Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Credit Card Breach At P.F. Chang's

Soulskill posted about 4 months ago | from the another-day-another-breach dept.

Security 117

schwit1 tips a post by Brian Krebs saying that P.F. Chang's China Bistro, a nationwide restaurant chain, is the latest victim of a massive data breach. The company is currently investigating. Krebs writes: On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so, an underground store best known for selling tens of millions of cards stolen in the Target breach. Several banks contacted by KrebsOnSecurity said they acquired from this new batch multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang's locations between the beginning of March 2014 and May 19, 2014. ... The items for sale are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards. Armed with this information, thieves can re-encode the data onto new plastic and then use the counterfeit cards to buy high-priced items at big box stores, goods that can be quickly resold for cash (think iPads and gift cards, for example).

Sorry! There are no comments related to the filter you selected.

Cash and checks (1)

riverat1 (1048260) | about 4 months ago | (#47207285)

I use cash or checks for 99% of my purchases. That way I avoid this issue. I'm also an old guy so "Get off my lawn!"

Re:Cash and checks (4, Insightful)

lexman098 (1983842) | about 4 months ago | (#47207405)

I use credit cards for 99% of my purchases. That way I avoid the issue of dealing with change and refilling on cash. I've never been held responsible for a fraudulent charge.

Re:Cash and checks (1)

culmor30 (2676135) | about 4 months ago | (#47207433)

Hi everyone, I have some anecdotal evidence which counters the claims of *both* of the posters above me!

Re:Cash and checks (1)

ColdWetDog (752185) | about 4 months ago | (#47207643)

What, you don't buy anything?

Re:Cash and checks (1)

msauve (701917) | about 4 months ago | (#47207755)

I don't buy his argument.

Re:Cash and checks (2)

ArmoredDragon (3450605) | about 4 months ago | (#47207739)

This. Any bank that isn't a ripoff (and assuming that you don't have the worst credit in the world) offers zero liability for fraudulent purchases. Given that checks are tedious to write and process, and cash is easy to get lost or stolen, it doesn't make a whole lot of sense to pick them over a credit card.

I probably went to PF Changs in this time period, and used my credit card there no less (I'm not quite sure whether it was in April or in May that I last went) but I'm not at all concerned about it. I've been the victim of credit card fraud before, and it's really not exactly devastating. What happens is I have to go an entire week on cash (I hate checks) until my new card arrives in the mail, and then I have to go to my ISP, tmobile, and the local water utility and update my autopay billing information. It basically amounts to a temporary inconvenience, but nothing was lost on my part. I think a bigger inconvenience would be having to manually pay all of my bills every month instead of just watching ONE credit card statement.

Re:Cash and checks (2)

msauve (701917) | about 4 months ago | (#47207815)

Any bank that isn't a ripoff (and assuming that you don't have the worst credit in the world) offers zero liability for fraudulent purchases. Given that checks are tedious to write and process

You fail to mention the full, tedious process for reporting fraudulent card transactions, and getting them reversed. Whenever I've had to do it (recently, almost yearly), There are records to review, paperwork to fax, etc. to confirm what charges are legit and which aren't.

It's a wash in effort between dealing with cards and checks, in my experience. Cards for online purchases, checks for paying most recurring bills (I really don't trust most enterprises to automatically draw from a debit account). That's what's convenient for me.

If you only have to change 3 accounts when a card is replaced, I'd bet you're exceptional (on the low side).

Re:Cash and checks (2)

khellendros1984 (792761) | about 4 months ago | (#47207923)

You fail to mention the full, tedious process for reporting fraudulent card transactions, and getting them reversed. Whenever I've had to do it (recently, almost yearly), There are records to review, paperwork to fax, etc. to confirm what charges are legit and which aren't.

With my card, in most cases, I get a call where they verify a half-dozen or so purchases. There was once where they called me to say that my card was cancelled, with a new one in the mail. I've never had to fill out any paperwork from that particular bank/card, let alone had to fax anything. The policies vary company-by-company, so something that's onerous for you may be much easier for someone else.

Re:Cash and checks (1)

msauve (701917) | about 4 months ago | (#47208013)

" The policies vary company-by-company, so something that's onerous for you may be much easier for someone else."

Yes, anecdotal evidence means very little.

Re:Cash and checks (1)

Euler (31942) | about 4 months ago | (#47208907)

I have to agree that the CC company makes a difference, Capital One has always been the one to tell me when something bad has happened. Slight inconvenience to me. Somebody besides me ate the cost (probably Capital One.) So obviously their business model is profitable enough to not really worry too much.

That being said, it is about F'ing time that retailers and CC companies make the investment into chip and pin systems. Not perfect, but would basically shut down most causal card skimmers. The one-time card numbers for online transactions are a good compromise, especially considering it might be difficult to get the card reading devices at the home-user level.

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47208599)

I suspect you're exaggerating the amount of work involved in contesting a charge. The last few CC's I've had either let me flag transactions online or I simply called in and done it over the phone in under 5 minutes. In either case, they send out some correspondence that you sign and return to them basically affirming that the transaction is fraudulent and that's it.

You're right that it sucks to have to update any of your recurring billers and online accounts when your bank cancels and reissues your account under a new number.

I'd rather have to update a bunch of accounts than deal with losing a wallet full of cash or having my checks fall into the wrong hands. With cash, you're never getting that money back (unless an honest person returns it) and with checks, you're at the mercy of your bank (there is no federal protection for fraudulent check activity).

Re:Cash and checks (1)

nitehawk214 (222219) | about 4 months ago | (#47212001)

Tedious? Then you have the wrong credit card.

Every time this has happened to me with any card, they call me and ask me if I had made a few recent purchases. If I say no to any of them, they cancel the card and immediately ship me a new one. Max time 10 minutes. I need to type in the card number every time I make a purchase online anyhow. If I have to make a purchase in the couple of days it takes for the new card to arrive... I use a different card.

When your bank account is cleaned out, you are without money for some extended period of time, including the money you were going to use to pay your credit cards.

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47209643)

So your time is valueless?
Is your name Wally?

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47208521)

How spicy do you like your Chang sauce?

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47208589)

And you've helped Visa take in rent of 1-3% of every purchase made anywhere. Congratulations.

Re:Cash and checks (1)

ayesnymous (3665205) | about 4 months ago | (#47209171)

I use credit cards for 99% of my purchases. That way I avoid the issue of dealing with change and refilling on cash. I've never been held responsible for a fraudulent charge.

Plus using a credit card gives you 5% cashback for various categories of purchases.

Re:Cash and checks (3, Insightful)

swell (195815) | about 4 months ago | (#47209199)

"I use credit cards for 99% of my purchases. That way I avoid the issue of dealing with change and refilling on cash. I've never been held responsible for a fraudulent charge."

  - OTOH, I use CASH for 90% of my purchases. Only one retailer (a major online company) knows my card number and they are unlikely to leak it. Similarly I have no revealing 'loyalty cards' for grocery & drug store purchases.

So my wallet is much thinner than yours and I have little fear of identity theft. I carry $200-$400 at all times. If it is stolen, I will be unhappy but not as much as if my identity is stolen.

I don't think it's anyone's business if I purchase adult diapers or pron or medicines or alcohol. Should I reveal that in return for 'rewards'? You will have to decide for yourself if you want to advertise your lifestyle in exquisite detail to worldwide data marketers.

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47211115)

I don't think it's anyone's business if I purchase adult diapers or pron or medicines or alcohol.

You've got quite an exciting evening planned.

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47209635)

But you pay for every fraudulent charge in the form of higher prices.
Since there is no "free lunch" and someone has to "eat" your fraudulent charge, the eaters of the fraudulent charges raise their prices to cover the cost of fraudulent charges.
But your credit score may "take a hit" from a fraudulent-charge-vendor who puts in the "did not" pay information into the credit bureau.
This happened to me and it caused problems with a car purchase and years later with a house purchase. This vendor's poor behavior (sore loser) is why I do not shop at J. C. Penney since the 1980's

Re:Cash and checks (4, Insightful)

vux984 (928602) | about 4 months ago | (#47207443)

I use cash or checks for 99% of my purchases. That way I avoid this issue. I'm also an old guy so "Get off my lawn!"

Is it a real issue or a theoretical issue? I've seen a few fraudulent charges over the years, and the bank has never given me any greif over any of them.

Your solution of carrying cash exposes you to higher risk of direct loss or theft. And you lose the card rewards program.

As for cheques -- yeah, whatever, because those aren't stupidly easy to forge; and most people won't even take them anymore.

On the upside you have a smallish boost in privacy relating to your purchases. (locations, times, and amount spent)

Seems you've traded one set of small risks for another. Not sure that amounts to a real overall improvement though.

Re:Cash and checks (1)

ArmoredDragon (3450605) | about 4 months ago | (#47207757)

Don't neglect those rewards either. Every year I get a nice free $200 payment towards my credit card bill, and since I always pay it off before interest accrues, it's pure profit.

Stupid paypal always forces me to default to paying with a bank account, and when I try to pay with a credit card they insist that I don't do it because the credit card supposedly costs me more. Paypal just wants to make a higher profit margin.

Re:Cash and checks (1)

sjames (1099) | about 4 months ago | (#47207889)

The risk of forged checks is there even if you never use them yourself.

Re:Cash and checks (1)

mjwx (966435) | about 4 months ago | (#47207921)

Is it a real issue or a theoretical issue? I've seen a few fraudulent charges over the years, and the bank has never given me any greif over any of them.

Not really, the average loss from credit card fraud is $500, it costs Australia $2 billion annually. Eventually this costs comes back to you.

Your solution of carrying cash exposes you to higher risk of direct loss or theft. And you lose the card rewards program.

LoL @ rewards program.

Seriously, carrying cash does not increase your theft profile, with the addition of contactless payments that do not require a form of authentication, plastic is now as at risk as cash. Yep, sure you can tell me "but the bank will cover me" but all you're really saying is "I'm naive like a child". The bank only covers its self.

Seriously, rewards programs are traps. Compared to the costs of using credit cards (most of them hidden like interchange fees and merchant service fees) cash is cheaper. The average rewards program returns $45 per year. I save that more than that per fortnight by using cash. This year alone I've saved $1200 from direct savings from not using credit.

Banks do not do anything for free, follow the money to find out who's paying for it (if you're smart, you'll just find a mirror and have done with).

Seems you've traded one set of small risks for another. Not sure that amounts to a real overall improvement though.

Actually, I've traded a set of costs for a set of savings.

In fact, given the number of high profile breaches in recent days it seems carrying cash is safer. You can expect more breaches as criminals figure out ways to colelct your card information from NFC without you even taking your card out of your wallet.

That being said, I have to admire the banks in for their Machiavellian brilliance. They addict people like you to using credit cards then charge the merchants for accepting them, forcing the merchant to be the bad guy and raise his prices to pay for them, meanwhile the bank is laughing all the way to the bank. Not to mention the way they've gamified the rewards programs. They've made collecting points more important to people than getting a good deal. In order to get a $50 toaster, people will forego $1000 in savings.

Re:Cash and checks (1)

Calavar (1587721) | about 4 months ago | (#47208017)

Compared to the costs of using credit cards (most of them hidden like interchange fees and merchant service fees) cash is cheaper.

You still pay those when you use cash because the agreement between the credit card company and the merchant forbids the merchant from offering a lower price when goods are purchased with cash.

In fact, given the number of high profile breaches in recent days it seems carrying cash is safer. You can expect more breaches as criminals figure out ways to colelct your card information from NFC without you even taking your card out of your wallet.

As others have already said, it's not the cardholder that takes the loss when fraud occurs. It's the merchant. Sucks for them, of course, but certainly not for the cardholder. So I'm not sure why you're still rambling on about the safety of cash. If a thug steals your wallet full of cash, it's gone for ever. Not so if they steal your wallet full of credit cards.

Re:Cash and checks (1)

mjwx (966435) | about 4 months ago | (#47208271)

You still pay those when you use cash because the agreement between the credit card company and the merchant forbids the merchant from offering a lower price when goods are purchased with cash.

Fortunately, not legally enforceable.

Dual pricing is permitted by law in Australia precisely because it is illegal for a third party to force a hidden cost onto a business. For a moment, consider the people you are defending here, they are forcing extra costs on merchats, which results in higher prices and you're defending them.

Lots of businesses do a cash discount. The only way you dont know about this is because you dont do cash transactions... your loss.

As others have already said, it's not the cardholder that takes the loss when fraud occurs. It's the merchant.

And what does the merchant do when they take a loss?

Put prices up to compensate.

You still end up paying. It's just obfuscated.

Putting everything on the card is plain stupid, from both a financial and security standpoint.

If a thug steals your wallet full of cash, it's gone for ever. Not so if they steal your wallet full of credit cards.

You're assuming the bank wont contest it, or charge you for the services. Also, the bank is not obliged to return interchange fees.

With NFC on your card, a thief can take your card details without you even getting it out of your pocket because by design, the protocol will give out your name, expiry date and card no. to anything that asks for it. This can be done with off the shelf hardware. A thug doesn't even have to rob you, to rob you. In the end, cards cost more than risk with cash (which is negligible, lower if you consider the huge security flaw in NFC).

Re:Cash and checks (1)

vux984 (928602) | about 4 months ago | (#47209291)

Lots of businesses do a cash discount. The only way you dont know about this is because you dont do cash transactions... your loss.

Most of the business I've dealt with that do a cash discount have nothing at all to do with credit card fees. They are simply committing tax evasion; as a cash transaction lets them avoid putting it on the books. Which is fine, but lets not pretend its because of big bad credit card companies.

And what does the merchant do when they take a loss? Put prices up to compensate.

Yes.

You still end up paying. It's just obfuscated.

True, but you are paying for it too, so my portion is less than it otherwise would be if I had to pay for the fraud myself.

You're assuming the bank wont contest it, or charge you for the services. Also, the bank is not obliged to return interchange fees.

As opposed to the cash in your wallet when it gets lost or stolen. That's just gone.

Meanwhile I've disputed fraudulent charges a couple times in my life, and lately I've had the bank stop them or reverse them even before I've been involved.

With NFC on your card, a thief can take your card details without you even getting it out of your pocket because by design, the protocol will give out your name, expiry date and card no. to anything that asks for it. This can be done with off the shelf hardware. A thug doesn't even have to rob you, to rob you. In the end, cards cost more than risk with cash (which is negligible, lower if you consider the huge security flaw in NFC).

I don't disagree with you, about the abysmal security design.

And yet I know far far FAR more people who have lost their wallet with cash in it, or had it stolen than have EVER been the victim of NFC fraud.

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47210497)

But what about the merchants that take some care not to accept stolen/fake credit cards? They take fewer losses and can so raise their prices less, giving them and advantage over less careful merchants.

Re:Cash and checks (1)

LordKronos (470910) | about 4 months ago | (#47211473)

I think the problem with your argument is that you are in a different country (Austrailia) than most of us (US). The laws and processes there appear to be quite different. Here:

1) There is minimal difficulty in disputing charges. Most banks have the process pretty streamlined, so on the rare occasion it happens, it's relatively simple to deal with and causes you no disruption (at least with credit cards...debit cards can be a little more dicey with the potential for bounced payments and stuff, which is why I never used debit and don't suggest it for most people)
2) There is minimal risk in using credit. By law you are only liable for $50, but in practice, I've never seen or heard of a bank which holds you liable for even a penny.
3) There is little to no discount for using cash. Previously, merchants were prohibited from charging extra (either by an extra fee or by raising the price) for credit. They could instead offer a cash discount (ie: lower the price BELOW what was advertised) but very few did. Mostly just gas stations, who would charge up to 10 cents a gallon extra for credit (still worth it to pay credit though, since you can get 5% cash back on gas, thus saving 15-20 cents per gallon). Now the laws have changed to prohibit that restriction, but still pretty much nobody has started charging extra for credit. Merchants want to encourage credit because they believe people spend more with credit, thus they'd loose money by encouraging cash payments. Also, cash is not free. There are also costs with counting it and transporting it. You have to hire an armored truck to take it to the bank, there are more issues with employee theft, and the(probably small) risk of counterfeit money
4) Rewards are a benefit to those that use them. Yes in theory it would possibly be cheaper for everyone to use cash (assuming cost of card processing is more than the cost of cash handling). However, that's not going to happen. Even if I switch to cash, there's no way everyone else is going to do the same. Its sort of like the prisoners dilemma on a massive scale...even if a large number of people agreed to cooperate, there's still enough people to screw it up for everyone else. So all I am doing by not taking advantage of rewards is leaving money on the table. I'm still paying the cost of card processing (since it's built into the regular pricing, not a separate fee) but not getting the benefit of the cash back.

In summary, however things may be over in Australia, over here in the US the current system (ie: the way things are currently setup, not the ideal system that would theoretically materialize if everyone agreed to start using cash ) is setup such that credit cards have huge benefits with pretty much no downsides. The only real downside is for people who can't control their spending and thus would get themselves into trouble using credit cards.

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47208345)

In the Untied States, banks cannot prevent a merchant from offering cash discounts. Many states regulate credit card surcharges, but merchants have gotten around the law by claiming a cash discount. Some states have laws specificlly allowing cash discounts for certain types of products such as on vehicle fuel, while preventing it for other products. Some states allow certain merchants to have credit card surchanges, such as utility companies when approved a regulatory agency. These laws vary by state and locality.

Fraud ownership resides with the bank, not the merhcant, as long as the merchant follows the policies of their merchant account for handling credit card transactions. When chip-and-pin arrives in the United States, fraud liability will shift to the merchant for transactions using non-chip cards.

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47208477)

You still pay those when you use cash because the agreement between the credit card company and the merchant forbids the merchant from offering a lower price when goods are purchased with cash.

Depends on the jurisdiction. This is not true everywhere.

Re:Cash and checks (1)

nitehawk214 (222219) | about 4 months ago | (#47212091)

Is it a real issue or a theoretical issue? I've seen a few fraudulent charges over the years, and the bank has never given me any greif over any of them.

Not really, the average loss from credit card fraud is $500, it costs Australia $2 billion annually. Eventually this costs comes back to you.

Because nobody would commit fraud if credit cards did not exist.

Re:Cash and checks (1)

Nyder (754090) | about 4 months ago | (#47208031)

.. And you lose the card rewards program.

....

Cash reward for credit cards isn't a cash reward. You must be the type that thinks trickle down economy is good.

Here's how the cash rewards work. The CC company says "Hey, our Customers are stupid. They pay high interest rates to us for convince. How about we tell these sheep that they can get cash back, while we up their interest rate 1% to pay that cash back.

Car analogy: You go to buy a new car. The Dealer says they give you $1000 cash back if you buy this certain model. You think, cool, I'll make a $1000 when I buy this car. What really happens is: CAR = Price + $1000.

You don't really get $1000 back, you get $1000 that you paid yourself.

Same with CC you don't get cash back, you get cash that you already own from them.

wankers.

Re:Cash and checks (1)

Anonymous Coward | about 4 months ago | (#47208325)

That's how it works for some "wankers" but for me I pay them $0 in interest and they pay me thousands of dollars a year in cash back.

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47208369)

To those of us that pay the credit card balance every month, the rewards are great.

Re:Cash and checks (1)

vux984 (928602) | about 4 months ago | (#47209319)

Here's how the cash rewards work. The CC company says "Hey, our Customers are stupid. They pay high interest rates to us for convince. How about we tell these sheep that they can get cash back, while we up their interest rate 1% to pay that cash back.

As I pay my balance off virtually all the time my rewards cash back far exceeds any interest payments and fees.

I guess its like the lottery -- a tax on people bad at math. Except unlike the lottery, I can win at this game. And do.

Re:Cash and checks (1)

josecanuc (91) | about 4 months ago | (#47210799)

Often, the rewards are paid out of the merchant's pocket, not even the credit card company or the bank that issued it. Merchants are charged a percentage ranging from about 1% to 4% on purchases. Rewards cards often take the highest percentages.

In effect, your "cash back" is paid by the person from whom you are purchasing merchandise/services. That results in higher prices, as merchants adjust pricing to meet their net profit needs.

It's correct that you, the account holder, are paying your own reward, but it's not so direct that it is paid out of interest+fees.

Re:Cash and checks (1)

digitalPhant0m (1424687) | about 4 months ago | (#47207469)

Now I have to avoid you at the grocery store for fear of being in line behind you while you write a check.

Re:Cash and checks (1)

riverat1 (1048260) | about 4 months ago | (#47207715)

I almost always use cash at the grocery store. I'm the one waiting in line for person running their card through the machine. Checks are for the big purchases.

Re:Cash and checks (1)

plover (150551) | about 4 months ago | (#47208999)

Umm...no. Cash takes considerably longer to tender than credit. The customer takes time selecting the bills and coins, the cashier takes time counting it, then enters the amount in the cash register, and after the till opens, they have to count out the customer's change. This takes an average of about 16 seconds per transaction.

A credit transaction today is a swipe of a card, and can be processed and authorized in under one second.

Chip and PIN is not as fast as a magnetic stripe due to the very limited CPU doing the encryption, the slow data transfer rates to and from the card, the time spent by the customer entering their PIN, and the awkward handling sequence of insert card, key PIN, wait for authorizing, remove card. While not as slow as cash, it is nowhere near as fast as credit.

After the sale, cash continues to be expensive for a retailer to handle. After collecting it all day in a till, the cashier has to count it, bag it, and turn it in to the office. The office people count it again with a machine, and store it in a safe. Periodically the safe has to be emptied and transported via armored car to a bank for deposit. They also have to buy rolled coins for making change, and distribute the coins to the tills occasionally. The tills, safes, and counting machines cost money to buy and maintain. The payroll for the cashiers, managers, and office people for time spent handling money costs money. And there is always the risk of armed robbery, which puts innocent people in harm's way.

Non-intuitively, it can cost more for a retailer to take cash than they pay in fees for using credit.

Re:Cash and checks (1)

nabsltd (1313397) | about 4 months ago | (#47211167)

Cash takes considerably longer to tender than credit. The customer takes time selecting the bills and coins, the cashier takes time counting it, then enters the amount in the cash register, and after the till opens, they have to count out the customer's change.

The one assumption you make here is that the credit card user is on the ball, and swipes either before the final total is rung or immediately after. I have seen many customers stand there until the cashier tells them the total, then reach into their wallet/purse and hunt the credit card, swipe it the wrong way, finally get it right, then hit "debit" on a card that is credit only.

Granted, these same people would likely take even longer to pay with cash, but I can see why some people think that cash is faster, based on anecdotes.

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47207499)

I'm the guy behind you at the grocery checkout. Stop holding up the line by writing checks, you silly old man...

Re:Cash and checks (0)

Anonymous Coward | about 4 months ago | (#47207557)

Checks aren't going to save you. 99.999999% of businesses just enter that data into a computer.

Re:Cash and checks (1)

Jane Q. Public (1010737) | about 4 months ago | (#47207873)

I use cash or checks for 99% of my purchases. That way I avoid this issue. I'm also an old guy so "Get off my lawn!"

I also tend to stay away from places with "Bistro" in the name. You can generally count on a 50% or more higher price, with no commensurate increase in quality.

"Bob's Chinese" is more likely to try harder.

Re:Cash and checks (2)

ModernGeek (601932) | about 4 months ago | (#47208071)

Checks are more insecure than credit cards...

Re:Cash and checks (1)

bickerdyke (670000) | about 4 months ago | (#47210119)

I usually use EMV + PIN

should be safe enough. I wonder why people keep useing those magnetic stripes.

Re:Cash and checks (1)

Salgat (1098063) | about 4 months ago | (#47210945)

I use credit cards for all my purchases and get around $300/year back in rewards. On top of that, all my purchases have additional protections provided by the credit card company. Further, not a single person is liable for any fraudulent charges made on a credit card. I'm having a hard time seeing your point.

Re:Cash and checks (1)

nitehawk214 (222219) | about 4 months ago | (#47211825)

I use cash or checks for 99% of my purchases. That way I avoid this issue. I'm also an old guy so "Get off my lawn!"

If you use personal checks for everything, are a complete fool. Checks are trivially easy to fake. All they need is your bank account number, helpfully printed in clear text on the front of the check. The bank's routing number is published information. There is absolutely no protection in the personal check system.

Your name does not need to be on the check they create. All they need is an ID from somebody, and that person's name on the check. There is no protection built into the system at all.

If you do have your number stolen by, say, any person that gets to look at your check, then your bank account is empty for a few months until the bank bothers to get around to investigating it.

For the times I just need to have a check, money orders and cashiers checks; my bank provides both for no charge.

Just P.F. Changs? (0)

Anonymous Coward | about 4 months ago | (#47207287)

Haven't been to P.F Changs in a long time, but I have been to Pei Wei between March and May. Wonder if I should be worried about that.

Re:Just P.F. Changs? (2)

TWX (665546) | about 4 months ago | (#47207429)

I was wondering the exact same thing. They don't like to make it known that they're the same company, so I wonder if they use the same CC processing system or not.

Re:Just P.F. Changs? (0)

Anonymous Coward | about 4 months ago | (#47207883)

I was wondering the exact same thing. They don't like to make it known that they're the same company, so I wonder if they use the same CC processing system or not.

Even if they don't use the same CC processor, if the attack was aimed at the Point of Sale system and the companies have their networks linked and/or they're using the same Point of Sale systems, it's possible that both were hit in the same attack. The Target breach (and several subsequent breaches) involved special memory-scraping malware loaded on the Point of Sale system. This scraped the Credit Card data long before it ever got to the Credit Card processor.

Reference: http://krebsonsecurity.com/201... [krebsonsecurity.com]

Someone's let the POS out of the bag! (4, Interesting)

mveloso (325617) | about 4 months ago | (#47207297)

If it's stripe data, that implies the POS readers were compromised, just like Target. Interesting.

Re:Someone's let the POS out of the bag! (2)

Nyder (754090) | about 4 months ago | (#47208049)

If it's stripe data, that implies the POS readers were compromised, just like Target. Interesting.

Yes, they have been compromised at the factory, which I stated in the Target Breaches, but no ones to believe because I will NOT name my sources.

Re:Someone's let the POS out of the bag! (1)

rtb61 (674572) | about 4 months ago | (#47208963)

It seems like all the POS compromises were inside jobs of one description or another. Pay minimum wage, chop and change employees, means you system will get compromised, it is just a matter of time. Looks like all instore purchase will require cameras at the checkout to to photograph every person making a credit card purchase. All deliveries based upon online credit card purchases will require an identified and photographed individual to accept them (skype could become popular for online purchase, no video confirmation and record, no sale). This to set up a trail to track for fraudulent activity to find the gang and the insiders.

Why are these numbers stored? (0)

Anonymous Coward | about 4 months ago | (#47207309)

Why are merchants even allowed to store these numbers? Shouldn't the numbers be part of a transaction and that's the end of it? And, if there is some reason the numbers must be stored why are they not encrypted? WTF?!

Re:Why are these numbers stored? (1)

preaction (1526109) | about 4 months ago | (#47207363)

Because PCI compliance means security! Brought to you by my PCI Compliance Consulting Firm.

Re:Why are these numbers stored? (2)

ThatsMyNick (2004126) | about 4 months ago | (#47207419)

Nothing in the article says they stored these numbers. Target had their card readers compromised. It could be the same case here.

Re:Why are these numbers stored? (1)

Centurix (249778) | about 4 months ago | (#47207941)

Exactly, there's no law to prohibit anyone from storing CC information, just a strong suggestion not to. Best practice preaches PCI/DSS compliance, but really it's the CC schemes that are broken. The schemes represent a compromise between convenience and 'security'. Here's an interesting Twitter stream: Need A Debit Card? [twitter.com] , some even post photographs of both sides of the card and then wonder why their accounts are empty.

Re:Why are these numbers stored? (1)

philip.paradis (2580427) | about 4 months ago | (#47210675)

PCI/DSS isn't simply about being able to claim nebulous adherence to "best practices"; it's about an organization's ability to maintain a business relationship with their customers and an upstream merchant account provider under certain agreed upon minimum standards for data security. Quoting PCI Data Storage Do’s and Don’ts [pcisecuritystandards.org] :

Do not store sensitive authentication data contained in the payment card’s storage chip or full magnetic stripe, including the printed 3-4 digit card validation code on the front or back of the payment card after authorization.

This point in particular is not flexible in nature. Storing that specific information, or failing to take specific steps to secure the access perimeter and specific systems through which said information traverses, are quick routes to termination of a merchant agreement. Such failures may also expose a business to significant legal liability; litigation rapidly becomes impressively expensive in the event of a breach whereby it comes to light that the business in question failed to follow basic PCI/DSS tenets, and said legal proceedings may turn into an even greater circus if dominant upstream EFT players such as Visa, etc believe there is reason to assume negligence on the part of an auditing firm that supposedly delivered a satisfactory report on compliance to the errant business. Reference the recent Target debacle for a fine example of such complications.

There are no magic bullets, but there are baselines. Those baselines could certainly use significant improvement, but that doesn't matter much if the business servicing the consumer doesn't care to consider even basic adherence to agreed upon information security standards as a critical factor.

THIRD WORLDERS (-1)

Anonymous Coward | about 4 months ago | (#47207323)

Gee... I wonder who could possibly be working in such establishments and engaging in credit card fraud. White people? Nope.

You got served (0)

Anonymous Coward | about 4 months ago | (#47207325)

Literally

Why do companies keep this data? (0)

Anonymous Coward | about 4 months ago | (#47207329)

Process the transaction, but why the hell do companies keep this data?

Re:Why do companies keep this data? (1)

Anonymous Coward | about 4 months ago | (#47207813)

Because when deadbeat freeloaders file chargebacks they have to have the data to prove they actually swiped a card.

Bad naming choice (1)

Tablizer (95088) | about 4 months ago | (#47207373)

Target store is going to change its name to Kick Me.

The official response from PF Changs here: (0)

Anonymous Coward | about 4 months ago | (#47207387)

https://www.youtube.com/watch?v=85HEH3y45bM

Read the fine print (1)

CheezburgerBrown . (3417019) | about 4 months ago | (#47207391)

Read the fine print, it says they get to cut off your dick.

My balance was over the limit... (1)

uCallHimDrJ0NES (2546640) | about 4 months ago | (#47207401)

...but half an hour later, it was empty again.

So, I guess these were (0)

Anonymous Coward | about 4 months ago | (#47207423)

Chinese hackers?

Restaurants etc. (1)

the eric conspiracy (20178) | about 4 months ago | (#47207427)

Minimize the number of places you expose your CC numbers. Pay cash where feasible. Use debit cards ONLY at bank terminals. Be especially careful at restaurants and gas stations.

Re:Restaurants etc. (3, Insightful)

vux984 (928602) | about 4 months ago | (#47207493)

Minimize the number of places you expose your CC numbers. Pay cash where feasible. Use debit cards ONLY at bank terminals. Be especially careful at restaurants and gas stations.

Or, if your in good standing with your bank, don't worry about it. The banks are good about fraudulent charges in the civilized world.

Re:Restaurants etc. (0)

mjwx (966435) | about 4 months ago | (#47207957)

Minimize the number of places you expose your CC numbers. Pay cash where feasible. Use debit cards ONLY at bank terminals. Be especially careful at restaurants and gas stations.

Or, if your in good standing with your bank, don't worry about it. The banks are good about fraudulent charges in the civilized world.

This really has to be one of the most naive things I've heard in a long time.

Sadly I hear it quite often.

"The bank will look after me, the bank's got my back".

Why do you think the bank wont drop you like a hot brick if you become too much of a liability? Why do you think the bank actually works for you and not the shareholders?

I'm not a paranoid nutcase, I'm happy to use the services of a bank but I also know that they will try to screw me over as much as possible. That's their business, to make money.., from me... I cant hate them for being a profit oriented business, but I can ensure it costs me as little as possible. So no, the bank is not my friend, it has not got my back and it not to be trusted.

Re:Restaurants etc. (0)

Anonymous Coward | about 4 months ago | (#47208921)

Ugh I spend $50K a year through the credit card. Someone got our numbers somehow once and ran up few grand, we didn't have to pay a dime. The GP is spot on, the bank will go to the bat for you.

Re:Restaurants etc. (1)

Trax3001BBS (2368736) | about 4 months ago | (#47209451)

Ugh I spend $50K a year through the credit card. Someone got our numbers somehow once and ran up few grand, we didn't have to pay a dime. The GP is spot on, the bank will go to the bat for you.

I had a $1000 draw on my account from Mexico, I reported it to the bank and they said they'd check the signature and if all was in order I wouldn't be charged for it.

I mentioned I didn't think it worked that way, come to find out my Mom traveled to Mexico as dental charges were dirt cheap.
being a tad old she used the wrong card.

Re:Restaurants etc. (1)

vux984 (928602) | about 4 months ago | (#47209349)

Why do you think the bank actually works for you...

I have no such illusion. I am not a liability. They make money off me. I presume they take about 3% of everything I run through the card, less the 1% they send back to me... So, 2% is theirs.

If they had to choose between eating a few fraudulent charges, and losing me as a customer they'd eat the charges. So, no, I'm not being naive. I know exactly what I'm worth to them.

Re:Restaurants etc. (1)

TWX (665546) | about 4 months ago | (#47207509)

I really wish that this was possible, but some places like Costco don't take credit except from a single card (AMEX), and buying things at Costco with cash could itself be risky given the amount of cash one would need to carry. Plus they only take plastic at their fuel pumps.

Re:Restaurants etc. (1)

mythosaz (572040) | about 4 months ago | (#47207681)

Costco might not take other CREDIT cards, but they POS debit just fine.

Aside, any AMEX will work as a Costco card to activate their gas pumps, for membership gas prices without membership. Any Discover does the same at Sam's gas pumps. [At least until later this year when they phase out Discover.]

Re:Restaurants etc. (0)

Anonymous Coward | about 4 months ago | (#47207733)

It sounds like Costco is by your own admission putting its customers at unnecessary risk. Why not shop elsewhere?

Re:Restaurants etc. (1)

khellendros1984 (792761) | about 4 months ago | (#47207999)

"Elsewhere" doesn't sell in bulk or at Costco's prices, while also paying their employees better than most large chain stores. And the Kirkland brand is pretty good, all around.

Re:Restaurants etc. (0)

Anonymous Coward | about 4 months ago | (#47207849)

I really wish that this was possible, but some places like Costco don't take credit except from a single card (AMEX), and buying things at Costco with cash could itself be risky given the amount of cash one would need to carry. Plus they only take plastic at their fuel pumps.

If you worry about carrying cash for groceries, perhaps it is time to move to a new neigborhood.

Re:Restaurants etc. (0)

Anonymous Coward | about 4 months ago | (#47208335)

Use debit cards ONLY at bank terminals.

Ha. About a year ago I went to my bank to withdraw some cash. It was around 10 pm, so the bank was closed, but the front machines were available.

The machine looked a bit odd, so I took a closer look before inserting my card - there was a skimmer on the machine. It blended in very well.

I called my bank using the number on the back of my card, and got someone in their call center who didn't seem that interested.

So I called the police, and they were very interested, since someone was probably going to come back and pick up the skimmer...

Re:Restaurants etc. (1)

wisnoskij (1206448) | about 4 months ago | (#47208539)

Carry hundreds of dollars worth of cash around with you at all times = security.

Re:Restaurants etc. (1)

ewieling (90662) | about 4 months ago | (#47208809)

I do similar things. Yes, it can help prevent credit card fraud and the hassle associated with it, but I am far more concerned about the privacy implications of using plastic for everything.

Use Bitcoin already! (1)

ASDFnz (472824) | about 4 months ago | (#47207463)

And yes, I am serious. I am now going to get my flame suite on though.

Re:Use Bitcoin already! (0)

Anonymous Coward | about 4 months ago | (#47207953)

And yes, I am serious. I am now going to get my flame suite on though.

I would, except I had them all deposited at Mt. Gox.

Re:Use Bitcoin already! (1)

ASDFnz (472824) | about 4 months ago | (#47208089)

I would, except I had them all deposited at Mt. Gox.

Touché

I as meaning the public/private key technology though and not a crooked company involved with it though.

When all said and done, you can "hack" a credit card with a pen and paper, even a photocopier will work. The system as archaic and in need of a replacement.

Re:Use Bitcoin already! (1)

ASDFnz (472824) | about 4 months ago | (#47208103)

The system as archaic and in need of a replacement.

Gonna troll myself here... you meant is not as you fat fingered dumbass.

If you're eating at P.F. Chang's... (1)

Patent Lover (779809) | about 4 months ago | (#47208009)

... you have bigger damage to worry about than your credit, like your colon.

Re: If you're eating at P.F. Chang's... (0)

Anonymous Coward | about 4 months ago | (#47208505)

That's why for Chinese food I always go to Shitty Wok.

Got a call from my CC fraud dept today (1)

Poisonous Drool (526798) | about 4 months ago | (#47208251)

There were two suspicious charges in New York state: $20 at Burger King and $300 at Kohls, both declined (yah!). I used that CC at PF Changes in late March.

Re:Got a call from my CC fraud dept today (1)

freeze128 (544774) | about 4 months ago | (#47208785)

Wow! I was going to say that the criminals seem to be getting smarter, but your post is evidence otherwise.

"Gee, this card can't handle a $20 charge for lunch, so I'll try to buy something MORE expensive with it...."

CC Fraud vs Bitcoin (1)

codebonobo (2762819) | about 4 months ago | (#47208481)

The thing I like about bitcoin is it allows the user to determine how secure or insecure they wish to be while with credit cards they are dependent upon multiple third parties security measures and the weakest link in the chain can expose you to fraud. I never had an issue with fraud in Bitcoin and have had multiple issues with fraud with debit/cc's where I needed to get replacement cards and was liable for the deductible.

When I pay a retailer with Bitcoin I don't have to worry about identity theft or my account being compromised.

Re:CC Fraud vs Bitcoin (1)

ASDFnz (472824) | about 4 months ago | (#47208823)

I cannot agree more, I even just bogged about it;-

http://mineforeman.com/2014/06... [mineforeman.com]

Bitcoin's public/private key system avoids the issue all together.

With a credit card when you hand over your plastic you have effectively just handed over you private key for someone to copy with a magnetic strip reader, a photocopier or even something as old school like a pen and paper.

Almost, but not quite (1)

Powercntrl (458442) | about 4 months ago | (#47209155)

Bitcoin does solve the issue of being able to electronically pay people you may not trust, but so does PayPal. Bitcoin transactions are slow to confirm, you have no protection as a buyer to perform a chargeback (for example, you buy tickets for a concert that turn out to be counterfeit) and the price of Bitcoin is extremely unstable. Bitcoin also is not really free of transaction fees, either. You will pay a fee to an exchange when buying Bitcoin with fiat.

Bitcoin's deflationary design also makes it lousy as a currency, since why would you use it to buy two pizzas today when that same amount a few years from now might buy you a Tesla Model S?

Cryptocurrency probably does have a place in the future of commerce, but it will probably be something that addresses Bitcoin's serious shortcomings.

Re:Almost, but not quite (1)

codebonobo (2762819) | about 4 months ago | (#47210825)

I am going to stay ontopic rather than discuss all of your statements.

Bitcoin does solve the issue of being able to electronically pay people you may not trust, but so does PayPal.

Isn't the chargeback potential a risk under paypal not found for bitcoin? When someone gets paid the charge can be reversed at any time per Paypal's discretion. Thieves will buy bitcoins all the time on ebay with stolen paypal accounts and than the seller will be out all the money when paypal reverses the transaction. Additionally, isn't paypals security polices also a risk for the user unlike with bitcoin where you can trust the mathematics and network which is immune from many traditional attack vectors?

WHY ARE YOU STORING CC NUMBERS? (0)

Anonymous Coward | about 4 months ago | (#47208619)

WHY ARE YOU STORING CREDIT CARD NUMBERS? Run it, get the transaction/confirmation code, and shred it. Jesus christ, you might as well just use carbon paper and throw the carbons on the floor of your restaurant.

BDO ... BDO (0)

Anonymous Coward | about 4 months ago | (#47208713)

[Pilot] Bang Ding OU Bang Ding OU

[Chink Controller] Wa Da Wong ... Wa Da Wong

[Pilot] WE TU WO ... WE TU WO.

[Chink Controller] U Da WABR ... U Da WABR.

[Pilot] HO RE FUK .. HO RE FUK.

[Chink Controller] TUN PU HA ... TUN PU HA.

[Pilot] Bang Ding OU.

Credit card Security is a none term (1)

Trax3001BBS (2368736) | about 4 months ago | (#47209131)

The only way almost all credit card thefts have been realized is their sale on different web sites. These Security personal check the sites at regular intervals (or informed of them) then point and say AH! HA!

Re:Credit card Security is a none term (1)

Trax3001BBS (2368736) | about 4 months ago | (#47209167)

none = non

Massive Breach? (1)

Fnord666 (889225) | about 4 months ago | (#47209189)

And by massive they mean "On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so...". Hardly on the scale of the Target breach so far.

Chip and pin? (0)

Anonymous Coward | about 4 months ago | (#47210297)

Why isn't the USA using chip and pin? In the EC this type of fraud does not work.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?