idRADAR has some comments about Target’s offer of an ID theft product. I found it interesting to read because I wouldn’t have realized that what Target negotiated was not the usual kind of product that checks all three major credit reporting databases – Experian, Equifax, and Transunion. The plan Target arranged with Experian only checks Experian’s database.
Read the article and see what you think.
OK, Target gets hacked. They steal credit card data. They may get some Personal Information, but not alot. So – whats ID Theft have to do with a credit card hack?
The companies that offer this sort of service just want to appease the customers and make them feel like they are getting something “free”. A year’s worth of service is nice, but utterly worthless if the crooks just have a CC number that eventually will get replaced.
I think the companies should pay the card companies the fees to replace all of the cards that were affected, and its done in a timely manner. Timely, as in like as soon as humanly possible, like 1-2 working days after the breach, the cards are being procesed. That way, the hack is about worthless.
Sure there will be miscreants out there buying up bad CC numbers and attempting to use these numbers once the dark side posts them on the evil websites. But a bank – hopefully knowing of the breach will not process the CC payment, letting the card die on the vine.
It would be so much easier if the card had an extra set of four digits. These could be random numbers, much like they are on a RSA style token. Upon using the card online or at a counter our ATM, the extra numbers have to be punched in via keypad. It would be like a one time passcode that must match what the processing side sees as well. Failure to do so after 2 attempts means a potential fraud alert is generated.
The longevity of the cards is probably too long as well. I think CC’s should be good for no more than 2 years, which will shorten the chances of the card becoming compromised. The card would need to have security features built in to detect tampering.
Obviously the way that the financial institutions are doing “business” is making the crooks rich, and then the financial institutions are raising rates to offset losses. A newer way of doing business won’t come about if the “old way” is producing the financial institutions enough revenue to offset any losses. If they are making Billions off interest charges, then in their maind they are proably thinking….why change? Business is good, so they are good with the way its working.
The way of the CC propaganda process is broke.
Remember that 70,000,000 records were exfiltrated by hackers of Target. This includes other personal information beyond credit card numbers — personal info which can be used to steal identities. This is bigger than credit card fraud.
idRadar:
Site under maintenance
What’s on Your ID RADAR?
idRADAR is Coming Soon!
Bad timing for their maintenance. I want a new law that says “If I link to you, you have to be there. Always. And. Forever.” 🙂
When you try to sign up for credit monitoring with Target, their site requires full name and email address.
Then you receive an email from a sketchy looking domain, bfi0.com.
A whois of that domain leads back to Epsilon in Irving TX, a direct marketing company.
Epsilon itself had a massive data breach not too long ago, where they leaked personal information on millions of people who then suffered phishing attacks.
Target never asked my permission to share my personal information with Epsilon.
Now Epsilon has a list of people who were compromised in the Target breach. This shit has got to stop!
If you want more info and screenshots I’m @rcrsv on Twitter.
I’ve emailed Target and asked them to respond to the concern. I’ll post something if I get a response.
Here’s a thread where Target replies, but repeatedly doesn’t answer the question.
https://twitter.com/rcrsv/status/423143048793427968
I put the question somewhat differently to their corporate communications department. As I said, if I get a response, I will post it.
Please see my blog post about this issue on the “mother ship,” PogoWasRight.org: http://www.pogowasright.org/at-risk-if-you-do-at-risk-if-you-dont-targets-problematic-privacy-policy/
Have to agree with all these comments about the idRadar News website being down for maintenance. AND IT WAS MY WEBSITE! It’s back now but I agree, Dissent. Links should work forever. And ‘brief maintenance’ should never drag on for 18 hours either!
My biggest concern with the Target breach after studying it for over three weeks is what will happen if the hackers can match the stolen credit card numbers initially confirmed with the additional data loss involving info like email addresses announced last Friday. The possibilities are gruesome. The credit card numbers are actually a lesser concern in my mind. Still waiting to hear whether Target’s somewhat small offer of credit monitoring will extend to those who lost email addresses etc. They do not have the same financial loss protections as those who experienced fraudulent credit card charges.
My understanding is that yes, it is being offered to the “70 million,” too. Their FAQ on the free credit monitoring offer says:
I’m not thrilled with the diluted credit monitoring they’re offering, though.