I believe I got new cards after Target's little hiccup and sounds like.... one more time.....

No suspicious activity on my account, but they're issuing a new one anyway. The letter said they had been notified that my card MIGHT have been compromised (and I don't use it online ever).

This is the Social Security Debit card.

It was one I used at Home Depot.

America. When you are rich you can hurt/destroy millions of people and get a bonus for your trouble.

some other countries did a long time ago. We lag, because none want to spend the money, so customers get fucked over, none give a damn. Hey, it's the American way anymore. Sociopaths and cheats in the US get highly rewarded and put on pedestals. The general populace gets fucked over.

department overlooking our police state can't seem to pull it's lips away from the asses of the rich. These s/w systems were way out of date and the vulnerabilities were widely known in the community.

The reason he'll get a bonus is because HD most likely will not have to cover any losses as those have been conveniently passed on to customers who now must deal with the consequences on an individual level.

But I bet even the banks and ins. companies are starting to get pissed.

Imagine if a normal person fucked up so badly at their job...

violated?

for justice. It would not be difficult to prove that the CEO knew their systems were vulnerable and putting the general public at risk.

Wall Street banks also faced criminal negligence charges for the financial meltdown, but the justice department let them buy their way out of personal responsibility as another cost of doing business.

Knowing that something is vulnerable, is not the same as being negligent.
Almost everything has a certain level of risk
I don't think you could prove that not changing over to chip cards created a level of risk that amounted to negligence
Especially when they can point to the number of countries that don't have chip cards... China, Korea and Japan being 3 of many.
And the level of credit card fraud in these countries minimal, yet many Japanese and Koreans purchase off the internet. (Can't speak for Chinese purchasing on internet)

Home Depot and Target should have had competant IT departments looking for malware on their point of purchase terminals.

So very many places try to do IT on the cheap, keeping the geeks in some cubicles a million miles away from where the problems exist, when some simple observation would disclose the criminal activity going on under their noses.

You would think he should have learned something at Target.

I didn't know that, it explains a lot. About all he learned how to do was outsource the IT function to the Third World, and fatten his bonus in the process. I trust that the corporate world has taken notice of his accomplishments.

You get what you pay for.

Companies refuse to pay IT what they are worth. Experienced people are being laid off and replaced by know-nothings who fill a seat for half the salary - overseas. Managers put in charge of IT departments usually have MBAs with little computer experience beyond running a preprogrammed Excel spreadsheet.

I have been paying for everything in cash since I got caught up in the Target Christmas breach. We got new cards, but never used them. Until US retail catches up to the 21st century, not gonna use them, either.

warned HD of the risks of using an outdated OS with well known exploits.

This has nothing to do with "chips" or two step authorization. HD was using and outdated version of XP operating system and chose not to update it because

1. it costs money to update.
2. HD is shielded from financial liability since banks cover fraud expenses.
3. consumers will bear the expense of restoring credit, dealing with banks, identity theft, etc

The idea that the CEO was "insulated" from the risk of a massive data breach via the same exploit at Target using EXACTLY the same systems defies reality.

The public has a reasonable expectation that their bank accounts are not at risk by purchasing a product at Home Depot.

This is exactly what criminal negligence law is designed to punish.

As far as pin based credit cards, banks fought it in the US for as long as they could because of the extra expense even though rest of the modern world has been using these systems for some time now, however, that is not what makes HD criminally negligent.

So Japan and Korea aren't the modern world???
You might want to rethink that statement

from making yourself look even less informed or less familiar with the modern world. There's life beyond the tea bags. Get outside every now and then.

... to these companies. They WILL lose business over this. It will cost serious money to clean things up. HD has already offered one of those monitoring services, that is not free.

I share your frustration but it is no surprise at all that the management of most companies aren't going to spend millions of dollars fixing a problem they simply do not have the background to understand.

I am a lot more angry at the credit card companies themselves, who make money hand over fist in this business and ARE equipped with the understanding of the problem.

pay for home depot's negligence. They pay on the phone trying to resolve fraudulent charges. They pay having to notify the creditors that their cards are invalid. And the criminals win because many people will nto notice the fraudulent charges.

Everyone in IT business knew these systems were exploits waiting to happen. Everyone. MSFT released that OS in 2002. Mervyn's, Target both were hacked. Marriott as well. Everyone knew this.

It's like flying a plane knowing the engine is 20,000 hours past overhaul but deciding the costs of overhaul are less than the penalties for not overhauling.

The credit card companies have been using pin based credit for 10 years in Europe. US companies like Home Depot refused to upgrade because they didn't want to spend the money even though they are raking in record profits and are flush with billions in cash.

Visa, MC, Amex are implementing liability shift: they will have to have readers for the EMV ("chip cards&quot by October 2015 or they would eat the fraud losses themselves. That goes for all retailers who take actual cards at the point of sale.

AFAIK Walmart has mostly updated their terminals to take EMV cards now and the cashiers are steering these card holders to insert their card instead of swiping.

to prove that the CEO knew the systems were vulnerable??

Ever work for a large company? For legal purposes CEOs know NOTHINK. At depositions they manage to make themselves appear so clueless they would seem to need help getting dressed in the morning. I speak as someone who spent 12 years in a corporate legal department. For non legal purposes they know only slightly more, and I doubt they know thing one about coporate information systems.

the same systems as Target. All of the companies mentioned in this 2003 Microsoft press release are vulnerable. Mervyn's, Target and finally Home Depot were attacked. The other may have been as well but no notice given.

That's the only way the rest of the corporate world gets the message to spend enough on IT to stay a step or two or three ahead of the criminals.

I wish the banks would cancel the Visa/Mastercard payment accounts of these two retailers, that would send a message that they're not going to pay the costs of cheap-ass shitty IT on the part of the businesses they do business with.

Severe penalties are called for here, I wonder who has the guts to impose them. If the banks spending millions of dollars issuing new cards don't have the stones for it, I sure hope the buying public does. If you HAVE to have something from either retailer (and you probably have other good choices) at least pay them in cash, to send the message that they are untrustworthy.

for the lowly scapegoats a corp. might trot out and fire ... but the crux of the problem lies at the top of the ladder, but they roam around immune from it all.

do you think
JPMorgan can handle it?

charges etc. It's cheaper for them to reissue cards than protect customer accounts. Meanwhile the banks and the perpetrators know that millions of people will not notice fraudulent charges and pay them. Millions of people are now wrestling with banks over fraud charges, identity theft, etc. Home Depot's CEO is smiling all the way to the bank.

updated three times in the last 9 months. That's how many cards I have - three. Not one of them ever left my possession. I did have a fraudulent charge on one of them - some hormonal body building powder sold out of Florida. It's a royal pain in the butt to change cards. because you have to notify everybody who has the card number that it has changed. I now keep lists of who's attached to what card. I try to avoid automatic payments whenever possible, but somehow I have a few.

and that was a royal pain in the ass, since the card that was replaced was never even used at a Target. Now I'm expecting and have already received an email from Home Dept that they change it again.

I have a total of two cards. I have used the one card one time. I am tempted to just carry cash and pay for things the old-fashioned way.

Remember when we were all supposed to be paranoid about someone stealing our wallets and so we stopped carrying much cash? Well, now we're all supposed to be paranoid about someone stealing our card numbers. I don't know what to be paranoid about any more. LOL

Maybe I'll just start being paranoid about ISIS or ISIL or whatever it is they call themselves and the right wingers are worried about.

The woman at American Express was very helpful and understanding. I also asked if Amex was going to start issuing "Smart" credit cards and she said that was what I was going to get. I did not have to ask for one day delivery, she just told me I would get the card by UPS One Day delivery, but that I had to be home to accept it.

retail point of entry readers are updated to read "Smart" credit cards one is no better off. Mine have both the chip and the magnetic stripe, but I have never encountered a "Smart" reader except at the bank's ATM, so in retail I still use the magnetic stripe. One bank officer told me never to use a debit card in retail situations, but rather always to use their credit card. ... then simply transfer funds to reduce the balance on the credit card. There is no interest charge for this.

Banks can and do reissue cards on a perceived threat. The ones I deal with are the most frustrating because they're not linked with a big data breach like a Target or a TJ Maxx or Home Depot. I can't even tell the customer why exactly we're doing the proactive replacement.

I don't shop at Target or TJ Maxx. I have shopped at Home Depot in the past 6 months, but my latest credit card change came before that was announced.

I was informed by letter awhile back that there was a breach at Adobe (like...HELLO), and I suspect at least one of my card changes came from that one, 'cause my father, also a recent Adobe customer, also had a card change around the same time. My father, age 80, freaks every time this happens because he thinks HE did something. I'm trying to convince him that he did nothing wrong and this is just life in these United States in 2014.

As soon as I heard about it, I called my VISA card provider (Capitol One) and asked for another card ASAP. Upon calling, I removed my card from future use and called the two automatic withdrawl sites. It took a few minutes and the loss of worry...priceless.

Seemed like a waste of postage to me. Just send me the card!

This is a very good security step and they should be thanked for doing it.