Skip to content ↓ | Skip to navigation ↓

Update 12/24 5:10 PM Reuters is reporting that the Target hackers may have also stole encrypted personal identification numbers (PINs). Banks fear the hackers will be able to crack the encryption code and make fraudulent withdrawals from consumer accounts. Target confirmed that”encrypted data” was stolen, but have not confirmed that this included encrypted PINs.


Update 12/20 9:00 AM It is being reported that the credit card data from the Target data breach has been found on the black market.


Update 12/19 8:23 AM Target has confirmed the data breach, stating at least 40 million credit card numbers along with the three digit security codes have been compromised.


Multiple news sources are reporting that the Secret Service is investigating a data breach at Target in relation to millions of credit card and debit card numbers used in their stores.

So far it appears the breach affects all Target locations across the country and involves the theft of data stored on the magnetic strips on the cards. So far indications are that the breach from Black Friday to December 15th. However, the scope of the breach appears to be expanding as more information is discovered.

“The breach window is definitely expanding,” said an unidentified anti-fraud analyst at a top ten U.S. bank card issuer. “We can’t say for sure that all stores were impacted, but we do see customers all over the U.S. that were victimized.”

This is a case where even those who are not shopping online are affected, but those shopping at the physical stores with their credit cards. The attack itself might remind some of the attack on TJX Companies Inc., where 46.5 million credit card numbers were compromised over 18 months during a cyber intrusion.

Magnetic Strip Cards Increases Risk

The U.S. is one of the last markets to move away from the magnetic strip based cards to EMV (Europay Visa Mastercard) cards which provide greater security and safeguards from skimming and other forms of fraud that magnetic strips fall victim to.

The magnetic strip cards currently used in the US is based on technology developed in the 1960’s and is plagued with security and fraud issues. Using $25 hardware it is easy to replicate magnetic strip data onto a new card, if this is done en masse and orchestrated properly it can and has provided attackers with huge payouts.

Read More Here…

Hacking Point of Sale
  • Glenn

    And as long as all resulting costs are forced on the merchants and the banks issuing the cards aren't made to absorb any of the costs, they will have no incentive to move away from magnetic strips.

    • Card issuers charge merchants a higher rate for less secure methods of payment – the highest being for a card not present transaction like through a webpage. Card/signature are next highest rates, followed by Card/PIN, which are more secure (something you have, something you know). Chip and PIN would be most secure of all, and garner the lowest rates, so no financial incentive to have better security. The card issuers even offer rewards for card/signature purchases, which is ridiculous. "But my credit card company does not make me pay for fraud on my card…" Yes they do, by making all the goods merchants sell just that much more expensive.

  • Will

    Hackers will try to sell this information in bulk on black market. and try to convert it via buying gifts online. this could be the point investigating agencies will keep in mind. and it can be helpful to catch thives.

  • Mac

    If we know these web sites and have the experts like the NSA folks why not hack them and shut them down?

  • Target claims there is a silver lining in all this, the 'glass half full': since the master key for the encryption of the credit card pins was separate from the breached Target system, the bad guys cannot unencrypt those pins. Target is therefore able to claim a kind of 'Safe Harbor' claim: that the key to decrypt the data could not have been taken, and "The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken."

    Safe Harbor is a respectable concept with some clear technologies emerging to enable it, for both larger companies and (using cloud technology) for SMEs. For example, see http://www.porticor.com/2013/12/target-claims-str