Target Payment Card Hack

Dec 27, 2013 by

TargetYou’ve probably read about the great Target credit card data heist. Here’s what Target is so far admitting:

  • From Black Friday through December 15, hackers compromised Target’s credit/debit card processing system, jeopardizing the security of 40 million credit card accounts.
    (10 January 2014 update: Target now says 70 million accounts were stolen.)
  • Stolen data includes customer names, credit and debit card numbers, card expiration dates, and CVVs (card verification values—that 3-digit code on the back of your card).
  • Shoppers at US Target stores only are potentially affected.

In short, the hackers got everything they need to manufacture duplicate credit and debit cards.

Is Your Bank Account in Jeopardy?

Since debit card numbers were stolen, a logical question would be could someone re-create my debit card and withdraw funds from my bank account?

Target says no, claiming that PINs needed to use a debit card were not stolen. (December 28 update: Target now concedes that PINs were indeed stolen in the hack, but that the PIN data was encrypted, so not to worry. My comment in the next paragraph pertains to this too.)

If I’d shopped at a U.S. Target, I would not trust this assurance from Target. According to CNN, one California attorney (who will be cashing in on suing Target) says he has clients who claim unauthorized ATM withdrawals have been made from their accounts.

I would contact my bank immediately and ask that my debit card be cancelled and a new one issued with a new debit card number and PIN. I wouldn’t settle just for changing the PIN on my current debit card. PINs can be guessed. And you should understand the difference between credit and debit card consumer fraud protection. While consumers generally are protected against fraudulent credit card transactions, you may be more vulnerable to fraudulent debit card use. Ask your bank.

And I’d immediately cancel any credit card I’d used at Target during November 27 – December 15 and ask for a new card to be issued with a new account number. Yes, typically cardholders aren’t liable for fraudulent credit card purchases they report promptly, but getting a new card is not a big hassle, so why not just do it? Also, don’t wait for your next credit card statement to learn whether you’ve been victimized. Check your account online right away, and report immediately to the card issuer any charges you do not recognize.

What Target is Offering Those Affected

If Target determines you’ve been affected by the hack, then it will pay for free credit monitoring service for you.

If what Target claims is true—that PINs, Social Security numbers, and other personal information were not compromised—I don’t see how credit monitoring is going to help you. Just have your credit and debit cards reissued, and you should be good. Again, if Target’s telling the complete truth. (Keep in mind that Target’s PR people and legal team are in charge of managing this crisis now, and they have one objective: minimize Target’s short and long-term financial damage. Personally I would never trust my well-being to a corporation.)

But if you’ll feel better signing up for the free credit monitoring, go for it. Just don’t succumb to the hard sell you’ll no doubt get to subscribe once the free term expires. Unless you have reason to believe you may be subject to identity theft, credit monitoring is a waste of your money. And even if you are fearful of identity theft, a credit freeze is a better way to go than credit monitoring. A freeze prevents fraud; monitoring only lets you know after-the-fact that fraud has occurred.

Target has also set up a hotline if you have questions: 800-440-0680

Cash Is King!

These sorts of events—which happen all the time it seems—reinforce why cash is king!

Were You Affected by the Target Hack?

Did you shop at a U.S. Target during November 27 – December 15? If so, how have you reacted to news of the hack? Do these sorts of events make you think about using a credit or debit card less and relying more on cash?

Digiprove sealCopyright secured by Digiprove © 2013 Kurt Fischer
All original content on these pages is fingerprinted and certified by Digiprove