... could there more?

According to the news, some security experts suspect some retailers might not know yet that they have been compromised.

More discoveries may be made now that information is being shared with companies through security experts on how to identify it.



In a subsequent interview with CNBC, Target CEO Gregg Steinhafel confirmed that the compromise followed a breach of its POS systems. Though the company is still trying to figure out what exactly happened, it has been able to determine that malware was installed in its POS systems, he said.

At least three other retailers are believed to have been hit by the same malware, including Neiman Marcus. The names of the other two remain unknown.


Security firm IDs malware used in Target attack - Computerworld (http://www.computerworld.com/s/article/9245491/Security_firm_IDs_malware_used_in_Target_attack)

NPR News:

Tom Kellermann, a managing director at Alvarez & Marsal, a professional services firm, says the latest round of attacks indicate that even companies that invest heavily in sophisticated security systems are seeing new vulnerabilities from new sources — namely, rogue hackers who are buying readily available software tools on the black market.

"There's a massive consulting- and software-based industry that supports the shadow economy that makes it far easier for people who are not sophisticated to leverage these types of attacks," Kellermann says.

Kellermann says organized crime syndicates — especially in Eastern Europe — not only make money selling the malware but also use the hackers' channels to their own ends. They prod at a company's network, often hanging out for months undetected, and then plan their attack.

Security Experts Say Data Thieves Are Getting Harder To Fight (http://www.npr.org/blogs/alltechconsidered/2014/01/13/262228600/security-experts-say-retail-data-breaches-tougher-to-fight)

Well these criminals can copy your credit card even while you carry it on your person, copy it at restaurants, stores,etc, convert ATM Gas pumps to copy your card, electronically clone your car remote and bypass your car lock. and if all that fails they simply can kick down your door or break a glass to gain access

What the heck are we suppose to do?

Yes, I have read about the Chip 'n PIN vulnerability too.

Apparently there are special sleeves that are "supposed" to shield the cards such that a person using a scanner would not be able to read it. But I have also read they are not 100%.


I think, we are in the early days of learning how criminals exploit the new technologies.

I work for a large financial services company. I spent this past year designing software for them to enable chip and pin. I have also developed fraud detection software used by financial services companies. The basic problem is magnetic stripe cards can be copied and counterfeited. CHIP or EMV cards as we call them, add a new layer of security that prevents this. Bottom line -- all of this costs more money. You cannot add more security (which also increases complexity) without adding cost. We all pay for it in the end. Visa and MasterCard have shifted liability for fraudulent transactions that use EMV to the banks starting in 2015. The idea is to incent them to spend the additional money to issue EMV cards. Events like the recent breaches serve to bring more awareness to the problem and may expedite the rollout. For consumers like you and I, the regulations are such that once we report fraud we are no longer responsible for it. Bottom line -- keep a close eye on your bank statements regardless of the kind of card you have.

Another problem with data breaches is that the information is not always card information.

Sometimes it is information that criminals use to open new fraudulent lines of credit using someone else information.


However, card fraud is pretty bad in this country.

Business Wire:

The U.S. currently accounts for 47% of global credit and debit card fraud even though it generates only 27% of the total volume of purchases and cash, according to Global Card Fraud, from a recent issue of The Nilson Report, a respected trade newsletter on the payments industry.

U.S. Leads the World in Credit Card Fraud, states The Nilson Report (http://www.businesswire.com/news/home/20111121005121/en/U.S.-Leads-World-Credit-Card-Fraud-states#.UuKad_bTn0E)

I work for a large financial services company. I spent this past year designing software for them to enable chip and pin. I have also developed fraud detection software used by financial services companies. The basic problem is magnetic stripe cards can be copied and counterfeited. CHIP or EMV cards as we call them, add a new layer of security that prevents this. Bottom line -- all of this costs more money. You cannot add more security (which also increases complexity) without adding cost. We all pay for it in the end. Visa and MasterCard have shifted liability for fraudulent transactions that use EMV to the banks starting in 2015. The idea is to incent them to spend the additional money to issue EMV cards. Events like the recent breaches serve to bring more awareness to the problem and may expedite the rollout. For consumers like you and I, the regulations are such that once we report fraud we are no longer responsible for it. Bottom line -- keep a close eye on your bank statements regardless of the kind of card you have.
Good information!! Thanks