TARGET TARGETED

I often hear a client state that they don’t “put their credit card on the internet” because they don’t want to lose money. I try to assure them that the chances of having a single card pilfered is quite slim. It’s not “your” personal credit card that thieves are after. No, they want millions of you’s all at one time and there is not a darn thing you can do about it. Case in point: Target.

The recent attack on Target stores was second-largest illegal harvest of credit card numbers in history. The number one spot belongs to the hacking of TJ Maxx back in 2007 where 90 million card numbers were stolen. Target gave up “only” 45 million. The theft occurred over a period of weeks beginning on Black Friday through December 15th.

Here is what likely happened: Modern “point of sale” cash registers” (aka “POS” which reminds me of my father-in-law for some reason) are essentially a computer connected to a cash drawer. The POS’s are connected to the internet and all of them report to company headquarters.

The US Secret Service and Target are not sharing the details of exactly how this happened but the general consensus among the hacker community is that a large, well organized group of individuals--almost certainly with inside help-- hacked into the company’s POS servers and caused them to “push” a malicious software update to all the POS’s in all 1,900 Target stores.

The Russian Mafia deserves at least some of the credit as many of the pilfered card numbers are for

An actual Russian Mafia member. No, really.

sale on Russian and Ukrainian websites. A simple card number with a low balance and limited customer information can go for $3. A no-limit “black” card number can go for $1,000. Thieves take those stolen numbers and reproduce fake credit cards complete with magnetic strips. They then go on a shopping spree to make purchases of things like game consoles and gift cards. Those are then turned into cash after they are re-sold. The banks acted quickly to cancel stolen card numbers so that of the 45 million card numbers stolen, only 2 million or so are actually being sold on the black market.
The rest of the world has moved to cards with computer chips embedded that are much more difficult to counterfeit than magnetic strips. The US is expected to transition to chips in 2015. Between now and then, companies expect a tidal wave of large-scale attacks like this.

So what can you or should you do about this? Not much, really. You are not liable for any losses even if you become a victim but a theft can cause you some inconvenience. If you used Target recently, look over your next statement for small charges. These small charges are used to verify that the card works. After that, big purchases are made. If you see something weird, call someone.