Banks Report Credit Card Breach At Home Depot

criticalmass24 sends news that multiple banks are indicating Home Depot stores are the source of a new batch of stolen credit cards and debit cards that hit the black market today. "There are signs that the perpetrators of this apparent breach may be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others. The banks contacted by this reporter all purchased their customers’ cards from the same underground store – rescator[dot]cc — which on Sept. 2 moved two massive new batches of stolen cards onto the market." Home Depot is aware of the situation, and says they're investigating. The banks say this breach may have begun as early as April or May of this year and may extend to all 2,200 of Home Depot's U.S. stores.

Chip and PIN

[DigiShaman]

Fuckers! Implement it like yesterday!!!

Tell you what. You want me to continue to shop at the B&M stores, then do this. Otherwise, It's Amazon for me.

Re:Chip and PIN

[Russ1642]

Big deal. You're not on the hook for the fraudulent charges. You just have to check your bill and maybe your CC issuer will give you another card.

Re:Chip and PIN

[ctime]

The problem is that these data compromises are going to happen and that the current magnetic strip technology is laughably obsolete and insecure. Chip + PIN effectively mitigates the weakness in magnetic strip data by embedding a chip (physical, something you have) and a pin (something you know) into the transaction process, plus many other security enhancements. Current magnetic strip cards are authenticated purely by a string of digits (something you know) and are easily copied and reproduced.

Read all about it here: http://en.wikipedia.org/wiki/E...

Chip + pin WILL be happening in America. http://blogs.wsj.com/corporate...

NFC-based payment system may have a chance to become popular in the mean time.

Re:Chip and PIN

[Russ1642]

FOAD. I'd prefer the banks implemented security so I wouldn't have to go through a bureaucratic mess to get back my property.

And what property of yours is missing? I'm thinking it's your sanity.

Re:Chip and PIN

[msauve]

"You're not on the hook for the fraudulent charges."

That's not it - you're simply not clear on the concept. Those costs are paid by the consumer, through higher prices and/or fees.

Re:Chip and PIN

[jjhall]

Well, for one I have to spend my time to submit a fraud report to my bank. If using my debit card, the money is gone until the fraud is confirmed. Second, I have to wait for a new card to arrive in the mail, then try to remember who I have set up on automatic payments using my old card. Call each one of them or visit their website to enter in the new numbers. The ones that I forget will possibly result in account suspensions, etc, until after the new number is entered. Fees may be charged, which most of the time will be waived but that again takes more time to deal with.

The credit card companies need to fix this, and chip/pin is not the answer. It should solve retail store card theft, but as online purchasing becomes more and more popular, chip/pin will do nothing to combat it. We need a rotating pin device, similar to PayPal and World of Warcraft uses, and tie that number to the authorization. That number/pin combo would be useless for future transactions other than follow-on transactions to/from the same merchant for subscription or refund purposes. That way when a card number is compromised it is useless since the attacker won't be trying to get more money for the original merchant. Instead the card issuers just tout "$0 fraud liability!!!11!!!1!" to the consumers and pass the buck off to the merchants. Chargback fees from merchants are a profit center for card issuers, so why would they want to fix the problem?

Re:Chip and PIN

[geekoid]

Yes it will, and then it will be compromised. Chip and Pin* has known defects.
NFC is also broken.

Digital money is a dead end.

*Sounds like a kids cartoon about encryption.

Re:Chip and PIN

[PopeRatzo]

What do you care? the CC company pays for it, and they send you a new card.

As has already been pointed out, no, it's you that pays for it in fees.

The current interest rate on savings is what about 1%? Banks can take that money and charge 18-24%. They've got a license to print money. Do you really think they're just going to eat the loss? They're passing it on to you in dribs and drabs.

Re:Chip and PIN

[ASDFnz]

Bitcoin would be a better solution

Re:Instead of naming stores

[rickb928]

It's not NCR, IBM, etc. It's Ingentico, Verifone, the other terminal makers, and the acquirers (Paymentech, First Data, etc) that handle the data, but Home Depot needs to secure the transmission of that. And I bet most of this was skimmed off of databases that needed to be another layer away from intruders.

There is no such thing as absolute security.

They store credit card data with the transaction

[kbahey]

Home Depot stores credit cards with the transactions.

I know this because when you go to return something I bought, they don't ask you for the credit card, and sort of highlight that this is a convenience that is unique to Home Depot.

I complained more than once to the cashiers about storing credit card numbers (it is not their fault, it is management and IT). The cashiers would say: "Don't worry, we don't have access to it!"

My response was: it is not you whom I am worried about.

Now we know that storing credit cards is a bad idea, and why ...