HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
It sure seems like we are seeing an awful lot of these hacks lately. And what's up with not noticing for months?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Neiman Marcus Hacked, 1.1M Credit Cards Exposed
- Thread starter HardOCP News
- Start date
chameleoneel
Supreme [H]ardness
- Joined
- Aug 15, 2005
- Messages
- 7,591
Often, a major issue is password complexity. So many times I have seen keyboard swipes for passwords (qwerty, asdfgh, 123456, etc) or the password is the phone number for the phone next to the server...
"The United States is one of the last countries to move toward the technology. In Europe, 81 percent of the cards have EMV chips, according to the consulting firm Celent. Countries that have adopted the technology have seen a sharp decline in credit card fraud. In Britain the amount of fraud per transaction has dropped 57 percent since 2002. Meanwhile, fraud has risen sharply in the United States, some 70 percent between 2004 and 2010, Celent information shows."
-------
-------
Bleedblue12345
[H]ard|Gawd
- Joined
- Nov 1, 2004
- Messages
- 1,942
1.1 million people in the U.S. can afford to shop at Neiman Marcus??? 
leSLIe
Fisting is Too Mainstream for Me
- Joined
- Oct 18, 2004
- Messages
- 13,977
Go NSA baby!
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,994
Well finally a hack job where credit cards were stolen and I don't have to worry about it one bit
Omnipotent insight: at some point, your identity has been compromised.
Target? Yes.
Neiman Marcus? Yes.
Walmart? Yes.
McDonald's? Yes.
Best Buy? Yes.
The pizza place down the street? Yes.
That hooker who gave you the clap? Yes.
Either start using cash and/or Bitcoin and accept that electronic malfeasance is the condition, not the exception.
Target? Yes.
Neiman Marcus? Yes.
Walmart? Yes.
McDonald's? Yes.
Best Buy? Yes.
The pizza place down the street? Yes.
That hooker who gave you the clap? Yes.
Either start using cash and/or Bitcoin and accept that electronic malfeasance is the condition, not the exception.
So a co-worker of mine just went overseas to Denmark. And surprisingly, he couldn't use his American issued credit cards in about 50% of the places he went because they are "unsecure" no duh. You guys across the pond have some metallic strip/RFID thingy and you have to type in a pin everytime you use a credit card?
Can someone elaborate? Does it work? And if so, wtf aren't we using that here in the States? Costs too many almighty dollars to implement? Seems to me like 100s of millions of credit card theft and reissuance of accounts is pretty damn expensive too. I know people are stupid, but they that bad at these credit card companies?
Can someone elaborate? Does it work? And if so, wtf aren't we using that here in the States? Costs too many almighty dollars to implement? Seems to me like 100s of millions of credit card theft and reissuance of accounts is pretty damn expensive too. I know people are stupid, but they that bad at these credit card companies?
Insula Gilliganis
[H]ard|Gawd
- Joined
- Feb 6, 2007
- Messages
- 1,469
Credit Card Hackers Hit Neiman Marcus
Must not be a lot going on.. old news with an updated number.. so excit..in...zzzzzzzzzzzzz
Must not be a lot going on.. old news with an updated number.. so excit..in...zzzzzzzzzzzzz
faugusztin
2[H]4U
- Joined
- Mar 9, 2008
- Messages
- 2,668
European cards got :
1) the usuall magnetic strip at back
2) chip
3) modern cards got support for contact-less payments (http://usa.visa.com/personal/cards/card_technology/paywave.html . It does not require PIN, it is usually limited to some low value, for example in Slovakia it is 20/day, so it is fine for small things like visiting restaurant or a grocery shop, but low enough to not to be worth attacking)
If PIN is required or not usually depends on two major factors :
1) is it a credit card or a debit card ? Pretty much all debit card transactions require PIN.
2) settings of the POS terminal. Some shops require PIN for credit cards, some don't.
And why it isn't in US ? My guess is that too many of the shops which accept credit cards do it manually/offline ? Here pretty much all transactions on credit or debit cards are "online", so you get instant SMS/email notification about the transaction. The only exception are those contact-less payments, but those are value limited.
Do you live in a town where everyone does their shopping at Wal-Mart?
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,994
In the US? At least age ... maybe 30? If yes to both of those... get outside more often
- Joined
- Aug 20, 2006
- Messages
- 13,000
I've never heard of it because I don't shop at shitty locations.
I haven't heard of it either.
CaptNumbNutz
Fully [H]
- Joined
- Apr 11, 2007
- Messages
- 24,987
So far the cost to implement a new system has been more than the cost of fraud. That has slowly been changing though. This is especially true of American companies and banks, where capital is so large to begin with that fraud has only been a small blip on their radar screen.
Europe has always been more focused on consumer protection than the USA, so they tend to adopt these technologies quicker. The more high dollar incidents like Target with 110 million cards, the quicker the credit card companies in the USA will adopt the new tech.
Last I heard, they were looking to go to a new processing tech that would involve single issued keys per transaction to begin implementation around 2015. But the last time I heard anything about that was back in early 2012 so who knows what they are doing now. At that time I was told that the reason they had not gone to the pin/chip method the Europeans were using had to do with the cost and complexity to implement it, requiring upgrades to the entire credit card processing infrastructure. Honestly, it sounded like bullshit then like it does now since the Europeans already paved the way by working out the bugs.
Robertmarcus
Gawd
- Joined
- Jun 4, 2012
- Messages
- 671
neiman marcus is a high end retailer located in many different malls across america. Not exactley shitty
Or he could just you know not live by one of them.
I haven't heard of them before either. I looked at their site for locations. Nearest ones to me are Chicago, but I don't go to Chicago.
States that have them
Arizona
California
Colorado
DC
Florida
Georgia
Hawaii
Illinois
Maryland
Massachusetts
Michigan
Missouri
Nevada
New Jersey
New York
North Carolina
Philadelphia
Texas
Virginia
Washington
Most of those states only have 1 or 2. Illinois has about 6 of them in Chicago. They appear to be big in California, Texas and Florida.
So for anyone outside of large cities in those few states you I wouldn't be surprised if they didn't know about the place.
I believe this is what you call old news: http://www.marketplace.org/topics/business/neiman-marcus-target-reveals-credit-card-hack
I actually talked about this hack whenever everyone was bitching about the Target hack. Oh and of course Target was guilty of not admitting to the hack until Xmas passed (this was in the comments not from Steve) and of course since it wasn't about a CPU, or MB, the posters were wrong http://www.marketplace.org/topics/b...s-victims-massive-credit-and-debit-card-theft
And FYI, there's more to come. This malware is going to hit a lot of places.
BladeVenom
Supreme [H]ardness
- Joined
- Jun 29, 2005
- Messages
- 7,707
Too bad the government doesn't go after real criminals instead of spying on everyone. The could put a significant dent in identity theft.
is the goal ID theft? I assumed the goal was to harvest as many CCs as possible, siphon as much money as possible from those cards and move on.
xX_Jack_Carver_Xx
2[H]4U
- Joined
- Jun 6, 2005
- Messages
- 2,542
The "chip" in the card is not going to stop it, the enemy will just up their game. The hacks intercepted the data downstream anyway, so they can still use it for mailorder until they manage to make their own programmed chip counterfeit cards.
There is a way to solve all this, and the same tech would allow making a biometric National ID card that did not involve any government database of your biometrics.
There is a way to solve all this, and the same tech would allow making a biometric National ID card that did not involve any government database of your biometrics.
Runningflame570
Limp Gawd
- Joined
- Jan 28, 2008
- Messages
- 493
Nobody takes security seriously until it costs them and I mean dollars, not their reputation. This is liable to cost Neiman Marcus quite a bit though given their typical clientele, how long it occurred for, how long it took them to notice, and how long it took them to notify people.
I see a sizable settlement in a class action suit in the not-so-distant future.
I see a sizable settlement in a class action suit in the not-so-distant future.
No, I live in a major city. It just doesn't exist where I live, hence I never heard of it. The nearest location is in Bellevue Washington which is way the fuck up there.In the US? At least age ... maybe 30? If yes to both of those... get outside more often
I for one am loving these stories. Only having one credit card for emergencies is crazy, people said... Mmmmm the tears of sadness are delicious.
I do so enjoy the look on the face of cashier's when I pay with cash. It like they think I'm a time-traveler from the distant past or something. Green slips of paper? What do I do with these?
I do so enjoy the look on the face of cashier's when I pay with cash. It like they think I'm a time-traveler from the distant past or something. Green slips of paper? What do I do with these?
Can't hack cash.
While i am one of the masses that use credit cards for pretty much everything now, cash transactions are still pretty secure. Sure people do counterfeit money, but it's not anywhere near the scale of electronic theft.
If the banks would give us bigger denominations, and stores and other POS locations were more okay with larger bills, i would not use credit cards at all. No electronic trail FTW!
While i am one of the masses that use credit cards for pretty much everything now, cash transactions are still pretty secure. Sure people do counterfeit money, but it's not anywhere near the scale of electronic theft.
If the banks would give us bigger denominations, and stores and other POS locations were more okay with larger bills, i would not use credit cards at all. No electronic trail FTW!
Can't hack cash.
While i am one of the masses that use credit cards for pretty much everything now, cash transactions are still pretty secure. Sure people do counterfeit money, but it's not anywhere near the scale of electronic theft.
If the banks would give us bigger denominations, and stores and other POS locations were more okay with larger bills, i would not use credit cards at all. No electronic trail FTW!
Security is the reason why they don't accept larger bills. You have to be able to make change. If I accept $100 that means that at any given point in time I have to be ready for people giving me $100 and buying a pack of gum. So I have to have several hundreds or even thousands of dollars in the register at any given time. However if I say that you can't use anything higher than $20 in my place of business then I only need to have maybe a few hundred.
Would like to know what you buy on a regular basis that you need to carry larger than $100s on you and need store to regularly accept them. I want to say that places that is it normal to spend over $100 (department stores, grocery stores...) have always accepted $100s. It is smaller places and places that are open all night that put them at higher risk that have the limits such as fast food, gas stations.
cash is nice, however you can't use that for paying bills too easily.
I myself just don't like to carry cash. I just don't like having to deal with change. It is more of a time thing than anything. takes time to count out cash and coins. then you have to wait for the person to count it to make sure that you gave them the correct amount of money. Then they have to figure out how much change to give you and count it out. you then end up with all those coins.
Geef
Limp Gawd
- Joined
- Aug 5, 2009
- Messages
- 338
So I have a feeling that anyone who got their info stolen from this place could afford it. "daddy! my credit card isn't working!" "ok honey just use one of the other ones I gave you."
Unless the money comes directly out of a bank account, it doesn't affect anyone (in the U.S.). At most you're responsible for $50.00, and I've never had a company collect that money. The only issue is if someone steals your Identity. I know many people who've had card #s stolen and used, but nobody who has had their Identity stolen. I know it happens, but I don't think that's typically the goal of cyber criminals.
Just my opinion. Maybe cyber crooks are all about becoming me.
You don't need the keys to the car to steal it. There is not perfect security. Someone will always find a way to defeat a system if there's enough money to be made.
This is not true. The vast majority of retailers take security of their customers CC info very seriously. This hack wasn't someone leaving the back door wide open and storing plain text CC number in a database. It was a malware installed into the POS (that they likely purchased from a vendor) that grabbed the info from memory before it was encrypted. Pretty well designed hack.
Simple fact is, hacks will occur. There is no such thing as perfect security. I myself had my CC number taken in the Target hack and had a subsequent $1200 charge attempted at Best Buy. Thankfully, my credit card company noticed it, declined it, and mailed me a new card and I lost nothing.
Outamyhead
Supreme [H]ardness
- Joined
- Jan 3, 2008
- Messages
- 4,263
Jeez, 1.1 million people shop there?
I didn't even know who they were until this article came up.
I didn't even know who they were until this article came up.
There's 300+ million people in the U.S.