Friday , March 29, 2024

Target Says Little Fraud And No Apparent PIN Theft Resulting From Data Breach So Far

In the wake of the huge payment card data breach it confirmed Thursday, big-box retailer Target Corp. today said that so far it has received few reports of fraud resulting from the breach. The retailer also said that while hackers obtained considerable customer data on approximately 40 million credit and debit card accounts, it does not believe cyberthieves have access to customers’ personal information numbers (PINs).

“To date, we are hearing very few reports of actual fraud, but are closely monitoring the situation,” Minneapolis-based Target said in an update on its press Web site. “We want to reassure guests that they will not be held financially responsible for any credit card or debit card fraud.”

A tide of fraud could be looming, however. Krebs On Security, the online news service that broke the story Wednesday, reported Friday that card data from the breach have been flooding underground black markets in recent weeks and “selling in batches of one million cards and going for anywhere from $20 to more than $100 per card.”

The little good news is that Target encourages customers to use debit cards, both its own RED debit card and other issuers’ plastic, and PINs associated with those cards so far do not appear to have been compromised. “At this time, there is no indication that there has been any impact to PIN numbers,” Target’s update says. “What this means is their bank PIN debit card or Target debit card still has this additional layer of protection. It also means that someone cannot visit an ATM with a fraudulent card and withdraw cash.” The post added that, “We have no indication that the data that was inappropriately accessed included a guest’s date of birth or Social Security number.”

Target earlier confirmed that thieves obtained cardholder names, card numbers, expiration dates and card-verification values (CVVs) encoded on magnetic stripes. Those CVVs are different from the three- or four-digit CVVs printed on a card that enable the cardholder to make an online purchase.

Sharing the pain with Target will be its merchant acquirer, which Milwaukee-based investment firm Robert W. Baird & Co. identified in a report Thursday as Bank of America Merchant Services (BAMS), a joint venture of Bank of America Corp. and payment processor First Data Corp. A BofA spokesperson, however, said it is the Charlotte, N.C.-based bank’s policy to neither confirm nor deny who its clients are. Spokespersons for Atlanta-based First Data did not respond to Digital Transactions News’ inquiries.

In the typical breach scenario, the payment card networks fine a breached merchant’s acquirer once they get a handle on the extent of fraud and card issuers’ cost to replace cards. Acquirers invariably pass on such fines to the merchant, and sometimes they are big enough to put small retailers and restaurants out of business.

The Wall Street Journal reported that Target has hired the forensics unit of New York City-based Verizon Communications Inc. to investigate the breach. The U.S. Secret Service also is investigating.

Target’s update gave no information about how the breach, which affected its nearly 1,800 U.S. stores from Nov. 27 to Dec. 15, happened. CBS News this morning reported that the breach may have originated in Vietnam or nearby in Southeast Asia, though the network’s report gave few details.

Target said it is communicating about the breach through various channels, including social media and by email with those customers for whom it has email addresses and who shopped at its U.S. stores between Thanksgiving and Dec. 15. Target also said it is experiencing “significantly higher volume” in its call centers and REDcard Web site, causing delays. The retailer said it is adding both call-center and online capacity.

The breach hit Target at the worst possible time, in the frenetic shopping days in the short weeks before Christmas. Target chief executive Gregg Steinhafel apologized to Target’s customers for the breach and said Target would give 10% discounts to customers who shop at its U.S. stores Dec. 21 and 22.

Check Also

Every $1 Dollar in Fraud Costs Retailers $3, LexisNexis Risk Solutions Finds

Fraud is nothing if not a persistent part of the payments landscape. It became more …

Digital Transactions