“The data breach did not affect online purchases, the company said.”
Eventually the net is going to be the last, best frontier for human liberty. Before the Left subverts it.
What did they do, run a back line between the stores and the authentication servers? Or did they do a physical hack tap of the readers themselves?
May the odds be in your favor. As long as it is allowed, the window of opportunity is closing, cash is where it is at. Once all market place transactions must be conducted electronically (coming soon) local markets, based upon barter or local currency, will prevail in flyover country.
OTOH, one way or another, we in flyover country and in the leftist demonized south, shall go our own way and woe be to those who resist our decision.
Parker, there’s some various services floating around that lets you buy precious metals and store it in Zurich, Switzerland.
Even if the currency crashes, that’s how the rich keep themselves afloat. Other than off shore bank accounts that the assets and interests aren’t taxed.
Hasn’t there already been a move by the Auld Lefty Enemy to outlaw or sunset cash?
All the better to track and control you, my dear!
Heck, the data was probably stolen by the NSC.
Waidmann
I heard ACORN is looking for the next child prostitution importation ring. They need to move some funds around.
I work at Walmart, and the store “upgraded” their credit card machine software a couple of months ago. As far as I can tell, there were no actual improvements to the system but some things are different now:
— Machine used to ask you if you wanted cash back as 3rd or 4th step in the process. Now, it’s the 1st step.
— Machine used to make you give signature if purchase was over $50 (for credit cards). Now, nobody knows what the criterion is: I’ve seen people sign at $25, and others not have to sign at over $125.
— Machine used to ask for the 3-digit security code on the back of the card maybe 10% of the time. Now, it’s about 50% of the time…maybe more.
As far as I can tell, there is no actual improvement in user experience. Moving the cash back question to #1 may be an attempt to get more people asking for cash (maybe there’s some sort of kickback for that?). There seems to be little reason for the 3-digit code all the time, but it would expose the users’ data…either to hackers or the government.
The 3 digit code ensures that the person actually has the real card in his possession. It is not stored as part of the transaction. In this regard, it does reduce the incident of fraud. I would suspect that the varying levels of signature required was developed with that in mind.
There are benefits, but not for the user.
Ymarsakar Says:
What did they do, run a back line between the stores and the authentication servers? Or did they do a physical hack tap of the readers themselves?
While it’s currently unknown, the reasonable, professional guesses are that it occurred just a bit upstread of the point-of-sale card terminals, and very soon after the swipes too. It’s sort of unlikely – albeit not impossible – that the compromises were of the POS terminals themselves: The breach involved around 40-some million cards, and to get that many you’d have to presume tens of thousands of terminals compromised. That’s not impossible and will get looked at, but it’s unlikely enough to where the main focus should be elsewhere. Go far enough upstream and you only need a single breach where the data aggregates.
But at the same time, the breach cannot be too far upstream. Target reported the CVV1 numbers were also stolen (http://en.wikipedia.org/wiki/Card_security_code; they’re not the 3 digit code printed on the back – that’s the CVV2 number – but rather a separate one recorded onto the magnetic strip). And the Payment Card Industry standard forbids storing those beyond the point of payment authorization. That is theoretically a short period of time (ideally within seconds to minutes; in the real world, since processing may be done in batches, it could be as much as a day).
So the initial conclusion is that it happened happened between the customer swip and Target’s systems getting authorization from the payment processors. While that’s not a pinpoint spot, it *does* eliminate entire swaths of the payment processing procedure.
Can that be wrong? Yes, but many of the other points of potential failure would mean not only that Target screwed up, but that the Payment Card Industry designated auditor screwed up in auditing Target’s compliance (large merchants are required to submit to regular, recurring audits and system scans as often as every quarter). Not impossible, sure, but again it’s not likley.
That’s an interesting analysis, EMH, thx.
Leave a Reply
HTML tags allowed in your
comment: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
I told ya!
http://buzzlamp.com/21-classic-photobombs-2/6/
Up there with, “You got me a caaAHHT?”
“The data breach did not affect online purchases, the company said.”
Eventually the net is going to be the last, best frontier for human liberty. Before the Left subverts it.
What did they do, run a back line between the stores and the authentication servers? Or did they do a physical hack tap of the readers themselves?
May the odds be in your favor. As long as it is allowed, the window of opportunity is closing, cash is where it is at. Once all market place transactions must be conducted electronically (coming soon) local markets, based upon barter or local currency, will prevail in flyover country.
OTOH, one way or another, we in flyover country and in the leftist demonized south, shall go our own way and woe be to those who resist our decision.
Parker, there’s some various services floating around that lets you buy precious metals and store it in Zurich, Switzerland.
Even if the currency crashes, that’s how the rich keep themselves afloat. Other than off shore bank accounts that the assets and interests aren’t taxed.
Hasn’t there already been a move by the Auld Lefty Enemy to outlaw or sunset cash?
All the better to track and control you, my dear!
Heck, the data was probably stolen by the NSC.
Waidmann
I heard ACORN is looking for the next child prostitution importation ring. They need to move some funds around.
I work at Walmart, and the store “upgraded” their credit card machine software a couple of months ago. As far as I can tell, there were no actual improvements to the system but some things are different now:
— Machine used to ask you if you wanted cash back as 3rd or 4th step in the process. Now, it’s the 1st step.
— Machine used to make you give signature if purchase was over $50 (for credit cards). Now, nobody knows what the criterion is: I’ve seen people sign at $25, and others not have to sign at over $125.
— Machine used to ask for the 3-digit security code on the back of the card maybe 10% of the time. Now, it’s about 50% of the time…maybe more.
As far as I can tell, there is no actual improvement in user experience. Moving the cash back question to #1 may be an attempt to get more people asking for cash (maybe there’s some sort of kickback for that?). There seems to be little reason for the 3-digit code all the time, but it would expose the users’ data…either to hackers or the government.
I don’t like it.
Here are the rules for payment card security.
https://www.pcisecuritystandards.org/security_standards/index.php
The 3 digit code ensures that the person actually has the real card in his possession. It is not stored as part of the transaction. In this regard, it does reduce the incident of fraud. I would suspect that the varying levels of signature required was developed with that in mind.
There are benefits, but not for the user.
While it’s currently unknown, the reasonable, professional guesses are that it occurred just a bit upstread of the point-of-sale card terminals, and very soon after the swipes too. It’s sort of unlikely – albeit not impossible – that the compromises were of the POS terminals themselves: The breach involved around 40-some million cards, and to get that many you’d have to presume tens of thousands of terminals compromised. That’s not impossible and will get looked at, but it’s unlikely enough to where the main focus should be elsewhere. Go far enough upstream and you only need a single breach where the data aggregates.
But at the same time, the breach cannot be too far upstream. Target reported the CVV1 numbers were also stolen (http://en.wikipedia.org/wiki/Card_security_code; they’re not the 3 digit code printed on the back – that’s the CVV2 number – but rather a separate one recorded onto the magnetic strip). And the Payment Card Industry standard forbids storing those beyond the point of payment authorization. That is theoretically a short period of time (ideally within seconds to minutes; in the real world, since processing may be done in batches, it could be as much as a day).
So the initial conclusion is that it happened happened between the customer swip and Target’s systems getting authorization from the payment processors. While that’s not a pinpoint spot, it *does* eliminate entire swaths of the payment processing procedure.
Can that be wrong? Yes, but many of the other points of potential failure would mean not only that Target screwed up, but that the Payment Card Industry designated auditor screwed up in auditing Target’s compliance (large merchants are required to submit to regular, recurring audits and system scans as often as every quarter). Not impossible, sure, but again it’s not likley.
That’s an interesting analysis, EMH, thx.