|
December 30, 2013 - Two weeks ago Target announced a data breach involving 40 million debit and credit cards. The breach occurred on cards used for in-store purchases between November 27th and December 15th. In its initial announcement, the store listed the items of information that were breached. Debit card PIN numbers were not among those items. But now, the retailer has changed its tune. PIN numbers were in fact stolen in this breach.
Target continues to tell its customers that they shouldn't be worried about the stolen PIN numbers. According to the chain, those numbers were heavily encrypted. We have a slightly different view. If you used a debit card at Target stores during the timeframe of the breach, you should change your PIN immediately and ask to have a new card issued. Not doing so is simply tempting fate.
ACCESS is apparently not alone in our view. Chase Bank has placed restrictions on debit cards that were used at Target during the data breach period. They have reduced the amount of money affected customers can withdraw from ATMs and reduced their daily purchase limits. Chase has also announced that it will be replacing affected cards over the next few weeks. Citibank has also imposed similar rules.
The card data which was stolen is already available for sale over the internet. It is being sold for anywhere from $20 to $100 per card, in blocks of 1 million card numbers.
Anyone who finds fraudulent charges on their credit card bills is protected against all but the first $50 of those charges by law. Debit card customers enjoy similar protections as long as they report the charges to their bank within 60 days. After that timeframe, the cardholder is responsible for fraudulent charges.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|
Credit Issues 
