Re­tailer a Tar­get in theft of PINs

Sunday Territorian - - WORLD -

TAR­GET says debit- card PINs were among the fi­nan­cial in­for­ma­tion stolen from mil­lions of cus­tomers who shopped at the US re­tailer this month.

The com­pany said the stolen per­sonal iden­ti­fi­ca­tion num­bers, which cus­tomers type into key­pads to make se­cure trans­ac­tions, were en­crypted — strongly re­duc­ing risk to cus­tomers.

In ad­di­tion to the en­crypted PINs, cus­tomer names, credit and debit card num­bers, card ex­pi­ra­tion dates and the em­bed­ded code on the mag­netic strip on back of the cards were stolen from about 40 mil­lion credit and debit cards used at Tar­get stores be­tween Novem­ber 27 and De­cem­ber 15.

Se­cu­rity ex­perts said it was the se­cond-largest theft of card ac­counts in US his­tory, sur­passed only by a scam that be­gan in 2005 in­volv­ing re­tailer TJX Cos.

Spokes­woman Molly Sny­der said: ‘‘ We re­main con­fi­dent that PIN num­bers are safe and se­cure. The PIN in­for­ma­tion was fully en­crypted at the key­pad, re­mained en­crypted within our sys­tem, and re­mained en­crypted when it was re­moved from our sys­tems.’’

How­ever, Gart­ner se­cu­rity an­a­lyst Avi­vah Litan said the PINs for the af­fected

It’s a leaky sys­tem to

be­gin with

cards were vul­ner­a­ble and peo­ple should change their codes as such data had been de­crypted be­fore.

In 2009 com­puter hacker Al­bert Gon­za­lez pleaded guilty to con­spir­acy, wire fraud and other charges af­ter mas­ter­mind­ing debit and credit card breaches in 2005 tar­get­ing sev­eral re­tail­ers. Gon­za­lez’s group was able to un­lock en­crypted data.

Litan said changes had been made to make de­crypt­ing more dif­fi­cult but ‘‘noth­ing is in­fal­li­ble’’.

Be­sides chang­ing their PIN, Litan said shop­pers should in­stead opt to use their sig­na­ture to ap­prove trans­ac­tions. But she said Tar­get did ‘‘as much as could be rea­son­ably ex­pected’’ in this case. ‘‘It’s a leaky sys­tem to be­gin with,’’ she said.

Credit card com­pa­nies in the US plan to re­place mag­netic strips with dig­i­tal chips by late 2015, a sys­tem al­ready com­mon in Europe and Aus­tralia that makes data theft more dif­fi­cult.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.