advertisement
Looking for something on the site? Search for it here! Also see Clark's Greatest Hits

Jan 23, 2009 -- New security breach puts millions of people at risk financially

Up to 100 million of us could have sensitive financial info exposed because of a new security breach after a back-office credit card processing operation was hit by hackers.

Heartland Payment Systems was hit despite having modern encryption software. The crooks who breached their system got credit card numbers, expiration dates and internal bank codes for Visa and MasterCard users.

While the exact number of compromised accounts is not yet known, the Heartland breach is expected to surpass the massive TJX breach of 2007.

How can you protect yourself? You've got to thoroughly check your credit card statements and report any suspicious activity.

Beyond that, Clark feels it's unacceptable that we still use '60s-era magnetic strip technology in our credit and debit cards while other nations have gone to smart chip technology. With smart chip technology, even if a crook had your credit card number, they'd still need an additional secret PIN to make any charges.

It's only through sheer corruption that bank regulators haven't required smart chip technology of the banks.

If you discover false transactions on your credit card, you're protected under the law, right? But what about your debit card? There's nothing required in current regulations to forbid your bank from charging you NSF fees if a thief steals your debit card. Your bank is only required to restore funds -- they're not required to waive any bounced check charges. Shame on the banks.

These kinds of things will continue happening until we implement real security. Be sure to vote in Clark's poll about smart chip technology.

Unfortunately, Clark won't be able to answer any questions submitted via commenting. If you have a question, please try posting it to our message boards.

Avg. rating: N/A

What others are saying

  • credit card abuse
    The comment that " banks already agree to eat losses from unauthorized use" is really untrue. Everyone keeps saying this but that is not the way it works.

    The unfortunate innocent merchant is the one that eats any fraudulent charges and usually has to pay charge-back fees on top of the fraudulent charges. The banks do not lose anything and in fact make money on most fraudulent charges when they charge the merchants extra fees when the merchant innocently and unknowingly accepts the stolen card for goods or services.

    The banks make a big noise about credit card fraud losses, but almost all of these are directly passed back to the merchants.
    Just thought you'll would like to know.
    Thanks, Hecotr
    By hector @ 03/07/09 01:16:18 AMreport abuse
  • Credit/Debit Card Scams
    My debit card was hacked in the Hannaford Supermarket incident last spring. One charge of $50 was made to an outfit in Brazil before Ameritrade caught it and shut down the card. When I got a new card (after a lot of hassle) I requested that charges be limited to domestic vendors only. That's my suggestion.

    For foreign travel, one can use traveler's checks or purchase a preloaded VISA or Mastercard. The other option is American Express, for those with superior credit.
    By R. Jespersen @ 02/13/09 03:24:25 PMreport abuse
  • RFID
    You're all forgetting about the "Card not present" features. Ever order anything over the phone or on a website ? RFID won't help you there. Biometrics won't help either.
    By jimmy @ 02/08/09 06:51:07 AMreport abuse
  • Chip and Pin
    I was supprised by the Yes answer on the poll which is against smart chip. I think the only ones that voted "yes" did not read your question. I think they thought they voted yes to wanting smat chip. Maybe need to reword this.
    By Thomas @ 01/28/09 10:33:15 AMreport abuse
  • Chip and PIN for credit cards
    The chip and pin that Clark is referring to is the the system used primarily in Europe that relies on a smartcard chip and reader that requires physical contact with the card and a PIN vs the wireless system used here in the U.S. (Mastercard's Paypass for example). An article about it can be found at http://www.creditcards.com/credit-card-news/outdated-smart-card-chip-pin-1273.php
    By Dave @ 01/27/09 01:48:23 AMreport abuse
  • Account closed too
    Yep, my Visa card account was cancelled last week as well due to my card being "compromised". That's all they would tell me so I assume it has to do with this breach. The thing that makes me mad is that they didnt call me, I only found out when my card stopped working and called them.
    By Richard @ 01/26/09 02:51:36 PMreport abuse
  • RFID
    A previous post said "But as for RFID's being the answer to theft, I see it being a solution in search of a problem."

    RFID has already found a problem. Anybody with an RFID scanner can retrieve your credit card info. If your credit card has an RFID chip, make sure you get a Faraday Cage for your wallet.
    By Paul @ 01/26/09 09:57:47 AMreport abuse
  • More info
    More information can be found at http://www.2008breach.com/

    I got my credit card statement the other day. I had made some card purchase after the statement date so I called to get the current total so I could pay that off as well. When I called, I got a message saying my account was closed. When asked why they gave me the website above. I checked all the charges on my account and there weren't any false charges on them, thank goodness. Thanks to the bank for being pro-active and closing my account and issuing me a new card.
    By Paul @ 01/26/09 09:47:57 AMreport abuse
  • credit
    This is a major issue for me. I am a mastercard user and I am also worried about it being used/stolen by someone else. I found this article interesting because it bring up a valid point. Credit cards can easily be stolen and used and most people do own and use credit cards. I feel there should be should be some action taken to make using credit cards more secure. Most places don't ask for ID and you don't need a pin for most credit cards. As a frequent credit card user this article is helpful and brings up a valid issue.
    By brooke @ 01/25/09 07:50:49 PMreport abuse
  • ID check still works fine
    The current program of checking ID and CCV verification works fine; stolen cards can be instanly shut-down, and banks already agree to eat losses from unauthorized use. RFID's can only assist thieves who want to get around current safeguards. I'd rather see the cardholder's photograph placed on the mag stripe and displayed at the point of purchase. Pinning CC's for internet purchases would work well too. But as for RFID's being the answer to theft, I see it being a solution in search of a problem.
    By JD Adams @ 01/24/09 12:42:06 PMreport abuse
  • Chip Credit Card
    I like the idea of a CC using a pin, but how could buy anything online if you need to put a pin number in like airline tickets, for example.
    By Guy @ 01/23/09 08:13:34 PMreport abuse
  • "No-Swipe" Credit Cards Denounced
    by Senate Banking Committee Member:
    http://www.spychips.com/press-releases/senator-denounces-rfid.html

    by security researcher:
    http://tinyurl.com/cc4sxx

    by New York Times report:
    http://www.nytimes.com/2006/10/23/business/23card.html
    By CGTIII @ 01/23/09 06:47:06 PMreport abuse
  • Chipped Credit Cards are a Greater Security Risk
    The chips in cards can be read at a distance by thieves and hackers. PIN isn't required for cc charges -- only debit. I won't have one. Made them replace it. There's more to the story Clark. see www.spychips.com
    Enjoy the show but fear the technical advice.
    By CGTIII @ 01/23/09 06:27:13 PMreport abuse
send to a friend  view as printer-friendly  RSS feeds
advertisement
advertisement
THIS WEEK'S POLL
advertisement