Entry tags:
The latest credit card breech: Buckle Stores
I'd never heard nor I think seen a Buckle Store, though theoretically they have locations at two malls that I occasionally visit. Anyway, same old story: malware in POS terminals, unknown number of cards have information compromised. Terminals were hacked for about six months, from late October last year to mid April '17.
It is important to note two things. All Buckle Stores have EMV readers: they can read the electronic chips in most, BUT NOT ALL, cards. Not all banks have adopted chips in cards. But worse yet, not all EMV readers HAVE THE READER TURNED ON! For example, the Walmart store in my area does not: you still have to swipe your card, which means that my card is vulnerable to compromise.
The reason for this is vendors got greedy: they convinced merchants that they MUST upgrade their card readers to EMV compatibility! So the merchants did. But the vendors didn't tell them that to enable the EMV reader was an additional software upgrade, so many merchants didn't do the second bit.
These hacks target magnetic stripe information because that info is really easy to clone and copy on to new blank cards, then use those cards for online purchases. The fraudsters make their money by making big dollar value online purchases, like iPhones and Xboxes, having them shipped to money mules (those "make big dollars working from home" ads) who return them to physical stores, convert the money to money orders while taking a percentage, then wiring the money overseas. The mules are committing a felony by doing so, and every year many of them go to prison while the overseas contacts just vanish.
KMart was AGAIN recently compromised, which made me pause for some reflection. On the negative side, we get my wife's meds there every few weeks. But on the positive side, they implemented EMV, and we always use that, so our info was probably secure. And probably on the mega-negative side, the store is closing, so lots of jobs are going to be lost locally.
When stores have implemented EMV, and your card has an EMV chip, you usually cannot swipe it. So that's good.
So take a look at your wallet. Do any, and I mean ANY, of your cards not have chips? If they do not, complain to the issuing institution. The USA is the last country in the G20 to NOT REQUIRE EMV chips. And we have to put up with shitty hackers like this CONSTANTLY compromising our information. Banks really need to step up. Every time this happens it costs the banks money to reissue cards. And that means increased fees for bank customers.
https://krebsonsecurity.com/2017/06/credit-card-breach-at-buckle-stores/
It is important to note two things. All Buckle Stores have EMV readers: they can read the electronic chips in most, BUT NOT ALL, cards. Not all banks have adopted chips in cards. But worse yet, not all EMV readers HAVE THE READER TURNED ON! For example, the Walmart store in my area does not: you still have to swipe your card, which means that my card is vulnerable to compromise.
The reason for this is vendors got greedy: they convinced merchants that they MUST upgrade their card readers to EMV compatibility! So the merchants did. But the vendors didn't tell them that to enable the EMV reader was an additional software upgrade, so many merchants didn't do the second bit.
These hacks target magnetic stripe information because that info is really easy to clone and copy on to new blank cards, then use those cards for online purchases. The fraudsters make their money by making big dollar value online purchases, like iPhones and Xboxes, having them shipped to money mules (those "make big dollars working from home" ads) who return them to physical stores, convert the money to money orders while taking a percentage, then wiring the money overseas. The mules are committing a felony by doing so, and every year many of them go to prison while the overseas contacts just vanish.
KMart was AGAIN recently compromised, which made me pause for some reflection. On the negative side, we get my wife's meds there every few weeks. But on the positive side, they implemented EMV, and we always use that, so our info was probably secure. And probably on the mega-negative side, the store is closing, so lots of jobs are going to be lost locally.
When stores have implemented EMV, and your card has an EMV chip, you usually cannot swipe it. So that's good.
So take a look at your wallet. Do any, and I mean ANY, of your cards not have chips? If they do not, complain to the issuing institution. The USA is the last country in the G20 to NOT REQUIRE EMV chips. And we have to put up with shitty hackers like this CONSTANTLY compromising our information. Banks really need to step up. Every time this happens it costs the banks money to reissue cards. And that means increased fees for bank customers.
https://krebsonsecurity.com/2017/06/credit-card-breach-at-buckle-stores/