Slashdot Mirror

← Back to Stories (view on slashdot.org)

Credit Card Breach At P.F. Chang's

Posted by Soulskill on from the another-day-another-breach dept.

schwit1 tips a post by Brian Krebs saying that P.F. Chang's China Bistro, a nationwide restaurant chain, is the latest victim of a massive data breach. The company is currently investigating. Krebs writes: On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so, an underground store best known for selling tens of millions of cards stolen in the Target breach. Several banks contacted by KrebsOnSecurity said they acquired from this new batch multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang's locations between the beginning of March 2014 and May 19, 2014. ... The items for sale are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards. Armed with this information, thieves can re-encode the data onto new plastic and then use the counterfeit cards to buy high-priced items at big box stores, goods that can be quickly resold for cash (think iPads and gift cards, for example).

117 comments

  1. Cash and checks by riverat1 · · Score: 1

    I use cash or checks for 99% of my purchases. That way I avoid this issue. I'm also an old guy so "Get off my lawn!"

    1. Re:Cash and checks by lexman098 · · Score: 4, Insightful

      I use credit cards for 99% of my purchases. That way I avoid the issue of dealing with change and refilling on cash. I've never been held responsible for a fraudulent charge.

    2. Re:Cash and checks by culmor30 · · Score: 1

      Hi everyone, I have some anecdotal evidence which counters the claims of *both* of the posters above me!

    3. Re:Cash and checks by vux984 · · Score: 4, Insightful

      I use cash or checks for 99% of my purchases. That way I avoid this issue. I'm also an old guy so "Get off my lawn!"

      Is it a real issue or a theoretical issue? I've seen a few fraudulent charges over the years, and the bank has never given me any greif over any of them.

      Your solution of carrying cash exposes you to higher risk of direct loss or theft. And you lose the card rewards program.

      As for cheques -- yeah, whatever, because those aren't stupidly easy to forge; and most people won't even take them anymore.

      On the upside you have a smallish boost in privacy relating to your purchases. (locations, times, and amount spent)

      Seems you've traded one set of small risks for another. Not sure that amounts to a real overall improvement though.

    4. Re:Cash and checks by digitalPhant0m · · Score: 1

      Now I have to avoid you at the grocery store for fear of being in line behind you while you write a check.

    5. Re:Cash and checks by Anonymous Coward · · Score: 0

      I'm the guy behind you at the grocery checkout. Stop holding up the line by writing checks, you silly old man...

    6. Re:Cash and checks by Anonymous Coward · · Score: 0

      Checks aren't going to save you. 99.999999% of businesses just enter that data into a computer.

    7. Re:Cash and checks by ColdWetDog · · Score: 1

      What, you don't buy anything?

      --
      Faster! Faster! Faster would be better!
    8. Re:Cash and checks by riverat1 · · Score: 1

      I almost always use cash at the grocery store. I'm the one waiting in line for person running their card through the machine. Checks are for the big purchases.

    9. Re:Cash and checks by ArmoredDragon · · Score: 2

      This. Any bank that isn't a ripoff (and assuming that you don't have the worst credit in the world) offers zero liability for fraudulent purchases. Given that checks are tedious to write and process, and cash is easy to get lost or stolen, it doesn't make a whole lot of sense to pick them over a credit card.

      I probably went to PF Changs in this time period, and used my credit card there no less (I'm not quite sure whether it was in April or in May that I last went) but I'm not at all concerned about it. I've been the victim of credit card fraud before, and it's really not exactly devastating. What happens is I have to go an entire week on cash (I hate checks) until my new card arrives in the mail, and then I have to go to my ISP, tmobile, and the local water utility and update my autopay billing information. It basically amounts to a temporary inconvenience, but nothing was lost on my part. I think a bigger inconvenience would be having to manually pay all of my bills every month instead of just watching ONE credit card statement.

    10. Re:Cash and checks by msauve · · Score: 1

      I don't buy his argument.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    11. Re:Cash and checks by ArmoredDragon · · Score: 1

      Don't neglect those rewards either. Every year I get a nice free $200 payment towards my credit card bill, and since I always pay it off before interest accrues, it's pure profit.

      Stupid paypal always forces me to default to paying with a bank account, and when I try to pay with a credit card they insist that I don't do it because the credit card supposedly costs me more. Paypal just wants to make a higher profit margin.

    12. Re:Cash and checks by msauve · · Score: 2

      Any bank that isn't a ripoff (and assuming that you don't have the worst credit in the world) offers zero liability for fraudulent purchases. Given that checks are tedious to write and process

      You fail to mention the full, tedious process for reporting fraudulent card transactions, and getting them reversed. Whenever I've had to do it (recently, almost yearly), There are records to review, paperwork to fax, etc. to confirm what charges are legit and which aren't.

      It's a wash in effort between dealing with cards and checks, in my experience. Cards for online purchases, checks for paying most recurring bills (I really don't trust most enterprises to automatically draw from a debit account). That's what's convenient for me.

      If you only have to change 3 accounts when a card is replaced, I'd bet you're exceptional (on the low side).

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    13. Re:Cash and checks by Jane+Q.+Public · · Score: 1

      I use cash or checks for 99% of my purchases. That way I avoid this issue. I'm also an old guy so "Get off my lawn!"

      I also tend to stay away from places with "Bistro" in the name. You can generally count on a 50% or more higher price, with no commensurate increase in quality.

      "Bob's Chinese" is more likely to try harder.

    14. Re:Cash and checks by sjames · · Score: 1

      The risk of forged checks is there even if you never use them yourself.

    15. Re:Cash and checks by Jane+Q.+Public · · Score: 1

      On the other hand...

    16. Re:Cash and checks by mjwx · · Score: 1

      Is it a real issue or a theoretical issue? I've seen a few fraudulent charges over the years, and the bank has never given me any greif over any of them.

      Not really, the average loss from credit card fraud is $500, it costs Australia $2 billion annually. Eventually this costs comes back to you.

      Your solution of carrying cash exposes you to higher risk of direct loss or theft. And you lose the card rewards program.

      LoL @ rewards program.

      Seriously, carrying cash does not increase your theft profile, with the addition of contactless payments that do not require a form of authentication, plastic is now as at risk as cash. Yep, sure you can tell me "but the bank will cover me" but all you're really saying is "I'm naive like a child". The bank only covers its self.

      Seriously, rewards programs are traps. Compared to the costs of using credit cards (most of them hidden like interchange fees and merchant service fees) cash is cheaper. The average rewards program returns $45 per year. I save that more than that per fortnight by using cash. This year alone I've saved $1200 from direct savings from not using credit.

      Banks do not do anything for free, follow the money to find out who's paying for it (if you're smart, you'll just find a mirror and have done with).

      Seems you've traded one set of small risks for another. Not sure that amounts to a real overall improvement though.

      Actually, I've traded a set of costs for a set of savings.

      In fact, given the number of high profile breaches in recent days it seems carrying cash is safer. You can expect more breaches as criminals figure out ways to colelct your card information from NFC without you even taking your card out of your wallet.

      That being said, I have to admire the banks in for their Machiavellian brilliance. They addict people like you to using credit cards then charge the merchants for accepting them, forcing the merchant to be the bad guy and raise his prices to pay for them, meanwhile the bank is laughing all the way to the bank. Not to mention the way they've gamified the rewards programs. They've made collecting points more important to people than getting a good deal. In order to get a $50 toaster, people will forego $1000 in savings.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    17. Re:Cash and checks by khellendros1984 · · Score: 2

      You fail to mention the full, tedious process for reporting fraudulent card transactions, and getting them reversed. Whenever I've had to do it (recently, almost yearly), There are records to review, paperwork to fax, etc. to confirm what charges are legit and which aren't.

      With my card, in most cases, I get a call where they verify a half-dozen or so purchases. There was once where they called me to say that my card was cancelled, with a new one in the mail. I've never had to fill out any paperwork from that particular bank/card, let alone had to fax anything. The policies vary company-by-company, so something that's onerous for you may be much easier for someone else.

      --
      It is pitch black. You are likely to be eaten by a grue.
    18. Re:Cash and checks by msauve · · Score: 1

      " The policies vary company-by-company, so something that's onerous for you may be much easier for someone else."

      Yes, anecdotal evidence means very little.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    19. Re:Cash and checks by Calavar · · Score: 1

      Compared to the costs of using credit cards (most of them hidden like interchange fees and merchant service fees) cash is cheaper.

      You still pay those when you use cash because the agreement between the credit card company and the merchant forbids the merchant from offering a lower price when goods are purchased with cash.

      In fact, given the number of high profile breaches in recent days it seems carrying cash is safer. You can expect more breaches as criminals figure out ways to colelct your card information from NFC without you even taking your card out of your wallet.

      As others have already said, it's not the cardholder that takes the loss when fraud occurs. It's the merchant. Sucks for them, of course, but certainly not for the cardholder. So I'm not sure why you're still rambling on about the safety of cash. If a thug steals your wallet full of cash, it's gone for ever. Not so if they steal your wallet full of credit cards.

    20. Re:Cash and checks by Nyder · · Score: 1

      .. And you lose the card rewards program.

      ....

      Cash reward for credit cards isn't a cash reward. You must be the type that thinks trickle down economy is good.

      Here's how the cash rewards work. The CC company says "Hey, our Customers are stupid. They pay high interest rates to us for convince. How about we tell these sheep that they can get cash back, while we up their interest rate 1% to pay that cash back.

      Car analogy: You go to buy a new car. The Dealer says they give you $1000 cash back if you buy this certain model. You think, cool, I'll make a $1000 when I buy this car. What really happens is: CAR = Price + $1000.

      You don't really get $1000 back, you get $1000 that you paid yourself.

      Same with CC you don't get cash back, you get cash that you already own from them.

      wankers.

      --
      Be seeing you...
    21. Re:Cash and checks by ModernGeek · · Score: 2

      Checks are more insecure than credit cards...

      --
      Sig: I stole this sig.
    22. Re:Cash and checks by mjwx · · Score: 1

      You still pay those when you use cash because the agreement between the credit card company and the merchant forbids the merchant from offering a lower price when goods are purchased with cash.

      Fortunately, not legally enforceable.

      Dual pricing is permitted by law in Australia precisely because it is illegal for a third party to force a hidden cost onto a business. For a moment, consider the people you are defending here, they are forcing extra costs on merchats, which results in higher prices and you're defending them.

      Lots of businesses do a cash discount. The only way you dont know about this is because you dont do cash transactions... your loss.

      As others have already said, it's not the cardholder that takes the loss when fraud occurs. It's the merchant.

      And what does the merchant do when they take a loss?

      Put prices up to compensate.

      You still end up paying. It's just obfuscated.

      Putting everything on the card is plain stupid, from both a financial and security standpoint.

      If a thug steals your wallet full of cash, it's gone for ever. Not so if they steal your wallet full of credit cards.

      You're assuming the bank wont contest it, or charge you for the services. Also, the bank is not obliged to return interchange fees.

      With NFC on your card, a thief can take your card details without you even getting it out of your pocket because by design, the protocol will give out your name, expiry date and card no. to anything that asks for it. This can be done with off the shelf hardware. A thug doesn't even have to rob you, to rob you. In the end, cards cost more than risk with cash (which is negligible, lower if you consider the huge security flaw in NFC).

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    23. Re:Cash and checks by Anonymous Coward · · Score: 1

      That's how it works for some "wankers" but for me I pay them $0 in interest and they pay me thousands of dollars a year in cash back.

    24. Re:Cash and checks by Anonymous Coward · · Score: 0

      In the Untied States, banks cannot prevent a merchant from offering cash discounts. Many states regulate credit card surcharges, but merchants have gotten around the law by claiming a cash discount. Some states have laws specificlly allowing cash discounts for certain types of products such as on vehicle fuel, while preventing it for other products. Some states allow certain merchants to have credit card surchanges, such as utility companies when approved a regulatory agency. These laws vary by state and locality.

      Fraud ownership resides with the bank, not the merhcant, as long as the merchant follows the policies of their merchant account for handling credit card transactions. When chip-and-pin arrives in the United States, fraud liability will shift to the merchant for transactions using non-chip cards.

    25. Re:Cash and checks by Anonymous Coward · · Score: 0

      To those of us that pay the credit card balance every month, the rewards are great.

    26. Re:Cash and checks by Anonymous Coward · · Score: 0

      You still pay those when you use cash because the agreement between the credit card company and the merchant forbids the merchant from offering a lower price when goods are purchased with cash.

      Depends on the jurisdiction. This is not true everywhere.

    27. Re:Cash and checks by Anonymous Coward · · Score: 0

      How spicy do you like your Chang sauce?

    28. Re:Cash and checks by Anonymous Coward · · Score: 0

      And you've helped Visa take in rent of 1-3% of every purchase made anywhere. Congratulations.

    29. Re:Cash and checks by Anonymous Coward · · Score: 0

      I suspect you're exaggerating the amount of work involved in contesting a charge. The last few CC's I've had either let me flag transactions online or I simply called in and done it over the phone in under 5 minutes. In either case, they send out some correspondence that you sign and return to them basically affirming that the transaction is fraudulent and that's it.

      You're right that it sucks to have to update any of your recurring billers and online accounts when your bank cancels and reissues your account under a new number.

      I'd rather have to update a bunch of accounts than deal with losing a wallet full of cash or having my checks fall into the wrong hands. With cash, you're never getting that money back (unless an honest person returns it) and with checks, you're at the mercy of your bank (there is no federal protection for fraudulent check activity).

    30. Re:Cash and checks by Euler · · Score: 1

      I have to agree that the CC company makes a difference, Capital One has always been the one to tell me when something bad has happened. Slight inconvenience to me. Somebody besides me ate the cost (probably Capital One.) So obviously their business model is profitable enough to not really worry too much.

      That being said, it is about F'ing time that retailers and CC companies make the investment into chip and pin systems. Not perfect, but would basically shut down most causal card skimmers. The one-time card numbers for online transactions are a good compromise, especially considering it might be difficult to get the card reading devices at the home-user level.

    31. Re:Cash and checks by plover · · Score: 1

      Umm...no. Cash takes considerably longer to tender than credit. The customer takes time selecting the bills and coins, the cashier takes time counting it, then enters the amount in the cash register, and after the till opens, they have to count out the customer's change. This takes an average of about 16 seconds per transaction.

      A credit transaction today is a swipe of a card, and can be processed and authorized in under one second.

      Chip and PIN is not as fast as a magnetic stripe due to the very limited CPU doing the encryption, the slow data transfer rates to and from the card, the time spent by the customer entering their PIN, and the awkward handling sequence of insert card, key PIN, wait for authorizing, remove card. While not as slow as cash, it is nowhere near as fast as credit.

      After the sale, cash continues to be expensive for a retailer to handle. After collecting it all day in a till, the cashier has to count it, bag it, and turn it in to the office. The office people count it again with a machine, and store it in a safe. Periodically the safe has to be emptied and transported via armored car to a bank for deposit. They also have to buy rolled coins for making change, and distribute the coins to the tills occasionally. The tills, safes, and counting machines cost money to buy and maintain. The payroll for the cashiers, managers, and office people for time spent handling money costs money. And there is always the risk of armed robbery, which puts innocent people in harm's way.

      Non-intuitively, it can cost more for a retailer to take cash than they pay in fees for using credit.

      --
      John
    32. Re:Cash and checks by ayesnymous · · Score: 1

      I use credit cards for 99% of my purchases. That way I avoid the issue of dealing with change and refilling on cash. I've never been held responsible for a fraudulent charge.

      Plus using a credit card gives you 5% cashback for various categories of purchases.

    33. Re:Cash and checks by swell · · Score: 3, Insightful

      "I use credit cards for 99% of my purchases. That way I avoid the issue of dealing with change and refilling on cash. I've never been held responsible for a fraudulent charge."

        - OTOH, I use CASH for 90% of my purchases. Only one retailer (a major online company) knows my card number and they are unlikely to leak it. Similarly I have no revealing 'loyalty cards' for grocery & drug store purchases.

      So my wallet is much thinner than yours and I have little fear of identity theft. I carry $200-$400 at all times. If it is stolen, I will be unhappy but not as much as if my identity is stolen.

      I don't think it's anyone's business if I purchase adult diapers or pron or medicines or alcohol. Should I reveal that in return for 'rewards'? You will have to decide for yourself if you want to advertise your lifestyle in exquisite detail to worldwide data marketers.

      --
      ...omphaloskepsis often...
    34. Re:Cash and checks by vux984 · · Score: 1

      Lots of businesses do a cash discount. The only way you dont know about this is because you dont do cash transactions... your loss.

      Most of the business I've dealt with that do a cash discount have nothing at all to do with credit card fees. They are simply committing tax evasion; as a cash transaction lets them avoid putting it on the books. Which is fine, but lets not pretend its because of big bad credit card companies.

      And what does the merchant do when they take a loss? Put prices up to compensate.

      Yes.

      You still end up paying. It's just obfuscated.

      True, but you are paying for it too, so my portion is less than it otherwise would be if I had to pay for the fraud myself.

      You're assuming the bank wont contest it, or charge you for the services. Also, the bank is not obliged to return interchange fees.

      As opposed to the cash in your wallet when it gets lost or stolen. That's just gone.

      Meanwhile I've disputed fraudulent charges a couple times in my life, and lately I've had the bank stop them or reverse them even before I've been involved.

      With NFC on your card, a thief can take your card details without you even getting it out of your pocket because by design, the protocol will give out your name, expiry date and card no. to anything that asks for it. This can be done with off the shelf hardware. A thug doesn't even have to rob you, to rob you. In the end, cards cost more than risk with cash (which is negligible, lower if you consider the huge security flaw in NFC).

      I don't disagree with you, about the abysmal security design.

      And yet I know far far FAR more people who have lost their wallet with cash in it, or had it stolen than have EVER been the victim of NFC fraud.

    35. Re:Cash and checks by vux984 · · Score: 1

      Here's how the cash rewards work. The CC company says "Hey, our Customers are stupid. They pay high interest rates to us for convince. How about we tell these sheep that they can get cash back, while we up their interest rate 1% to pay that cash back.

      As I pay my balance off virtually all the time my rewards cash back far exceeds any interest payments and fees.

      I guess its like the lottery -- a tax on people bad at math. Except unlike the lottery, I can win at this game. And do.

    36. Re:Cash and checks by Anonymous Coward · · Score: 0

      But you pay for every fraudulent charge in the form of higher prices.
      Since there is no "free lunch" and someone has to "eat" your fraudulent charge, the eaters of the fraudulent charges raise their prices to cover the cost of fraudulent charges.
      But your credit score may "take a hit" from a fraudulent-charge-vendor who puts in the "did not" pay information into the credit bureau.
      This happened to me and it caused problems with a car purchase and years later with a house purchase. This vendor's poor behavior (sore loser) is why I do not shop at J. C. Penney since the 1980's

    37. Re:Cash and checks by Anonymous Coward · · Score: 0

      So your time is valueless?
      Is your name Wally?

    38. Re:Cash and checks by bickerdyke · · Score: 1

      I usually use EMV + PIN

      should be safe enough. I wonder why people keep useing those magnetic stripes.

      --
      bickerdyke
    39. Re:Cash and checks by Anonymous Coward · · Score: 0

      But what about the merchants that take some care not to accept stolen/fake credit cards? They take fewer losses and can so raise their prices less, giving them and advantage over less careful merchants.

    40. Re:Cash and checks by josecanuc · · Score: 1

      Often, the rewards are paid out of the merchant's pocket, not even the credit card company or the bank that issued it. Merchants are charged a percentage ranging from about 1% to 4% on purchases. Rewards cards often take the highest percentages.

      In effect, your "cash back" is paid by the person from whom you are purchasing merchandise/services. That results in higher prices, as merchants adjust pricing to meet their net profit needs.

      It's correct that you, the account holder, are paying your own reward, but it's not so direct that it is paid out of interest+fees.

    41. Re:Cash and checks by Salgat · · Score: 1

      I use credit cards for all my purchases and get around $300/year back in rewards. On top of that, all my purchases have additional protections provided by the credit card company. Further, not a single person is liable for any fraudulent charges made on a credit card. I'm having a hard time seeing your point.

    42. Re:Cash and checks by Anonymous Coward · · Score: 0

      I don't think it's anyone's business if I purchase adult diapers or pron or medicines or alcohol.

      You've got quite an exciting evening planned.

    43. Re:Cash and checks by nabsltd · · Score: 1

      Cash takes considerably longer to tender than credit. The customer takes time selecting the bills and coins, the cashier takes time counting it, then enters the amount in the cash register, and after the till opens, they have to count out the customer's change.

      The one assumption you make here is that the credit card user is on the ball, and swipes either before the final total is rung or immediately after. I have seen many customers stand there until the cashier tells them the total, then reach into their wallet/purse and hunt the credit card, swipe it the wrong way, finally get it right, then hit "debit" on a card that is credit only.

      Granted, these same people would likely take even longer to pay with cash, but I can see why some people think that cash is faster, based on anecdotes.

    44. Re:Cash and checks by LordKronos · · Score: 1

      I think the problem with your argument is that you are in a different country (Austrailia) than most of us (US). The laws and processes there appear to be quite different. Here:

      1) There is minimal difficulty in disputing charges. Most banks have the process pretty streamlined, so on the rare occasion it happens, it's relatively simple to deal with and causes you no disruption (at least with credit cards...debit cards can be a little more dicey with the potential for bounced payments and stuff, which is why I never used debit and don't suggest it for most people)
      2) There is minimal risk in using credit. By law you are only liable for $50, but in practice, I've never seen or heard of a bank which holds you liable for even a penny.
      3) There is little to no discount for using cash. Previously, merchants were prohibited from charging extra (either by an extra fee or by raising the price) for credit. They could instead offer a cash discount (ie: lower the price BELOW what was advertised) but very few did. Mostly just gas stations, who would charge up to 10 cents a gallon extra for credit (still worth it to pay credit though, since you can get 5% cash back on gas, thus saving 15-20 cents per gallon). Now the laws have changed to prohibit that restriction, but still pretty much nobody has started charging extra for credit. Merchants want to encourage credit because they believe people spend more with credit, thus they'd loose money by encouraging cash payments. Also, cash is not free. There are also costs with counting it and transporting it. You have to hire an armored truck to take it to the bank, there are more issues with employee theft, and the(probably small) risk of counterfeit money
      4) Rewards are a benefit to those that use them. Yes in theory it would possibly be cheaper for everyone to use cash (assuming cost of card processing is more than the cost of cash handling). However, that's not going to happen. Even if I switch to cash, there's no way everyone else is going to do the same. Its sort of like the prisoners dilemma on a massive scale...even if a large number of people agreed to cooperate, there's still enough people to screw it up for everyone else. So all I am doing by not taking advantage of rewards is leaving money on the table. I'm still paying the cost of card processing (since it's built into the regular pricing, not a separate fee) but not getting the benefit of the cash back.

      In summary, however things may be over in Australia, over here in the US the current system (ie: the way things are currently setup, not the ideal system that would theoretically materialize if everyone agreed to start using cash ) is setup such that credit cards have huge benefits with pretty much no downsides. The only real downside is for people who can't control their spending and thus would get themselves into trouble using credit cards.

    45. Re:Cash and checks by nitehawk214 · · Score: 1

      I use cash or checks for 99% of my purchases. That way I avoid this issue. I'm also an old guy so "Get off my lawn!"

      If you use personal checks for everything, are a complete fool. Checks are trivially easy to fake. All they need is your bank account number, helpfully printed in clear text on the front of the check. The bank's routing number is published information. There is absolutely no protection in the personal check system.

      Your name does not need to be on the check they create. All they need is an ID from somebody, and that person's name on the check. There is no protection built into the system at all.

      If you do have your number stolen by, say, any person that gets to look at your check, then your bank account is empty for a few months until the bank bothers to get around to investigating it.

      For the times I just need to have a check, money orders and cashiers checks; my bank provides both for no charge.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    46. Re:Cash and checks by nitehawk214 · · Score: 1

      Tedious? Then you have the wrong credit card.

      Every time this has happened to me with any card, they call me and ask me if I had made a few recent purchases. If I say no to any of them, they cancel the card and immediately ship me a new one. Max time 10 minutes. I need to type in the card number every time I make a purchase online anyhow. If I have to make a purchase in the couple of days it takes for the new card to arrive... I use a different card.

      When your bank account is cleaned out, you are without money for some extended period of time, including the money you were going to use to pay your credit cards.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    47. Re:Cash and checks by nitehawk214 · · Score: 1

      Is it a real issue or a theoretical issue? I've seen a few fraudulent charges over the years, and the bank has never given me any greif over any of them.

      Not really, the average loss from credit card fraud is $500, it costs Australia $2 billion annually. Eventually this costs comes back to you.

      Because nobody would commit fraud if credit cards did not exist.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    48. Re:Cash and checks by nitehawk214 · · Score: 1

      Considering that cashiers can hardly do math anymore even when the POS tells them which bills to provide in change... cards are much faster.

      (Not that I blame them, I can hardly do basic math either. That is what the computer is for.)

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    49. Re:Cash and checks by BronsCon · · Score: 1

      My bank has an automated phone menu for it! I choose the option and it takes me through a list of transactions, allowing me to press 1 if fraudulent or 2 of legit. It's been a while, but I seem to recall being asked the date and amount of the oldest fraudulent transaction before the list review began; ostensibly to determine where the review should stop. The temporary credit was immediate, I got a phone call the next day to confirm that I had, in fact, meant to report fraud, and received a letter within a week, informing me that me claim had been processed and the transactions had been removed from my account. This was with Capital One; they have a few other practices I'm not too fond of, but I can avoid those by simply using my card responsibly.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    50. Re:Cash and checks by kilodelta · · Score: 1

      I tend to use a business debit card. Has essentially the same liability limits a credit card does. Better yet - my bank is proactive. All I have to do is call and dispute charges and I'm sent a new card a couple days later. Works great.

    51. Re:Cash and checks by Anonymous Coward · · Score: 0

      Are there really that many people who are that fucking stupid?

      "Cash Back" is nothing more than the cc company charging you less of percentage, but rather than let you keep your money at the point of purchase, they hold it and accrue interest on it, then let you have it - "it" being YOUR FUCKING MONEY - back at a later time.

      Boy, you sure are lucky that your cc company lets you have your OWN FUCKING $200 dollars back at the end of the year! What a benefit!

    52. Re:Cash and checks by vux984 · · Score: 1

      It's correct that you, the account holder, are paying your own reward, but it's not so direct that it is paid out of interest+fees.

      In that case, not using a rewards card means I'm paying for other peoples rewards, and not getting any myself; so I'm still ahead using a rewards card vs not using one.

    53. Re:Cash and checks by Anonymous Coward · · Score: 0

      The one assumption you make here is that the credit card user is on the ball

      The same can be said about people paying with cash though. Even when they have their cash ready they always seem to hear a total like 47.25 and then they realize it is a chance to get rid of a quarter so after they were prepared to pay with just bills they have to go digging for change.

      However I worked a gas station till for 6 years and in a small business CC terminals are often over telephone lines since that is much cheaper. After that length of time behind a till I could ring up, get the cash, and make change twice before I could get a single CC customer through due to the modem needing to connect (assuming the cash customers were on the ball).

    54. Re:Cash and checks by Anonymous Coward · · Score: 0

      Other than the fact that no one accepts them anymore. You can't use them fraudulently if you can't find anywhere to use them!

  2. Just P.F. Changs? by Anonymous Coward · · Score: 0

    Haven't been to P.F Changs in a long time, but I have been to Pei Wei between March and May. Wonder if I should be worried about that.

    1. Re:Just P.F. Changs? by TWX · · Score: 2

      I was wondering the exact same thing. They don't like to make it known that they're the same company, so I wonder if they use the same CC processing system or not.

      --
      Do not look into laser with remaining eye.
    2. Re:Just P.F. Changs? by Anonymous Coward · · Score: 0

      I was wondering the exact same thing. They don't like to make it known that they're the same company, so I wonder if they use the same CC processing system or not.

      Even if they don't use the same CC processor, if the attack was aimed at the Point of Sale system and the companies have their networks linked and/or they're using the same Point of Sale systems, it's possible that both were hit in the same attack. The Target breach (and several subsequent breaches) involved special memory-scraping malware loaded on the Point of Sale system. This scraped the Credit Card data long before it ever got to the Credit Card processor.

      Reference: http://krebsonsecurity.com/201...

  3. Someone's let the POS out of the bag! by mveloso · · Score: 4, Interesting

    If it's stripe data, that implies the POS readers were compromised, just like Target. Interesting.

    1. Re:Someone's let the POS out of the bag! by Nyder · · Score: 2

      If it's stripe data, that implies the POS readers were compromised, just like Target. Interesting.

      Yes, they have been compromised at the factory, which I stated in the Target Breaches, but no ones to believe because I will NOT name my sources.

      --
      Be seeing you...
    2. Re:Someone's let the POS out of the bag! by rtb61 · · Score: 1

      It seems like all the POS compromises were inside jobs of one description or another. Pay minimum wage, chop and change employees, means you system will get compromised, it is just a matter of time. Looks like all instore purchase will require cameras at the checkout to to photograph every person making a credit card purchase. All deliveries based upon online credit card purchases will require an identified and photographed individual to accept them (skype could become popular for online purchase, no video confirmation and record, no sale). This to set up a trail to track for fraudulent activity to find the gang and the insiders.

      --
      Chaos - everything, everywhere, everywhen
    3. Re:Someone's let the POS out of the bag! by nitehawk214 · · Score: 3, Insightful

      If it's stripe data, that implies the POS readers were compromised, just like Target. Interesting.

      Yes, they have been compromised at the factory, which I stated in the Target Breaches, but no ones to believe because I will NOT name my sources.

      And you are cross at people for believing your claim with no evidence? You must be religious.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
  4. Why are these numbers stored? by Anonymous Coward · · Score: 0

    Why are merchants even allowed to store these numbers? Shouldn't the numbers be part of a transaction and that's the end of it? And, if there is some reason the numbers must be stored why are they not encrypted? WTF?!

    1. Re:Why are these numbers stored? by preaction · · Score: 1

      Because PCI compliance means security! Brought to you by my PCI Compliance Consulting Firm.

    2. Re:Why are these numbers stored? by ThatsMyNick · · Score: 2

      Nothing in the article says they stored these numbers. Target had their card readers compromised. It could be the same case here.

    3. Re:Why are these numbers stored? by Centurix · · Score: 1

      Exactly, there's no law to prohibit anyone from storing CC information, just a strong suggestion not to. Best practice preaches PCI/DSS compliance, but really it's the CC schemes that are broken. The schemes represent a compromise between convenience and 'security'. Here's an interesting Twitter stream: Need A Debit Card?, some even post photographs of both sides of the card and then wonder why their accounts are empty.

      --
      Task Mangler
    4. Re:Why are these numbers stored? by philip.paradis · · Score: 1

      PCI/DSS isn't simply about being able to claim nebulous adherence to "best practices"; it's about an organization's ability to maintain a business relationship with their customers and an upstream merchant account provider under certain agreed upon minimum standards for data security. Quoting PCI Data Storage Do’s and Don’ts:

      Do not store sensitive authentication data contained in the payment card’s storage chip or full magnetic stripe, including the printed 3-4 digit card validation code on the front or back of the payment card after authorization.

      This point in particular is not flexible in nature. Storing that specific information, or failing to take specific steps to secure the access perimeter and specific systems through which said information traverses, are quick routes to termination of a merchant agreement. Such failures may also expose a business to significant legal liability; litigation rapidly becomes impressively expensive in the event of a breach whereby it comes to light that the business in question failed to follow basic PCI/DSS tenets, and said legal proceedings may turn into an even greater circus if dominant upstream EFT players such as Visa, etc believe there is reason to assume negligence on the part of an auditing firm that supposedly delivered a satisfactory report on compliance to the errant business. Reference the recent Target debacle for a fine example of such complications.

      There are no magic bullets, but there are baselines. Those baselines could certainly use significant improvement, but that doesn't matter much if the business servicing the consumer doesn't care to consider even basic adherence to agreed upon information security standards as a critical factor.

      --
      Write failed: Broken pipe
    5. Re:Why are these numbers stored? by nitehawk214 · · Score: 1

      What the fuck. That twitter feed might as well be titled "the stupidest people in the world".

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
  5. You got served by Anonymous Coward · · Score: 0

    Literally

  6. Why do companies keep this data? by Anonymous Coward · · Score: 0

    Process the transaction, but why the hell do companies keep this data?

    1. Re:Why do companies keep this data? by Anonymous Coward · · Score: 1

      Because when deadbeat freeloaders file chargebacks they have to have the data to prove they actually swiped a card.

  7. Bad naming choice by Tablizer · · Score: 1

    Target store is going to change its name to Kick Me.

    --
    Table-ized A.I.
  8. The official response from PF Changs here: by Anonymous Coward · · Score: 0

    https://www.youtube.com/watch?v=85HEH3y45bM

  9. Read the fine print by dale.furno · · Score: 0

    Read the fine print, it says they get to cut off your dick.

  10. My balance was over the limit... by uCallHimDrJ0NES · · Score: 1

    ...but half an hour later, it was empty again.

    --
    Cloudiot: A person who does not see offsite storage as a way to lose control over access to his or her own data.
  11. So, I guess these were by Anonymous Coward · · Score: 0

    Chinese hackers?

  12. Restaurants etc. by the+eric+conspiracy · · Score: 1

    Minimize the number of places you expose your CC numbers. Pay cash where feasible. Use debit cards ONLY at bank terminals. Be especially careful at restaurants and gas stations.

    1. Re:Restaurants etc. by vux984 · · Score: 3, Insightful

      Minimize the number of places you expose your CC numbers. Pay cash where feasible. Use debit cards ONLY at bank terminals. Be especially careful at restaurants and gas stations.

      Or, if your in good standing with your bank, don't worry about it. The banks are good about fraudulent charges in the civilized world.

    2. Re:Restaurants etc. by TWX · · Score: 1

      I really wish that this was possible, but some places like Costco don't take credit except from a single card (AMEX), and buying things at Costco with cash could itself be risky given the amount of cash one would need to carry. Plus they only take plastic at their fuel pumps.

      --
      Do not look into laser with remaining eye.
    3. Re:Restaurants etc. by mythosaz · · Score: 1

      Costco might not take other CREDIT cards, but they POS debit just fine.

      Aside, any AMEX will work as a Costco card to activate their gas pumps, for membership gas prices without membership. Any Discover does the same at Sam's gas pumps. [At least until later this year when they phase out Discover.]

    4. Re:Restaurants etc. by Anonymous Coward · · Score: 0

      It sounds like Costco is by your own admission putting its customers at unnecessary risk. Why not shop elsewhere?

    5. Re:Restaurants etc. by Anonymous Coward · · Score: 0

      I really wish that this was possible, but some places like Costco don't take credit except from a single card (AMEX), and buying things at Costco with cash could itself be risky given the amount of cash one would need to carry. Plus they only take plastic at their fuel pumps.

      If you worry about carrying cash for groceries, perhaps it is time to move to a new neigborhood.

    6. Re:Restaurants etc. by mjwx · · Score: 0

      Minimize the number of places you expose your CC numbers. Pay cash where feasible. Use debit cards ONLY at bank terminals. Be especially careful at restaurants and gas stations.

      Or, if your in good standing with your bank, don't worry about it. The banks are good about fraudulent charges in the civilized world.

      This really has to be one of the most naive things I've heard in a long time.

      Sadly I hear it quite often.

      "The bank will look after me, the bank's got my back".

      Why do you think the bank wont drop you like a hot brick if you become too much of a liability? Why do you think the bank actually works for you and not the shareholders?

      I'm not a paranoid nutcase, I'm happy to use the services of a bank but I also know that they will try to screw me over as much as possible. That's their business, to make money.., from me... I cant hate them for being a profit oriented business, but I can ensure it costs me as little as possible. So no, the bank is not my friend, it has not got my back and it not to be trusted.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    7. Re:Restaurants etc. by khellendros1984 · · Score: 1

      "Elsewhere" doesn't sell in bulk or at Costco's prices, while also paying their employees better than most large chain stores. And the Kirkland brand is pretty good, all around.

      --
      It is pitch black. You are likely to be eaten by a grue.
    8. Re:Restaurants etc. by Anonymous Coward · · Score: 0

      Use debit cards ONLY at bank terminals.

      Ha. About a year ago I went to my bank to withdraw some cash. It was around 10 pm, so the bank was closed, but the front machines were available.

      The machine looked a bit odd, so I took a closer look before inserting my card - there was a skimmer on the machine. It blended in very well.

      I called my bank using the number on the back of my card, and got someone in their call center who didn't seem that interested.

      So I called the police, and they were very interested, since someone was probably going to come back and pick up the skimmer...

    9. Re:Restaurants etc. by wisnoskij · · Score: 1

      Carry hundreds of dollars worth of cash around with you at all times = security.

      --
      Troll is not a replacement for I disagree.
    10. Re:Restaurants etc. by ewieling · · Score: 1

      I do similar things. Yes, it can help prevent credit card fraud and the hassle associated with it, but I am far more concerned about the privacy implications of using plastic for everything.

      --
      I really shouldn't have used someone else's email address for this account.
    11. Re:Restaurants etc. by Anonymous Coward · · Score: 0

      Ugh I spend $50K a year through the credit card. Someone got our numbers somehow once and ran up few grand, we didn't have to pay a dime. The GP is spot on, the bank will go to the bat for you.

    12. Re:Restaurants etc. by vux984 · · Score: 1

      Why do you think the bank actually works for you...

      I have no such illusion. I am not a liability. They make money off me. I presume they take about 3% of everything I run through the card, less the 1% they send back to me... So, 2% is theirs.

      If they had to choose between eating a few fraudulent charges, and losing me as a customer they'd eat the charges. So, no, I'm not being naive. I know exactly what I'm worth to them.

    13. Re:Restaurants etc. by Trax3001BBS · · Score: 1

      Ugh I spend $50K a year through the credit card. Someone got our numbers somehow once and ran up few grand, we didn't have to pay a dime. The GP is spot on, the bank will go to the bat for you.

      I had a $1000 draw on my account from Mexico, I reported it to the bank and they said they'd check the signature and if all was in order I wouldn't be charged for it.

      I mentioned I didn't think it worked that way, come to find out my Mom traveled to Mexico as dental charges were dirt cheap.
      being a tad old she used the wrong card.

    14. Re:Restaurants etc. by nitehawk214 · · Score: 1

      "The bank will look after me, the bank's got my back".

      Because if the bank doesn't have my back, I take my money elsewhere.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    15. Re:Restaurants etc. by phorm · · Score: 1

      Why does your *mom* have a card to *your* bank account?

      You're close enough to your parent to have her with a direct line into your banking, but not enough to know when she's travelling to a foreign country for medical purposes?

      Sorry, just seems to be a bit odd to me.

    16. Re:Restaurants etc. by Trax3001BBS · · Score: 1

      Why does your *mom* have a card to *your* bank account?

      Was sure that was going to come up. My Mom was my Money Manager, it worked out very well she paid all my bills with my money and gave me an allowance each week. It worked as I mentioned very well for me. For some reason he had her savings account as part of my account. She's getting a bit (well a lot forgetful) when asked where to take the money from (in Mexico) she mentioned the wrong one account, and the end of me having a money manager.

    17. Re:Restaurants etc. by Trax3001BBS · · Score: 1

      Why does your *mom* have a card to *your* bank account?

      Was sure that was going to come up. My Mom was my Money Manager, it worked out very well she paid all my bills with my money and gave me an allowance each week.

      When I took back control of my money, Bank of America asked if I wanted a Credit Card, I mentioned I don't trust myself with a credit card, I only purchase what I can afford. I got a credit card two weeks later.

    18. Re:Restaurants etc. by pantaril · · Score: 1

      Or, if your in good standing with your bank, don't worry about it. The banks are good about fraudulent charges in the civilized world.

      But who eats the loss? I seriously doubt it's the bank. AFAIK they bill the merchant which means there IS problem (because the merchant will project those chargebacks into the price of his goods).

      The right solution is payment system where you don't give your secret keys when you make a payment. For example bitcoin or other cryptocurrencies.

  13. Use Bitcoin already! by ASDFnz · · Score: 1

    And yes, I am serious. I am now going to get my flame suite on though.

    1. Re:Use Bitcoin already! by Anonymous Coward · · Score: 0

      And yes, I am serious. I am now going to get my flame suite on though.

      I would, except I had them all deposited at Mt. Gox.

    2. Re:Use Bitcoin already! by ASDFnz · · Score: 1

      I would, except I had them all deposited at Mt. Gox.

      Touché

      I as meaning the public/private key technology though and not a crooked company involved with it though.

      When all said and done, you can "hack" a credit card with a pen and paper, even a photocopier will work. The system as archaic and in need of a replacement.

    3. Re:Use Bitcoin already! by ASDFnz · · Score: 1

      The system as archaic and in need of a replacement.

      Gonna troll myself here... you meant is not as you fat fingered dumbass.

  14. If you're eating at P.F. Chang's... by Patent+Lover · · Score: 1

    ... you have bigger damage to worry about than your credit, like your colon.

    1. Re: If you're eating at P.F. Chang's... by Anonymous Coward · · Score: 0

      That's why for Chinese food I always go to Shitty Wok.

  15. Got a call from my CC fraud dept today by Poisonous+Drool · · Score: 1

    There were two suspicious charges in New York state: $20 at Burger King and $300 at Kohls, both declined (yah!). I used that CC at PF Changes in late March.

    1. Re:Got a call from my CC fraud dept today by freeze128 · · Score: 1

      Wow! I was going to say that the criminals seem to be getting smarter, but your post is evidence otherwise.

      "Gee, this card can't handle a $20 charge for lunch, so I'll try to buy something MORE expensive with it...."

  16. CC Fraud vs Bitcoin by codebonobo · · Score: 1

    The thing I like about bitcoin is it allows the user to determine how secure or insecure they wish to be while with credit cards they are dependent upon multiple third parties security measures and the weakest link in the chain can expose you to fraud. I never had an issue with fraud in Bitcoin and have had multiple issues with fraud with debit/cc's where I needed to get replacement cards and was liable for the deductible.

    When I pay a retailer with Bitcoin I don't have to worry about identity theft or my account being compromised.

    1. Re:CC Fraud vs Bitcoin by ASDFnz · · Score: 1

      I cannot agree more, I even just bogged about it;-

      http://mineforeman.com/2014/06...

      Bitcoin's public/private key system avoids the issue all together.

      With a credit card when you hand over your plastic you have effectively just handed over you private key for someone to copy with a magnetic strip reader, a photocopier or even something as old school like a pen and paper.

  17. WHY ARE YOU STORING CC NUMBERS? by Anonymous Coward · · Score: 0

    WHY ARE YOU STORING CREDIT CARD NUMBERS? Run it, get the transaction/confirmation code, and shred it. Jesus christ, you might as well just use carbon paper and throw the carbons on the floor of your restaurant.

  18. BDO ... BDO by Anonymous Coward · · Score: 0

    [Pilot] Bang Ding OU Bang Ding OU

    [Chink Controller] Wa Da Wong ... Wa Da Wong

    [Pilot] WE TU WO ... WE TU WO.

    [Chink Controller] U Da WABR ... U Da WABR.

    [Pilot] HO RE FUK .. HO RE FUK.

    [Chink Controller] TUN PU HA ... TUN PU HA.

    [Pilot] Bang Ding OU.

  19. Credit card Security is a none term by Trax3001BBS · · Score: 1

    The only way almost all credit card thefts have been realized is their sale on different web sites. These Security personal check the sites at regular intervals (or informed of them) then point and say AH! HA!

    1. Re:Credit card Security is a none term by Trax3001BBS · · Score: 1

      none = non

  20. Almost, but not quite by Powercntrl · · Score: 1

    Bitcoin does solve the issue of being able to electronically pay people you may not trust, but so does PayPal. Bitcoin transactions are slow to confirm, you have no protection as a buyer to perform a chargeback (for example, you buy tickets for a concert that turn out to be counterfeit) and the price of Bitcoin is extremely unstable. Bitcoin also is not really free of transaction fees, either. You will pay a fee to an exchange when buying Bitcoin with fiat.

    Bitcoin's deflationary design also makes it lousy as a currency, since why would you use it to buy two pizzas today when that same amount a few years from now might buy you a Tesla Model S?

    Cryptocurrency probably does have a place in the future of commerce, but it will probably be something that addresses Bitcoin's serious shortcomings.

    --

    ---
    DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
    1. Re:Almost, but not quite by codebonobo · · Score: 1

      I am going to stay ontopic rather than discuss all of your statements.

      Bitcoin does solve the issue of being able to electronically pay people you may not trust, but so does PayPal.

      Isn't the chargeback potential a risk under paypal not found for bitcoin? When someone gets paid the charge can be reversed at any time per Paypal's discretion. Thieves will buy bitcoins all the time on ebay with stolen paypal accounts and than the seller will be out all the money when paypal reverses the transaction. Additionally, isn't paypals security polices also a risk for the user unlike with bitcoin where you can trust the mathematics and network which is immune from many traditional attack vectors?

    2. Re:Almost, but not quite by Anonymous Coward · · Score: 0

      Bitcoin transactions are slow to confirm

      Which is about the same as paypal, but when paypal finally decides that last transaction didn't work after all, they freeze your bank account. With bitcoin you're out whatever you sold.

    3. Re:Almost, but not quite by Powercntrl · · Score: 1

      Isn't the chargeback potential a risk under paypal not found for bitcoin? When someone gets paid the charge can be reversed at any time per Paypal's discretion. Thieves will buy bitcoins all the time on ebay with stolen paypal accounts and than the seller will be out all the money when paypal reverses the transaction. Additionally, isn't paypals security polices also a risk for the user unlike with bitcoin where you can trust the mathematics and network which is immune from many traditional attack vectors?

      Yes, chargebacks are a potential fraud risk for business owners. As a customer, though, being able to perform a chargeback is an important safeguard against a seller that doesn't make good on their part of a transaction.

      While having your bank/credit card information on file at PayPal is also a potential security risk, it's still significantly less of a risk than trusting every business you allow to directly process your credit card.

      --

      ---
      DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
  21. Massive Breach? by Fnord666 · · Score: 1

    And by massive they mean "On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so...". Hardly on the scale of the Target breach so far.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  22. Chip and pin? by Anonymous Coward · · Score: 0

    Why isn't the USA using chip and pin? In the EC this type of fraud does not work.

  23. China is 3rd most visited country. by Moskit · · Score: 1

    Given that China is the 3rd most visited country in the world, this is probably not nationwide problem, but also for tourists who have been there and have paid with credit card at this China bistro chain.

    It's good that such a problem hasn't happened in one of European countries, or in USA, because the problem would have likely been much bigger due to larger base of people using credit cards.

    (here's hopelessly hoping that editors do better job writing "articles" outside their US-only minds)