Crooks on shopping spree buying your credit and debit card numbers stolen from Target

Rick Moran
This is really disheartentening, as well as being scary. The hackers who stole 40 million debit and credit cards - including personal PIN numbers - have set up websites to sell their purloined information to anyone who wants it.

They are apparently doing land office business.

CBS Pittsburgh:

Security expert Neal O'Farrell says there are many sites now selling the credit and debit card numbers that were stolen from Target customers.

"Here we have a Discover card. It's selling for $39," says O'Farrell.

So, who is buying them?

Well, anyone can, but right now some of the primary customers are the banks themselves, trying to limit the damage.

"They sell them to not the highest bidder, but any bidder," says O'Farrell. "It's almost like a kind of ransom."

But numbers aren't the only things the hackers have exposed. They also showed how vulnerable the current generation of credit cards is to fraud.

"It's very, very old technology," O'Farrell says.

Here in the United States, all of our card information is stored on magnetic strips, which can be easily compromised and duplicated.

But in Europe, they use a smart card technology known as "chip and pin." The card generates a new card number with every swipe.

"It's much safer because it's got essentially a tiny computer on board, which has got security mechanisms," says O'Farrell.

So, why aren't we using "chip and pin" in the U.S.? Well, it would cost billions to replace card readers, not to mention new cards at $3 to $5 a pop.

But considering the costly fallout of credit card breaches, many Target customers say it would be a small price to pay.

Credit card companies are too busy selling new cards to pay much attention to securing the old ones. I suspect one or two more of these massive hacks will convince them otherwise.



This is really disheartentening, as well as being scary. The hackers who stole 40 million debit and credit cards - including personal PIN numbers - have set up websites to sell their purloined information to anyone who wants it.

They are apparently doing land office business.

CBS Pittsburgh:

Security expert Neal O'Farrell says there are many sites now selling the credit and debit card numbers that were stolen from Target customers.

"Here we have a Discover card. It's selling for $39," says O'Farrell.

So, who is buying them?

Well, anyone can, but right now some of the primary customers are the banks themselves, trying to limit the damage.

"They sell them to not the highest bidder, but any bidder," says O'Farrell. "It's almost like a kind of ransom."

But numbers aren't the only things the hackers have exposed. They also showed how vulnerable the current generation of credit cards is to fraud.

"It's very, very old technology," O'Farrell says.

Here in the United States, all of our card information is stored on magnetic strips, which can be easily compromised and duplicated.

But in Europe, they use a smart card technology known as "chip and pin." The card generates a new card number with every swipe.

"It's much safer because it's got essentially a tiny computer on board, which has got security mechanisms," says O'Farrell.

So, why aren't we using "chip and pin" in the U.S.? Well, it would cost billions to replace card readers, not to mention new cards at $3 to $5 a pop.

But considering the costly fallout of credit card breaches, many Target customers say it would be a small price to pay.

Credit card companies are too busy selling new cards to pay much attention to securing the old ones. I suspect one or two more of these massive hacks will convince them otherwise.