I think weâve just found the exception to Betteridgeâs Law of Headlines.
I wish the US had a group of hackers and electronic surveillance analysts that could protect us from this sort of thing.
Using your credit card to send $20 to Al-Shabab is probably both cheaper and more effective than one of those âidentity-theft-protectionâ services!
Yeah, itâs funny how the NSA didnât pick up on it. What if all the stolen cards were used to fund terrorism?
That headline is pretty much unanswerable, as no one is disclosing what other retailers are caught up in this. Meanwhile, Target is in the doghouse right now, but when all is said and done they will be hailed as being proactive and transparent, considering that no one else stepped forward to admit they were hacked.
Yeah, I do wonder, especially after getting an emailed offer as a âDear Target Guestâ from TargetNews@target.bfi0.com to join ExperianâsÂŽ ProtectMyIDÂŽ on Targetâs dime, in order to protect myself, having been potentially (probably?) hacked by the thieves who targeted Target.
Seems kinda spammy to me, and I also donât know if Experian actually works. Does giving info to them put me at further risk? Did the Chairman, President and CEO of Target, who âsignedâ my email, actually even approve this move?
Oh, the things we can no longer know!
Itâs a problem with too much constitutional oversight. If they just had the freedom to spy whenever and whoever they wanted to, then these things wouldnât happen. In other words, freedom=vulnerable.
As I udnerstand it the credit monitoring service is just there to alert you if anyone tries to open an account or take out a loan under your name/identity. Certainly a net positive, even though not every credit bureau will know about every account.
Yeah, itâs funny how the NSA didnât pick up on it.
NSA, didnât notice it? If we were to look at probably suspects based on who has been caught recently hacking on a scale as big (or bigger) than thisâŚ
The proactive part is a bit off though. Reactive is more appropos. And slow at that.
Just gonna give my 2 cents as someone in the infosec industry. First of all, never heard of IntelCrawler, so take their findings with a grain of salt. If theyâre working with these companies, they suck at complying with NDAs. If they got this info from the carder underground, well, theyâre not what we would call a credible source. Card brands have a very strict investigation / forensics protocol and allowing a third party to âdiscloseâ such compromises is not part of that protocol. So letâs just assume itâs true: if you didnât authorize a transaction (via PIN or signature), youâre not liable. Simple as that. If a retailer was compromised, they must disclose the compromise at least to the issuing banks, acquirers and card brands. Depending on the state theyâre doing business in, they must publicly disclose the fact. tl;dr: if thatâs not your signature on the receipt, you might have a little bit of a hassle, but youâre not liable.
Are banks required to refund overdraft fees? This guy was told that his bank would not refund the fees. This woman was also told that she was responsible for overdraft fees. This states that banks are not required to refund overdraft fees and this class action lawsuit specifically mentions people who have suffered damages in the amount of overdraft charges. So, as far as I can tell, banks are not required to refund overdraft charges.
Regarding liability for the actual charges, I have seen multiple articles like this quoting $50 for credit cards and $50 (within two days) or $500 (2-60 days) for debit cards. The FTC website, however, says that you are not liable when your credit card or debit card number is stolen (for debit cards you have to report the charges with.
This is a great point. The issue here is this: the actual card, the physical plastic and the data encoded in it belongs to the issuing bank. Thereâs no question about this. If you challenge a transaction, the issuing bank must prove that the cardholder authorized said transaction. If your signature is not there, you didnât authorize the transaction (letâs just remember that thereâs a finite number of credit card numbers, and they follow a pattern, so itâs not that hard to come up with a âvalidâ number) and thatâs it. If you authorized a transaction though a PIN, things are a little bit more complicated. Letâs say you went to Target, bought a bunch of stuff and authorized your credit/debit card transaction via PIN. Supposedly, your PIN is unique and bears as much value as your signature, but a POS malware can capture it. Thatâs when these anti-fraud procedures come into effect: if you start looking at a bunch of fraudulent transactions that were authorized with a PIN and have a common merchant, say, Target, youâre covered. I buy something at compromised Target, you buy something at compromised Target and 45 million people do the same. All of the sudden, our credit cards are being used fraudulently. The common denominator is Target. You can infer that Target was compromised and it was not your fault that your card was used fraudulently. Card brands have been trying to shift the liability to the cardholders for at least 15 years, but this is very complicated to do in the US due to the lack of EFT (aka chip and pin). The bottom line is: it costs less to the issuing banks to cover the costs of fraud than to adopt EFT. Until they do so, youâre not liable. Again, you might have to fight it, but if you didnât authorize the transaction, you wonât pay for it.
Garymon, I read this a few times, and I still donât understand what you are saying. I apologize if it is abundantly clear, but I am drawing a blank.
Hereâs a question: Whereâs the law protecting consumers by mandating banks and other institutions replacement cards for free? Letâs be honest, a lot of the insecurity of using credit cards comes down to the financial institutions issuing them.
No worries. You said it was strange the NSA didnât notice this happening. My poor wording was supposed to raise the question that maybe they didnât notice it because they were the ones behind the theft. It sounds crazy and I have a hard time suggesting something so paranoid but lately it seems this is what they specialize in.
Oh, okay. Thanks for responding 
This topic was automatically closed after 5 days. New replies are no longer allowed.
