Some banks reissuing cards over Home Depot breach
Source: AP-Excite
By ALEX VEIGA
Some lenders are preparing to reissue credit or debit cards to customers to head off possible losses following the breach of customer data at Home Depot.
Capital One Financial and JPMorgan Chase & Co. said Wednesday they are preparing to assign new cards to accountholders due to the data theft at the home-improvement retailer.
Earlier this month, Home Depot confirmed that malicious software lurking in its check-out terminals between April and September affected 56 million debit and credit cards. Target, Michaels and Neiman Marcus also have been attacked by hackers in the past year.
While lenders often will issue customers a card after it's been lost, stolen or used to make an unauthorized purchase, Capital One and JPMorgan are taking action based merely on whether accounts may be compromised.
FULL story at link.
FILE - In this Feb. 22, 2010, file photo, shoppers walk through the aisles at the Home Depot store in Williston, Vt. Home Depot said Thursday that malicious software lurking in its check-out terminals between April and September affected 56 million debit and credit cards that customers swiped at its stores. Target, Michaels and Neiman Marcus have also been attacked by hackers in the past year. (AP Photo/Toby Talbot, File)
Read more: http://apnews.excite.com/article/20140924/us--home_depot-hacking-banks-2cea6f742a.html
Sherman A1
(38,958 posts)I believe I got new cards after Target's little hiccup and sounds like.... one more time.....
Glitterati
(3,182 posts)No suspicious activity on my account, but they're issuing a new one anyway. The letter said they had been notified that my card MIGHT have been compromised (and I don't use it online ever).
This is the Social Security Debit card.
ProudToBeBlueInRhody
(16,399 posts)It was one I used at Home Depot.
whereisjustice
(2,941 posts)America. When you are rich you can hurt/destroy millions of people and get a bonus for your trouble.
RKP5637
(67,112 posts)some other countries did a long time ago. We lag, because none want to spend the money, so customers get fucked over, none give a damn. Hey, it's the American way anymore. Sociopaths and cheats in the US get highly rewarded and put on pedestals. The general populace gets fucked over.
whereisjustice
(2,941 posts)department overlooking our police state can't seem to pull it's lips away from the asses of the rich. These s/w systems were way out of date and the vulnerabilities were widely known in the community.
The reason he'll get a bonus is because HD most likely will not have to cover any losses as those have been conveniently passed on to customers who now must deal with the consequences on an individual level.
But I bet even the banks and ins. companies are starting to get pissed.
Imagine if a normal person fucked up so badly at their job...
totodeinhere
(13,059 posts)violated?
whereisjustice
(2,941 posts)for justice. It would not be difficult to prove that the CEO knew their systems were vulnerable and putting the general public at risk.
Wall Street banks also faced criminal negligence charges for the financial meltdown, but the justice department let them buy their way out of personal responsibility as another cost of doing business.
rpannier
(24,339 posts)Knowing that something is vulnerable, is not the same as being negligent.
Almost everything has a certain level of risk
I don't think you could prove that not changing over to chip cards created a level of risk that amounted to negligence
Especially when they can point to the number of countries that don't have chip cards... China, Korea and Japan being 3 of many.
And the level of credit card fraud in these countries minimal, yet many Japanese and Koreans purchase off the internet. (Can't speak for Chinese purchasing on internet)
customerserviceguy
(25,183 posts)Home Depot and Target should have had competant IT departments looking for malware on their point of purchase terminals.
So very many places try to do IT on the cheap, keeping the geeks in some cubicles a million miles away from where the problems exist, when some simple observation would disclose the criminal activity going on under their noses.
PuppyBismark
(595 posts)You would think he should have learned something at Target.
customerserviceguy
(25,183 posts)I didn't know that, it explains a lot. About all he learned how to do was outsource the IT function to the Third World, and fatten his bonus in the process. I trust that the corporate world has taken notice of his accomplishments.
Leith
(7,813 posts)You get what you pay for.
Companies refuse to pay IT what they are worth. Experienced people are being laid off and replaced by know-nothings who fill a seat for half the salary - overseas. Managers put in charge of IT departments usually have MBAs with little computer experience beyond running a preprogrammed Excel spreadsheet.
I have been paying for everything in cash since I got caught up in the Target Christmas breach. We got new cards, but never used them. Until US retail catches up to the 21st century, not gonna use them, either.
whereisjustice
(2,941 posts)warned HD of the risks of using an outdated OS with well known exploits.
This has nothing to do with "chips" or two step authorization. HD was using and outdated version of XP operating system and chose not to update it because
1. it costs money to update.
2. HD is shielded from financial liability since banks cover fraud expenses.
3. consumers will bear the expense of restoring credit, dealing with banks, identity theft, etc
The idea that the CEO was "insulated" from the risk of a massive data breach via the same exploit at Target using EXACTLY the same systems defies reality.
The public has a reasonable expectation that their bank accounts are not at risk by purchasing a product at Home Depot.
This is exactly what criminal negligence law is designed to punish.
As far as pin based credit cards, banks fought it in the US for as long as they could because of the extra expense even though rest of the modern world has been using these systems for some time now, however, that is not what makes HD criminally negligent.
rpannier
(24,339 posts)So Japan and Korea aren't the modern world???
You might want to rethink that statement
whereisjustice
(2,941 posts)from making yourself look even less informed or less familiar with the modern world. There's life beyond the tea bags. Get outside every now and then.
My readers tell me their American-style cards have been rejected by some automated payment machines in Great Britain, Ireland, Scandinavia, France, Switzerland, Belgium, Austria, Germany, and the Netherlands. This is especially common with machines at train and subway stations, toll roads, parking garages, luggage lockers, bike-rental kiosks, and self-serve gas pumps. For example, after a long flight into Charles de Gaulle Airport, you find you cant use your credit card at the ticket machine for the train into Paris. Or, while driving in rural Switzerland on a Sunday afternoon, you discover that the automated gas station only accepts chip-and-PIN cards.
https://www.ricksteves.com/travel-tips/money/chip-pin-cards
Here's a typical situation: You're ready to buy your RER ticket to get in from Charles de Gaulle airport in Paris. You line up behind your fellow travelers at the boxy ticket machines and watch them effortlessly touch-screen their way through their purchases. You step up, follow the onscreen instructions in English, insert your credit card and...
"CARTE NON LUE"
Hmmm. It didn't read the card? The machine spits the card back out (in slowmo). You reach for another card and...
"CARTE NON LUE"
(pause for suspense, and then, in red letters)
"TRANSACTION ANNULÉ"
No matter how many times you try, it won't work. Hopefully you have cash (and coins, too, if your machine doesn't accept bills). If not, you'll probably be spending the next hour waiting in a line in the ticket office behind travelers hearing about all of their TGV options.
Ironically, your card will work in the ticket office. So why the rejection?
Chip-and-PIN
In most European countries, credit cards have been equipped with chip-and-PIN technology for nearly a decade. The cards literally have a small computer chip in them and require the user to input their PIN code into a keypad to make a purchase.
http://www.huffingtonpost.com/EuroCheapo/using-american-credit-car_b_4005630.html
sendero
(28,552 posts)... to these companies. They WILL lose business over this. It will cost serious money to clean things up. HD has already offered one of those monitoring services, that is not free.
I share your frustration but it is no surprise at all that the management of most companies aren't going to spend millions of dollars fixing a problem they simply do not have the background to understand.
I am a lot more angry at the credit card companies themselves, who make money hand over fist in this business and ARE equipped with the understanding of the problem.
whereisjustice
(2,941 posts)pay for home depot's negligence. They pay on the phone trying to resolve fraudulent charges. They pay having to notify the creditors that their cards are invalid. And the criminals win because many people will nto notice the fraudulent charges.
Everyone in IT business knew these systems were exploits waiting to happen. Everyone. MSFT released that OS in 2002. Mervyn's, Target both were hacked. Marriott as well. Everyone knew this.
It's like flying a plane knowing the engine is 20,000 hours past overhaul but deciding the costs of overhaul are less than the penalties for not overhauling.
The credit card companies have been using pin based credit for 10 years in Europe. US companies like Home Depot refused to upgrade because they didn't want to spend the money even though they are raking in record profits and are flush with billions in cash.
mwooldri
(10,303 posts)Visa, MC, Amex are implementing liability shift: they will have to have readers for the EMV ("chip cards" by October 2015 or they would eat the fraud losses themselves. That goes for all retailers who take actual cards at the point of sale.
AFAIK Walmart has mostly updated their terminals to take EMV cards now and the cashiers are steering these card holders to insert their card instead of swiping.
RobinA
(9,894 posts)to prove that the CEO knew the systems were vulnerable??
Ever work for a large company? For legal purposes CEOs know NOTHINK. At depositions they manage to make themselves appear so clueless they would seem to need help getting dressed in the morning. I speak as someone who spent 12 years in a corporate legal department. For non legal purposes they know only slightly more, and I doubt they know thing one about coporate information systems.
whereisjustice
(2,941 posts)the same systems as Target. All of the companies mentioned in this 2003 Microsoft press release are vulnerable. Mervyn's, Target and finally Home Depot were attacked. The other may have been as well but no notice given.
You are correct about the idiot CEO who knows nothing. However, it takes two to feign insanity - the CEO has to appear as an idiot, and the prosecutor has to appear as an idiot. Between the two idiots, they share a lot of money.
Mafia bosses have also relied on the "I know nothink" defense, but an honest prosecutor who isn't a crook can easily prove knowledge and intent. Finding a prosecutor willing to go after rich people is the real problem. The entire justice department is as crooked as a barrel of fish hooks.
customerserviceguy
(25,183 posts)That's the only way the rest of the corporate world gets the message to spend enough on IT to stay a step or two or three ahead of the criminals.
I wish the banks would cancel the Visa/Mastercard payment accounts of these two retailers, that would send a message that they're not going to pay the costs of cheap-ass shitty IT on the part of the businesses they do business with.
Severe penalties are called for here, I wonder who has the guts to impose them. If the banks spending millions of dollars issuing new cards don't have the stones for it, I sure hope the buying public does. If you HAVE to have something from either retailer (and you probably have other good choices) at least pay them in cash, to send the message that they are untrustworthy.
whereisjustice
(2,941 posts)RKP5637
(67,112 posts)for the lowly scapegoats a corp. might trot out and fire ... but the crux of the problem lies at the top of the ladder, but they roam around immune from it all.
quadrature
(2,049 posts)do you think
JPMorgan can handle it?
whereisjustice
(2,941 posts)charges etc. It's cheaper for them to reissue cards than protect customer accounts. Meanwhile the banks and the perpetrators know that millions of people will not notice fraudulent charges and pay them. Millions of people are now wrestling with banks over fraud charges, identity theft, etc. Home Depot's CEO is smiling all the way to the bank.
RobinA
(9,894 posts)updated three times in the last 9 months. That's how many cards I have - three. Not one of them ever left my possession. I did have a fraudulent charge on one of them - some hormonal body building powder sold out of Florida. It's a royal pain in the butt to change cards. because you have to notify everybody who has the card number that it has changed. I now keep lists of who's attached to what card. I try to avoid automatic payments whenever possible, but somehow I have a few.
llmart
(15,555 posts)and that was a royal pain in the ass, since the card that was replaced was never even used at a Target. Now I'm expecting and have already received an email from Home Dept that they change it again.
I have a total of two cards. I have used the one card one time. I am tempted to just carry cash and pay for things the old-fashioned way.
Remember when we were all supposed to be paranoid about someone stealing our wallets and so we stopped carrying much cash? Well, now we're all supposed to be paranoid about someone stealing our card numbers. I don't know what to be paranoid about any more. LOL
Maybe I'll just start being paranoid about ISIS or ISIL or whatever it is they call themselves and the right wingers are worried about.
PuppyBismark
(595 posts)The woman at American Express was very helpful and understanding. I also asked if Amex was going to start issuing "Smart" credit cards and she said that was what I was going to get. I did not have to ask for one day delivery, she just told me I would get the card by UPS One Day delivery, but that I had to be home to accept it.
rpannier
(24,339 posts)mwooldri
(10,303 posts)RKP5637
(67,112 posts)retail point of entry readers are updated to read "Smart" credit cards one is no better off. Mine have both the chip and the magnetic stripe, but I have never encountered a "Smart" reader except at the bank's ATM, so in retail I still use the magnetic stripe. One bank officer told me never to use a debit card in retail situations, but rather always to use their credit card. ... then simply transfer funds to reduce the balance on the credit card. There is no interest charge for this.
mwooldri
(10,303 posts)Banks can and do reissue cards on a perceived threat. The ones I deal with are the most frustrating because they're not linked with a big data breach like a Target or a TJ Maxx or Home Depot. I can't even tell the customer why exactly we're doing the proactive replacement.
RobinA
(9,894 posts)I don't shop at Target or TJ Maxx. I have shopped at Home Depot in the past 6 months, but my latest credit card change came before that was announced.
I was informed by letter awhile back that there was a breach at Adobe (like...HELLO), and I suspect at least one of my card changes came from that one, 'cause my father, also a recent Adobe customer, also had a card change around the same time. My father, age 80, freaks every time this happens because he thinks HE did something. I'm trying to convince him that he did nothing wrong and this is just life in these United States in 2014.
drynberg
(1,648 posts)As soon as I heard about it, I called my VISA card provider (Capitol One) and asked for another card ASAP. Upon calling, I removed my card from future use and called the two automatic withdrawl sites. It took a few minutes and the loss of worry...priceless.
Xithras
(16,191 posts)Seemed like a waste of postage to me. Just send me the card!
PuppyBismark
(595 posts)This is a very good security step and they should be thanked for doing it.