-SPAN web site and watch the hearings that were held yesterday (16 Jan 14) regarding hacking vulnerability of certain government web sites.

In other news, a very good Podcast regarding internet and computer security is called "Security Now". I subscribe to it on my iMac/iPhone. It is very good.
 
The Government (who knows which agency) released a confidential report to retailers describing how the Target attack occurred and warning that many more stores / companies may be involved. The D of HS refused to elaborate on how the malware was spread but DID say that it didn't need to be installed on each card terminal manually. The malware code was written in Russian.

Here is a link to the CNN report on the new release: https://money.cnn.com/2014/01/16/news/companies/target-breach-report/index.html?iid=HP_River
 
Heard over the weekend on the news that the code has been tracked to a teen hacker in Russia who apparently writes these sort of things and sells them on a web black market. Style of coding matched some other things this kid had been identified with. But while he's known to be a kid, real identity is apparently unknown.
 
It's not just retailers we need to worry about. Heard Congessional testimony last week on CSPAN by Security expert who said a certain government web site is, in his words, Swiss Cheese. Took him 4 minutes to hack and access thousands of personal records.

BTW, if anyone is interested in security, a great podcast I recommend is "Security Now"
 
When I get issued a new credit card and it has the sign on it for pass instead of swiping, I take it back and get reissued a non-pass card so I don't have to carry it in a lead/aluminum container. Must be swiped and signature must be acknowledged.
 
Breaking news: Two Mexican Nationals just apprehended trying to enter US with hundreds of counterfeit cards with numbers believed to be linked to the Holiday hackings.
 
LarryK said:
When I get issued a new credit card and it has the sign on it for pass instead of swiping, I take it back and get reissued a non-pass card so I don't have to carry it in a lead/aluminum container. Must be swiped and signature must be acknowledged.
Click to expand...
A lead container is hardly necessary...a doubled over piece of heavy duty aluminum foil the size of the bill compartment of your wallet is all you need. It's faulty logic to refuse an increase in security for the sake of a little convenience.
 
It has been interesting to hear this reported in Canada. The big issue seems to be over obsolete (and easily hacked) swipe technology. In Canada chip cards are the norm - and, while still hackable, each chip transaction has a unique identity and as such is much harder to hack. Apparently, the issue south of the border is who is going to pay for the chip cards - the banks or the businesses.
 
JPSmit said:
It has been interesting to hear this reported in Canada. The big issue seems to be over obsolete (and easily hacked) swipe technology. In Canada chip cards are the norm - and, while still hackable, each chip transaction has a unique identity and as such is much harder to hack. Apparently, the issue south of the border is who is going to pay for the chip cards - the banks or the businesses.
Click to expand...

I'd like to see something for credit cards similar to what I have for my primary Bank account. I have an App on my iPhone called "VIP Access" which is registered (and in sync) with the bank. When I go to log into my bank's web site, I enter a user name and a password. But the password consists of a root password, plus several random digits that I get by opening the VIP App. When I open the App, a series of random numbers are displayed. I have 30 seconds to add those numbers to my password in order to log in. The random number changes every 30 seconds. The numbers that appear on my app are different than the numbers that appear on any other iPhone as they are tied to the S/N of my iPhone. I think the same idea could be used for credit card transactions. You make a purchase and, instead of having to provide a simple 4-digit pin, you have to enter the pin PLUS a VIP access code. The need to provide a random code that constantly changes would make a stolen card worthless.

By the way, I use VIP Access for my PayPal account as well.

VIPAccess1.jpg
 
"I have an App on my iPhone called "VIP Access" which is registered (and in sync) with the bank."
Click to expand...
I'm sure that creates a secure transaction but how does the bank handle transactions made by people like me who have no need for a smart phone and so don't own one.

I remember the Blackberry outage of some years ago...almost created a panic. I'm thinking that there is a too-rapidly growing list of processes and procedures that have become dependent on fragile and vulnerable technology.
 
Back
Top