About Target’s Credit Card Security Breach, What Is Overreacting and What Is Not

credit-card-front.png

This is important enough to interrupt the usual Geek Friday post.

WCPO Cincinnati reports there is “Fury and frustration over Target data breach“.  That may be understandable, but it is helpful to realize that Target is as much a victim as those whose information was stolen.  Target and other large companies generally go to great lengths to secure customer financial information, and Target did the responsible thing by reporting the incident right away instead of stalling, such as Sony did in 2011.

Having said that, Target is being quite low key about some aspects of this event.  I saw somewhere on the web that someone at Target made the comment that it was important to not “overreact”.  While true, I notice all they are advising people to do is watch their credit card statements.  Even if you have online access, by the time that it shows up on the bill, it is too late.  Someone has used that information and stolen money, even if it might not be the Target customer who will eventually be reimbursed.  Then, there is the whole tangled mess involved if it is a debit card.

The information stolen appears to be the entire enchilada.  The entire slate of information on the magnetic strip has been stolen, which would include a security code, credit card number and expiration date, all of which is sufficient in some cases to make a fraudulent purchase or even create a counterfeit of the original card.  The one thing that might slow someone down is that apparently the CCV code, the three or four numbers visible on the back, are not included.

I saw a news broadcast last night where the individual flat out stated that if you used your credit card at Target between Thanksgiving and 15 December to just cancel the card and get a new one.  I would concur.  Legitimate charges can be rolled over from the old one, as they are still on the account, but no new charges can be made.  It might mean being without the use of the card for a couple of weeks, but that inconvenience is less than what is involved with disputing charges and having to cancel it anyways.

Double that advice if it is a debit card!  Not only are there false charges to deal with, but the potential of overdraft and bank fees, even if waived, are enough to cause a migraine.

However, yelling at Target or vowing to never shop there again is not the answer.  Data breaches cannot be avoided 100% of the time, and there is ample evidence, according the experts and a little common sense, that this was an inside job.  That is the type of breach that is the hardest to guard against (if not impossible to stop completely).