Target by Jay Reed/Wikimedia Commons

In the last few weeks we received several queries about credit card security, in the wake of the recent Target data breach and wanted to take this opportunity to talk about what happened, how our credit card processing is different and about credit card safety in general.  Today we will start with what happened at Target this past holiday shopping season.

It should be no big secret now that Target, one of the biggest box store retailers in the United States, suffered a data breach, which is now ranked as the second largest in the United States history.

On December 19, 2013, Target issued a press release confirming the December 18 announcement by security expert Brian Krebs that they lost some 40 million credit card and debit card numbers in an unspecified security breach.  The breach took place between November 27 and December 15 and included the loss of customer names, card expiration dates and the CVV security codes.  On December 27 Target added customer PIN numbers to the data that was compromised and on January 10, 2014 the store added 70 million more cards to the tally, raising the breach to include 110 million customers, second only to the 2009 Heartland Payment Systems breach, which included 130 million cards.

Consumers scrambled to cancel or change their account numbers.  Some banks took extreme measures and limited how much money customers could access.  Nothing raises ire more than good customers being told their card is being denied when they know that their accounts are in good standing.

So what actually happened that caused Target to drop the ball and lose so much data?  This is hard to say.  Target only indicated that their security experts are working with law enforcement, including the United States Secret Service, to identify the hackers responsible for the breach.

Leaks from security consultants indicate that an unknown hacker – or group of hackers – penetrated two Target computer systems and siphoned off the data until the breach was discovered on December 15 and the “hole” was sealed.

Target initially indicated that only “track data” information, the information encoded on the magnetic stripe of the card, was stolen.  The magnetic stripe CVV code is different from the CVV code on the back of the card, which would prevent the thieves from being able to shop remotely, but if the data is burned onto new cards, the cards can be swiped to process transactions.

Later Target admitted that PINs were also stolen, meaning that the breach must have happened at the Target point-of-sale system where customers enter their PINs.  On January 12 Target’s CEO, Gregg Steinhafel said in an interview that malware was discovered in the point-of-sale terminals and that it was able to hijack the credit card information as it came in.

The ability for someone to access your financial accounts can be a scary thing.  A lot of people will spend a long time watching their credit and Target will take a very long time to overcome the stigma of this breach.  In tomorrow’s blog we’ll talk about how a Snaggy diMe uses your credit card, debit card and checking account numbers and what makes us different from the weakness identified in Target’s financial system.

[whohit]2014-01-20 Credit Cards 1 – Safe, Like Target[/whohit]