#credit card protection
By Benjamin Glaser. Guest blogger February 6, 2014
As many shoppers are now aware, Target experienced a massive security breach between November 27 and December 15, 2013, with the personal data of up to 110 million customers having been compromised. In January, Neiman Marcus experienced a similar hack and in the weeks since, various expert reports have suggested that even more stores are currently also at risk. This has left many consumers wondering: How have so many retailers been hoodwinked by hackers? And is there any truly safe way to pay for goods outside of cash? To help better understand the changing credit card landscape consumers are facing, we’ve laid out all the details on what information might have been at risk and explore the various ways consumers can shop online and remain secure.
Both Financial Personal Information Stolen
Using a software called BlackPOS developed by a Russian teenager, hackers corrupted Target’s Point of Sale devices (credit and debit card readers) in brick-and-mortar locations. The hackers were able to capture personal data immediately after a credit card was swiped, according to Brian Krebs , the security blogger who originally broke the story. The data was then stored in a repository within Target’s own internal system, which, the company recently revealed, hackers were able to by stealing vendor credentials.
Target initially confirmed that up to 40 million credit and debit card accounts had been compromised. The information stolen included everything stored directly on a credit or debit card’s magnetic strip: account number, cardholder name, and expiration date. It also included encrypted CVV data, which is used to confirm in-store purchases. (CVV data is not the same as the 3-digit CVV2 code found on the back of your card and used to verify online purchases.)
Weeks later, Target also confirmed the theft of additional “Guest Information” for up to 70 million customers, with some possible overlap between the two groups. Target would only say that the data “may have included names, mailing addresses, phone numbers, or email addresses.”