They didn't take any money, they took information (primarily in the form of credit card numbers).

You then sell off the credit card numbers and carefully use only a few to make money rather than just burning through them all. The other information stolen is sold on the black market.

I smell experience..

Forgot about that side of it. However, the hacker responsible does not have to expose himself to that threat; it's easy enough to find buyers for such data. I'm sure there are also plenty of ways to shuffle the money around so as to obscure (or make outright untraceable) where it ends up.

I'll be checking my bills very closely from now on. As soon as I see something remotely suspicious, it's time for a new card. I can't risk something going wrong, especially now.

Yeah, I've read of some of the earlier ones...so far none have affected us, knock on wood. We're pretty careful. But this one does seem potentially a lot worse/scary because of the method/port of access. ie you can avoid buying online and signing up for stuff etc. etc. but I don't personally know anyone who never scans their cards into one of those machines to purchase stuff, these days.

I make all my money dealing with confidential patient information

Of course I make it keeping the information confidential, not selling it. Gotta keep my office HIPAA compliant



As I said in the OP, it's best to go back as the breach happened most likely some time in February, perhaps even January. It's only now being reported. Granted, stolen credit card numbers usually aren't used right away to allow for a cool-down period so they don't get caught as fast, but it's simple enough for most people to go back through last month's statement.

^{Just another planned step towards implanting identification and financial transaction chips in people.}

i assume an answer to the following isn't really on hand but i will ask any ways:

do we know if the hacking was done by a relatively large number of people who plan to use all of these card numbers, or just a small group or possible one person.

I am guessing its probably a small group if not an individual, in which case im not overly concerned as it was said that there were possibly millions of card info stolen. i think the odds of my card out of the others being used to drain my account is as good as me winning the lottery.

People who steal credit cards on a large scale sell the numbers on the black market after a cool-off period, they don't use them themselves.

I bet money in my compromised account that it was done by a massive sweatshop LAN party of MMO RMT in Asia.

Well I dont have to worry.. Suntrust will flag my card if more than 1,000$ is used in a 24 hour period.. even then they sometimes do it if way too many transactions occur within a few hours. It pisses me off when it happens, but at the same time I'm glad they are so cautious.

Same way that people who steal containers' worth of goods will not hit the street to market it, they'll sell it to bigger fish who then pass it on to smaller fish/consumers.

Much like legal industry, there is a chain of supply: producer (thief) -> wholesaler -> retailer -> consumer. Small quantities can bypass it all and go straight to the end user, but the larger you get the further up the chain you have to go.

'Course, the anology needs some bending to fit digital goods, but the principal is more or less the same .

Well my account is safe for now. Hope it remains so.

If I have to get a new debit card issued from my American bank to Asia, that may be a problem.

I wonder if this was the reason that the bank my family uses issued us new cards around that time even though the time on the old cards wasn't up yet?

Credit cards are useful for certain things, they are safer for buying online and you seem to have more protection than if you used a debit card.

http://online.wsj.com/video/visa-says-15m-accounts-were-hacked/54B4ABBC-1430-4945-8ABF-1D20CB3F319D.html

Global Payments says they doubt it's more then that, but then again, this is the same company that took a month to tell us they got hacked. Also Global Payments have to recertify for Visa, and probably MasterCard. Two of the last 3 times this happened the company ended up flopping a few years down the road.

What I particularly enjoy is "3D secure", where they seem to imply that the more third parties there are who have access to your information, the better. Especially if they use embedded iframes and operate from websites you've never heard of. I asked to opt out of the scheme on the basis that it was a security liability. They refused and said it was compulsory.

Combine that with my card provider's online presence that doesn't even use a password to login, and the utter disinterest I've been faced with when my card details have invariably been leaked (at least I got refunded, but that was all), it's not surprising that fraud is such a major problem.

The 21st Century svcks

Bits of it are okay, but I'm frankly disappointed by it. Back in the 1970s, I was promised nuclear-powered hover cars, robot butlers, silver-coloured space suits as everyday clothing, day trips to Mars and teleportation. Instead I have a diesel-powered car (albeit quite nippy, but it doesn't fly), an argument over who makes the coffee, jeans, day trips to Abingdon and walking. The 21st century has been a total let-down so far.

Did you try a new card company? Because I'd sooner shoot myself in the foot than trust a card company that gives my information to unheard of companies as 'security'.

I feel the 40s-70s had such a strong social/cultural imagination in the realm of ideas. But in the 80s, we kind of went down hill and started being rather bland in our ideas of 'The Future'.

I was hoping for Sandra Bullock and three seashells in the bathroom.

I think all the card providers in the UK use this ridiculous 3D secure system, unfortunately (variously known as "Verified By Visa", I forget Mastercard's name for it) and they make it mandatory: a typical rollout is that you're invited to opt in, and the third time you use your card after the invitation you're forced to opt in. It reminds me of the "chip & pin" system where signing for stuff was replaced by entering a PIN instead; the card issuers claimed it was infallible, which was quickly demonstrated to be as ludicrous a claim as it sounded. The obvious intent of the banks was to shift the liability from themselves to their customers, but in a rare case of legislation being passed to protect the general public they were essentially forbidden from doing just that. It does seem that banking security is more about pointing the finger of blame at someone else rather than actually being secure, though.


Yeah, I noticed that. Growing up in the '70s, things were still exciting, the view of the future still optimistic, but by about the mid '80s everything had become cynical and money-obsessed and the hopes and dreams I remembered from my youth largely snuffed out.

Though I'm not UK, the way so much of our global world is tied into mandatory use of a credit card. I'd like to own a house one day, but the fact I NEED a credit score is just silly. If someone manages life well without a credit card, it should show they're much better at finances than with one. I know a lot of people have one on a 'just in case' basis, but I'm pretty much king of paranoid. For me, when a company offers 'Our security is infallible' tells me they're to secure in themselves and are more vulnerable than the obscure guy with the great protection.

Yeah, I love the corporatisms of today, but I also like to see some life. But world of today is lacking more and more in creativity of ideas. Take gaming, back in its conception, it was about entertaining and games that people will like as a whole, servicing niche genres. Today it's about making a return on the investment, selling it to the masses, and ignoring/silencing the people who point out the game's faults.

Hubs constantly rages against how tech is being used today, often put in use long before it's likely tested well/proven, in the name of profit. The decline/fall of the famous old empires are going to seem paltry in comparison. But maybe we'll work it out first. Maybe.


Every time I muse on what people might do if toilet paper was a very expensive luxury, hubs brings that up.

Or rather, uses the numbers to reverse engineer the algorithm that creates the credit card numbers to begin with -using a million+ existing number I can back engineer a pretty convincing CC number -using the right software.. then simply sell the generated numbers..


..the original CC information (name, address, zip code, town) is then sold to a data broker.

this way you're not actually using the stolen numbers directly, and the personal info could have been acquired by many different legal means..