Hi-Tech Heist

How Hi-Tech Thieves Stole Millions Of Customer Financial Records

(CBS)  Do you think twice when typing in your credit card number online, but have no problem handing over your plastic card at a store? Well actually, you may have it backward. Your personal information may be more secure in cyberspace than at the mall down the road.

That's because it's easier for dot-coms to protect the data. And most stores in America underestimate how vulnerable they are.

As correspondent Lesley Stahl reports, it's becoming a big problem. The retail industry got a wake-up call earlier this year, when TJX, the parent company of T.J. Maxx and Marshalls, disclosed it had suffered the worst high-tech heist in shopping history. Hackers raided the company's computer system, taking off with tens of millions of records. And what we have learned is: TJX could have prevented it.

---

"They collected too much personal information. They kept it too long. And finally, they didn't keep it according to appropriate security standards," says Canadian Privacy Commissioner Jennifer Stoddart, who led the investigation of the TJX theft for the Canadian government and the Province of Alberta, and released her findings before investigations in the U.S. are finished. TJX operates chains in both countries.

Asked if there's an actual place where the crime took place, Stoddart tells Stahl, "Yes, it seems that the intrusion happened at two Marshalls stores in the Miami area."

"Did the crime happen inside the stores or outside the store?" Stahl asks.

"This was a case of penetrating the network from without the stores because it is…a wireless network. You can then capture the wireless transmissions if they're not sufficiently encrypted," Stoddart says.

When you swipe your credit card, your data is often transmitted through a wireless router either to a bank for approval or to the store's main computer. But the signal carrying your information bleeds easily through the walls.

Stahl got her first lesson in something called "war driving" from Kris Harms, a computer forensic investigator for Mandiant, a computer security company, who showed her how hackers, outside in a van, can grab the stores' wireless data.

"So you and I are in this parking lot, and we park in front of one of these big stores. We can just pluck it, is what you're saying, right through the wall," Stahl remarked.

"Absolutely," Harms replied.

All you need, he says, is a regular computer; the software he got for free. Within moments, Stahl and Harms started getting results.

"Right now, we're right in front of Best Buy," Stahl remarked.

"Right so, Best Buy has a wireless network," Harms explained.

The computer identified which stores have wireless signals. Some stores hide their identities, others don't. Besides Best Buy, Staples popped up, and Home Depot -- with its signature color -- wasn't hard to identify either.

"It doesn't say Home Depot, but it says 'Orange,'" Stahl noted.

Those three stores told 60 Minutes the wireless signals Harms and Stahl detected do not link to their customer data-banks. But sometimes similar signals do lead hackers to computer systems where the data is held. Harms told 60 Minutes that stores should have security to prevent that.

"When wireless first became a technology for people to use, they realized that they needed a way to protect that data that's flying around in this cloud. So they designed WEP," Harms explains.

WEP was encryption code developed in 1999, just as big chains started going wireless. But within a couple of years, hackers had cracked WEP, rendering it obsolete. If you go on YouTube today, you can learn how to disable it in minutes.

Now, there's much better encryption code called WPA. In fact, credit card companies urge retailers to upgrade to WPA. But that's expensive, so many stores resist it even though hackers can tell who hasn't upgraded.

"It’s saying WEP or WPA. That’s telling you if they have good encryption devices," Stahl remarked, looking at Harms’ computer.

"That’s right," Harms replied.

"It's actually telling you that right on your computer?" Stahl asked.

"Absolutely," Harms said.

"That’s amazing," Stahl said. "So are you able, with what you have right here in the car with us, to crack WEP right now?"

"Executing the attack is as simple as clicking a button and making it happen," Harms said. "You have pierced the first wall of what, hopefully is many."

[big_kesh]

I really did enjoy the story. It was very informative. I have a concern about stores printing your complete credit card number on your receipt that is signed and kept in the store. Is this still acceptable and if not, who do I report these stores to? I shop at these stores often and I wouldn''t like for my information to be "leaked" out to hackers.

[arche4335]

I am not sure why they are telling people to upgrade to WPA instead of WEP. WPA is just as vulnerable to cracking as WEP. They are about 1-2 years behind on this story. WPA has already been cracked. They need to be more up too date on this issue. The story has told nothing new.

[ykolomiyets]

This is the dumbest case of fear mongering I''ve seen. Blaming WEP for insecure systems is like blaming locksmith for someone breaking in your house using copies of your keys when you don''t have an alarm system. The issue is overall security, which needs to be implemented throughout the organization, not simple encryption protocols on the store''s wireless systems. Majority of all compromises originate from inside of the organizations anyway, so external wireless security is irrelevant.Next time please invite a computer security expert, maybe someone who has a CISSP certification, on your show so they can explain you basic things like that. College kids who know how to use Kismet/KisMAC and how to crack WEP are not experts.

[ykolomiyets]

This is the dumbest case of fear mongering I''ve seen. Blaming WEP for insecure systems is like blaming locksmith for someone breaking in your house using copies of your keys when you don''t have an alarm system. The issue is overall security, which needs to be implemented throughout the organization, not simple encryption protocols on the store''s wireless systems. Majority of all compromises originate from inside of the organizations anyway, so external wireless security is irrelevant.Next time please invite a computer security expert, maybe someone who has a CISSP certification, on your show so they can explain you basic things like that. College kids who know how to use Kismet/KisMAC and how to crack WEP are not experts.

[cats_va]

Recently had a credit card sent to my by Citi CashReturns Card. Never order it so I called to inquire. Seems I had a Sears CC some years back and they some how got the rights to send me a card. What is MOST SCARY is that everyone I talked to from the call center employee, a supervisor and the executive assistant to the President can SEE and has ACCESS to my entire SS#. Citi does not encrypt the number. I asked to have the CC cancelled and requested my information be deleted from their files. The executive assistant said the Patriot Act does not allow them to do so. I guess anyone and everyone at Citi get my identity.

[connita2]

The systems people of these companies should be aware and make the necesary steps to update security. And save the least information made mandatory

[not_shocked]

Tech-savvy people have been aware of war-driving techniques for at least 7 years now. This information should be old hat for a certified Network Administrator. However, "mosaic or blurring of sensitive data", of the variety provided during this broadcast, is a real and recent threat. Please keep your viewers up to date, and remove your security shortcomings before exposing others''. JM2c

[not_shocked]

Follow this link for info on Mosaic or Blurring sensitive info... I am in no way affiliated.

http://dheera.net/projects/blur.php

[mishtoon]

For the show to be complete, 60 min should supply us with the name of the stores that SECURE our private information. CBS should offer this list as a service to the public. Otherwise it is just a another story to panic the already paranoid public.

[mishtoon]

Where can we get a list of stores that protect our data?

[premierpos]

I watched this story in total disbelief. Not about the theft of the credit card numbers, but in the statements that Visa and MasterCard REQUIRE merchants to store the credit card number. This is so blantantly untrue. Encumpus from PremierPOS does not store a customer Credit Card number at any time. We receive a unique ID from the processor. The only information stored is the last four digits and the type of credit card. This is more than enough information to deal with charge backs. In fact to handle refunds we use the unique ID provided by the processor. There is nothing in our databases to compromise. So TJX is not stating the facts correctly or is ignorant of the actual requirements.

[sillypetey]

I agree with ykolomiyets about this being fear mongering. Oh my god! I can see SSIDs! Hey look, Staples HotSpot! Staples is giving away my SS#!! Oh, a HotSpot is WiFi access for the public? And Staples is allowing me to use it for free? And it''s not related to their internal network? Shoot, there goes the credibility of "60 Minutes". I couldn''t even finish watching this story on TV after that (although I did read the full transcript online). One of my family members did finish watching it though, and is now afraid that everytime they use their CC their SS# will be attached. Thanks "60 Minutes" for having no reason to exist than to scare people. I feel they should have to put up a warning throughout the show that "this is merely entertainment and no facts were used in the making of this show. Any true facts leaked were accidental and in no way represent a fact on purpose." Although, it is scarier if you can spice it up with a couple facts just to make it believable. Like using real store names! If they had just made them up the store names like the bulk of the "facts" in the story, no one would have been frightened. At least I know now to never take a report from "60 Minutes" seriously. And with Anderson Cooper in this episode, he now loses credibility. I wonder what "60 Minutes" will do with the writers on strike. No one will be there to make things up. This show is as real as MTV''s "The Hills"!

[longlegga]

"I don%u2019t know why anybody who looks into would ever use a credit card, ever." "Because it%u2019s a lot more convenient than walking around with piles of cash in your pocket," Rasch explains.

ACTUALLY...the real reason people use credit cards is because they don''t have any money. Most of the population is in debt. They have no choice but to use the credit cards. Bankrupcy is up 8.7% this year....go figure!

[ramman13876]

The real hacker may be the way you presented this story. Where was the interview with the credit card companies? I am a retailer who would love nothing more than to accept nothing but cash. The card companies reward card holders to use the card while keeping close to 3% of the purchase price. Then on top of this they require me to keep their customers data safe.

You story missed the point completly. The culprit is the card companies who increasingly encourage there card holders to swipe the card. The card companies are the folks making money on card usage not the retailers. The retailers are required to accept the card if they want to sell to customers.Like I said there isn''t a retailer out there who wouldn''t love to throw master and visa out the door.Last month my card expense was near $1000.00 for accepting cards. Maybe master and visa should take some of these profits and secure their customers numbers.

In closing ...you are correct about the problem but absolutly missed the boat completly as to who is at fault. Very dissapointing on your very sloppy coverage. You have to follow the profits.....credit card usage is an expense to the retailer.....only the card company profits from it''s use so they are responsible for keeping the cards usage safe.

[mishtoon]

The more the people are scared and paranoid the easier to control them.

[deckm00]

Ok, let''s say that this war-driving happens, and let''s assume that at least some people''s private data could be lifted from inadequately secured wireless networks. Aside from the obvious answer of using cash, there''s a simple albiet initially more expensive solution; just eliminate the wireless network segments and hard-wire the store! Problem solved.

[jmthoughts]

premierpos, nice selfish plug. My only comment is that next time you should make sure your website is fully configured instead of having sections saying "Please Configure Tabs.." when someone goes to your site to look at recent enhancements.

As for your software, that is certainly an interesting solution. My question is, how does it scale, can your software be deployed to 1000 stores that process several hundred thousand to nearly a million transactions per day? Also, how do you handle off-line situations where you can''t contact the bank electronically but still need to take the credit card and transact business. I checked your reference clients on the sites, but didn''t see any recognizable names from a major retailer standpoint.

I would also be curious to see if you support unreceipted returns with a swipe of a customer''s credit card, as well as, how you handle returns to the customer''s original credit card that was used for purchase.

Feel free to post responses here or publish something on your website (or if it is there already and I didn''t see it, post a link), I will check back in the coming days as I am interested in your product as a potential solution.

As for the 60-minutes story, I felt it was of little value. I love how they end the story with the statement of fear and unsupportable comment "most stores are still vulnerable." Seems a bit irresponsible.

[jmdemoor]

Lesley Stahl:
Please stop wearing those earrings! I see them almost every week. They look like they are plastic and have a black round circle above a colored emerald shaped object which is usually blue or green corrosponding to your attire. I am a loyal viewer but I just cannot stand those hideous things. They make my skin crawl. I thoroughly enjoy your reporting. You do a fabulous job. It is difficult to give your work its full attention with those things hanging from your ears. Thank you!

[bigpecker4]

Theres still nothing better than credit cards. Its the only kind of cash thats actually safe. Because you can dispute the charges. Where as if you hand somebody cash, the cash is gone.

This should be looked at the same way the war on drugs should be looked at. Don''t make the rules for everybody because of a few bad apples. Make it easier to dispute the charges, and take back ones life from stupid geek stuff like identity theft and the like. It is not a consumer obligation to protect ones identity. It is a markets obligation. They offer the convenience. They should be held accountable to its discrepancies.

[bigpecker4]

E-Cash is the wave of the future. Pretty soon there won''t be any more greenbacks or euros. It''ll all be electronic. And the fact that thats vulnerable is a matter not of the consumers. A consumer is a customer. Being provided a service. If the service is flawed, then thats not anybody else''s fault but the service''s.

[greatprophet]

HOPE FOR AMERICA: PRESIDENT RON PAUL

-- No more meddling in other country''s political affairs
-- No more aggressive military actions overseas
-- No more torture prisons
-- No more pseudo-wars like the "War on Drugs"
-- No more IRS and unconstitutional income taxes
-- No more Federal Reserve (the group of private banks which owns our government)
-- No more erosion of Social Security to pay for militarization
-- No more U.N. (one world government) participation
-- No more NAFTA, CAFTA, WTO or GATT (globalist trade cartels)
-- No more North American Union (loss of U.S. sovereignty)
-- No more federal gun control laws
-- No more illegal aliens pouring-in over our country''s borders
-- No more illegal aliens allowed to roam freely in our streets
-- No more national ID cards (Real ID Act)
-- No more government invasion of your privacy
-- No more federal Laws which force you to take unwanted injections
-- No more federal Laws which are not authorized by The Constitution
-- No more federal erosion of State sovereignty
-- No more unlimited federal government

They don''t call him "Dr. No" for no reason. The Doctor is in! Find-out what CBS hides from you, and join us in this 21st Century political revolution at ronpaul2008.com

"Those who expect to reap the blessing of freedom must undergo the fatigue of supporting it."
- Thomas Paine

"Ron Paul doesn''t represent your Father''s school of political thought. He represents your Founding Fathers."
- Me

[truthprophet]

RON PAUL WINS BIG IN NATIONAL POLL
The results of a nationwide telephone poll, announced by Zogby on November 19th, reveals that Americans want to vote for a candidate who protects liberty; who wants to shrink government; and who wants to immediately withdraw our troops from Iraq - positions of Congressman Ron Paul. As part of a blind-bio, spread poll, likely voters (from all parties) were provided with descriptions of four different Republican candidates and asked to choose who they would vote for based on each one''s resume and political platform. 33% of pollees chose Ron Paul, 19% chose Rudy Giuliani, 15% chose Mitt Romney and 13% chose Fred Thompson. The results clearly illustrate that the country is crying out for Ron Paul, which is why mainstream media has launched a public relations offensive to marginalize his accomplishments and suppress the Congressman''s name recognition. In a seperate question, over 49% of pollees said they would be more likely to vote for a candidate who would begin an immediate withdrawal from Iraq. In fact, Ron Paul won in every demographic of this poll including, but not limited to, religious voters, NASCAR fans, military families, African-Americans, etc..

[fairprophet]

ONLY RON PAUL CAN BEAT CLINTON
Zogby''s Director of Communications Fritz Wenzel said on November 20 that Paul is the strongest of the GOP candidates to run against Clinton. "Among the larger universe of voters," which includes all parties, "yes, Paul would be a much stronger candidate than any of the other three [Romney, Giuliani, Thompson]," Wenzel said. Zogby recently announced that Paul was their winner in a nationwide blind-bio poll which included voters from all parties. "He is anti-war and the majority of Democrats are anti-war, he has some other ideas and policies and stances on issues more attractive to Democrats, particularly conservative Democrats," said Wenzel. "Even among Independents, he is far and away a more attractive candidate," he added. Paul is the only GOP candidate who is not threatening war with Iran, whereas Clinton vowed to keep that option "on the table." Paul also voted against the war in Iraq, which Clinton has supported. Because Democrats outnumber Republicans, none of the other GOP candidates can win against Clinton, because they simply won''t be able to reach across party lines and attract enough Democratic and Independent voters to beat Clinton. Only Paul can do that. "He''s right on schedule," Wenzel said. "He''s making all the right moves, going in the right direction...at a time when other candidates are not moving." Wenzel based his analysis on recent polls that show Paul could win in New Hampshire and that his support nationwide is intensifying.

[greatprophet]

CNN REPORTS RON PAUL IN 4TH PLACE
Republican presidential candidate Ron Paul is gaining momentum in New Hampshire and Iowa, according to two seperate polls released November 20 by the CNN/WMUR and Boston Globe/University of New Hampshire. The Texas congressman has garnered an estimated 8% in New Hampshire, surpassing former GOP front-runner Fred Thompson, and is tied with John McCain both in New Hampshire and Iowa. These poll numbers were released over by the Boston Globe in association with the University of New Hampshire Survey Center, and the Marist College Institute for Public Opinion, both confirmed Congressman Paul%u2019s support to be higher than Thompson%u2019s as well. "The polls confirm what we already know: Congressman Paul is catching on in the early primary states," said Paul campaign spokesman Jesse Benton. "His unifying message of freedom, peace, and prosperity is resonating strongly with voters in Iowa and New Hampshire, and we%u2019re rapidly gaining support nationwide." The New York Times poll was conducted November 2-12. On November 5, the Ron Paul campaign brought in a record-breaking $4.2 million in grass root donations online, and an additional $1 million to end the week. His campaign has raised over $9 million dollars so far in this quarter.

[truthprophet]

COULDN''T VOTE FOR A REPUBLICAN? REALLY?
Everytime I hear Democrats say "I hate the Republican Party. Look at what Bush has done.," I can''t help but think about all of Bush''s Democratic enablers in the Congress like Clinton, Obama, Pelosi, et. al. who made all of his dastardly deeds possible. They handed him every bit of legislation with which he has used to make himself the dictator that he now is on a silver platter. The Democrats in Congress don''t even seem to express any interest in investigating Bush for the crimes he and Cheney have surely committed against our country even though a vast majority of Americans think they should. What cowards! In fact, Obama and Clinton even voted in favor of legislation which actually allows Bush to pre-pardon himself and his administration for crimes dating all the way back to 9/11. What''s up with that? Look. Do yourself and your country a favor. Focus on the candidate, and the ideas and positions he or she represents, and then study the candidate''s track record of performance with respect to those positions. That''s all that really matters in the end. Elections are not a contest of two teams. Ultimately, It''s the politician who will either serve your interests or betray them while in office--not their party. Finally, Democrats, I ask you this: Would you have voted for Steven Douglas (a Democrat), who was ardently pro-slavery, against Abraham Lincoln (a Republican) simply because Douglas was a Democrat? I think most of you would.

[greatprophet]

RON PAUL RESPECTS YOUR PRIVACY
Like Ron Paul, I believe the biggest threat to your privacy is the government. We must drastically limit the ability of government to collect and store data regarding a citizens'' personal matters. We must stop the move toward a national ID card system (e.g., The Real ID Act). Under this new Law, states are currently issuing new driver''s licenses embedded with standard identifier data (RFID chips). Although, many states are refusing to comply. A national ID with new tracking technologies means we''re heading into an Orwellian world of no privacy. Ron Paul was one of the few members of Congess who voted against the Real ID Act. Also, under current medical privacy protection rules, which Ron Paul also opposed, insurance companies and other entities have access to your personal medical information. Finally, there''s the so-called Patriot Act, which Congressman, Ron Paul also voted against. As originally proposed, it expanded the federal government''s ability to use wiretaps without judicial oversight; allowed nationwide search warrants non-specific to any given location, nor subject to any local judicial oversight; made it far easier for the government to monitor private Internet usage; authorized sneak and peek warrants enabling federal authorities to search a person''s home, office, or personal property without that person''s knowledge; and required libraries to turn over records of books read by patrons. Ron Paul sponsored a Bill to overturn the Patriot Act.

[truthprophet]

ARE WE A NATION OF LAWS?
Consider the Patriot Act. The Law is 342 pages long, or 57,000 words, making it a bit longer than Dostoevsky''s "Notes from Underground" or, if you''re partial to pigs, about twice the size of Orwell''s "Animal Farm." The Patriot Act is the reigning champion of our government''s recent un-American activities. When it was first paraded before Congress and the Senate following the 9/11 attacks, few Members, other than Congressman, Ron Paul dared to vote against it. Most in Congress simply gave it their rubber-stamp of approval, without ever reading it. Why bother? It was, after all, named the "USA Patriot Act." It must be a good thing. Right? Now in effect, the Law wrecks a generation''s worth of constitutional protections against government snooping, legalizing police-state tactics in searches and seizures, criminalizing certain forms of speech and political activity, and opening the way for the mistreatment of foreigners in government custody and wholesale expulsions and imprisonment. It is a repugnant, unnecessary Law that goes against the very principles its name wrongly implies. Yet, it remains unchecked and unbalanced by public opinion, Lawmakers or the Courts. So, yes, we''re a nation of Laws. But the Laws aren''t much to speak of when they''re designed to hoodwink the public to win its docility. Neither is public responsibility much to speak of these days when its docility is secured with nothing more than a ploy-riddled play on the word "patriot."

[fairprophet]

YOU''RE A FROG IN A POT
My fellow Americans need to open their eyes to the fact that our Republic, along with The Constitution upon which it was founded, is being flushed-down the toilet by our nations'' bought and paid for politicians and media. While the Oligarchs warn and incite fear in the sheeple about the prospect of terrorism, they at the same time leave our borders wide open, and then conduct illegal wars overseas that do nothing but incite the terrorism which their Orwellian Laws like the Patriot Act and the John Warner Defense Authorization Act pretend to protect us from. Wake up America! It''s not about protecting you from terrorism, or Global Warming, or any of that other fear-mongering garbage the sold-out, mainstream media feeds you 24/7. It''s about feeding the bankers and the military industrial complex, and facilitating the global elite''s ability to ratchet-down control over the American people, placing us into a total control grid where they can surveille, track and control everywhere we go and everything we do. It''s the groundwork for tyranny. It''s the New World Order plan of Bush, Clinton, Edwards, McCain, Giuliani, et.al., being executed quite beautifully. You''re a frog in a pot: In order to cook a frog, you don''t throw him into a pot of boiling water. If you do, he''ll resist and jump-out. What you do instead is, you turn the heat-up REAL SLOW, and by the time the water is boiling, he won''t be able to jump out anymore, because it''s too late--he''s already doomed.

[greatprophet]

YOU LIVE IN INTERESTING TIMES
America is tipping way too far back in her easy chair. Something BIG is about to happen, and I predict this upcoming 2008 Presidential Election will be extremely pivotal. I''m not going to name any candidates. You probably already know who my favorite one is. But let me make my point absolutely clear: If you think times are boring, think again. If you think the future is predictable, think again. My advice to everyone who reads this is to be thoughtful. Trust only that wisdom which is your own. 90% of mainstream media in this country is controlled by fewer than 20 different organizations. Unfortunately, they, like the sold-out political ****** who pretend tp serve us in Washington, were bought and paid for by the military-industrial-pharmacutical complex decades ago. Therefore, mainsteam media will paint pictures they want to paint, and people will open their minds to pictures they want to see. So, be skeptical. Be wise. Research issues and talking points on your own, and share what you learn with those you love. The future of your family tree may lay in the balance.

[lucky1267]

Can someone please put that "prophet" out of his misery?

[lastdance4]

CBS News comments is for
For Spammers only !

Post or Read Serious Comments - Go over to ABC News

Chronic ...Habitual...and Harassing - Spam
Brought to you by :
The Professional Qualities and Work Ethics of the
CBS News Management Team

Forever diligent in the Work Morals and Work Ethics of
Creating Chronic - Habitual and Endless Spam

Produced By : zuggerjack - bigpecker4 - Prophet

1) aka-GreatProphet ......2) aka-PeaceProphet
3) aka-MegaProphet ......4) aka-KJVProphet
5) aka-NextProphet.........6) aka-TrueProphet
7) aka-LAProphet............8) aka-NHProphet
9) aka-GoodProphet.......10) aka-EarlyProphet
11) aka-SageProphet.......12aka-TruthProphet
13) aka-FairProphet

CBS Professional News Management Team - Spam
Throughout Each Day - Each Night - Every Day -

All Week long within most of the topics on
The CBS News Comments (Harassing Spam)

Stop Complaining - Go over to - ABC News (Comments) - Post There ! !
Leave this Low-Life - CBS News Management and Prophet
To wallow alone in the Muck they created Together
Both are deserving and Worthy of each Other ! !


Lastdance

[jowand]

FairProphet at 04:13 AM : Nov 26, 2007
GreatProphet
TruthProphet
Could be seven-pesos on meds?

[jowand]

Apparently on Ron Pauls site there is mention of this idiot that is costing him the precious 3 votes the a hole might have received.
Posted by jerryomara at 05:53 AM : Nov 26, 2007

You used to be able to write RP direct at his site but they have removed the link, too many people complaining. RP is just one more politician like the rest with his supporters just like the rest.

[excoachken]

Some cults worship the moon, some worship vaccuum cleaners and then those who worship worthless things like Ron Paul.

[lrdipietro]

RE: ID Theft

I have a great idea. Why don''t we just use CASH! Take your cash, your driver''s license and go! Highly unlikely, but should someone steal your cash, isn''t it better to lose a couple hundred dollars in lieu of your identity?

[Netterz]

Just ignore it.... I am far more concerned with the news articles than the spammer. The more you ignite against him, he more it antagonizes the spam. People will vote on what they prefer, so pushing, spamming, name calling and hat ever,just ignites it all. Comment on the article your reading, and ignore the other posts.

[Netterz]

Use CASH. No way will your info be leaked, no credit card co will be making $ off you, and you remain safe. Technology isnt all its cracked up to being.

[addasdc]

I found it unreal that CBS did not interview anyone from the Payment Card Industry (PCI) Council. The US Retail Council spokesman should be sued for grossly misrepresenting that the credit card companies are to blame for forcing merchants to store and maintain credit card data. Shameful reporting, but if it spurs retailers to improve, we''re all better off - but I don''t think the means justifies the ends totally.

[denn034]

The story has it backwards. Your credit card is safer in stores than online. The hackers all but demands the view. Sorry but, I disagree CBS.

[gary.dennis]

Two months before the airing of this segment on credit card fraud, the 60 Minutes staff received a PDF containing copies of the registered letters sent to board members at banks, credit card processing companies, congress men and women, credit reporting agencies and the justice department. These letters described a technology capable of preventing identity theft and fraud.

In effect, the technology permits individuals to simply turn asset like a credit card, bank account or personal credit off and on within seconds. Moreover, the entire process can be voice verified. Fully deployed, the technology would drive fraud artists up the wall.

Hurray to 60 Minutes for joining a long procession of other news and business organizations that couldn''t recognize sea change technology if it ran over them.

The real story on ID theft is that so much money is made because of identity theft and ID fraud that solving the problem or nearly solving it would shut down about 4 billion in annual sales for ID theft "snake-oil" remedies now sold to the American consumer.

[gary.dennis]

Two months before the airing of this segment on credit card fraud, the 60 Minutes staff received a PDF containing copies of the registered letters sent to board members at banks, credit card processing companies, congress men and women, credit reporting agencies and the justice department. These letters described a technology capable of preventing identity theft and fraud.

In effect, the technology permits individuals to simply turn asset like a credit card, bank account or personal credit off and on within seconds. Moreover, the entire process can be voice verified. Fully deployed, the technology would drive fraud artists up the wall.

Hurray to 60 Minutes for joining a long procession of other news and business organizations that couldn''t recognize sea change technology if it ran over them.

The real story on ID theft is that so much money is made because of identity theft and ID fraud that solving the problem or nearly solving it would shut down about 4 billion in annual sales for ID theft "snake-oil" remedies now sold to the American consumer.

[Wookiee-1138]

Wardriving is perfectly legal. It''s the store''s fault for not taking basic precautions.

[chasdye]

It''s outrageous that Lesley Stahl would end the segment with the comments ". . . many other chains have closed their security gaps, though most stores are still vulnerable."

She made a big point of showing Best Buy and Home Depot, and mentioning Staples. Have THEY closed their security gaps? Who are the other chains? And what does "most stores" mean?

This is sloppy reporting.

[chasdye]

It''s outrageous that Lesley Stahl would end the segment with the comments ". . . many other chains have closed their security gaps, though most stores are still vulnerable."

She made a big point of showing Best Buy and Home Depot, and mentioning Staples. Have THEY closed their security gaps? Who are the other chains? And what does "most stores" mean?

This is sloppy reporting.

[chasdye]

It''s outrageous that Lesley Stahl would end the segment with the comments ". . . many other chains have closed their security gaps, though most stores are still vulnerable."

She made a big point of showing Best Buy and Home Depot, and mentioning Staples. Have THEY closed their security gaps? Who are the other chains? And what does "most stores" mean?

This is sloppy reporting.

[rayboy21]

Overall program was excellent and informative.
BUT I was troubled by the fact Chris Harms, the forensic investigator, was using his computer WHILE DRIVING. That sets a very bad example and was unnecessary. His eyes constantly went back and forth from the screen to the street. It sets a bad example especially in this day of cell phone and text usage!

[stardustmo]

I salute the effort by CBS to bring this matter front and center, because it is more of an issue than most begin to know. Your segment made it pretty clear about the state of security with the "drive thru" in the parking lots near retailers. I''m sure that is just the tip of the iceberg. We can all be sure that there is another, perhaps several more, TJX''s that will occur or are occurring now (just not discovered).

The email from the TJX vice president, I would venture to guess again, is probably not an uncommon sentiment in that or similar environments. The fact that TJX says their security was comparable to other retailers was likely accurate. Not very reassuring to the consumer who entrusts his or her personal data to the care of the merchant. Who is suppose to be responsible for safeguarding the consumers'' personal information? Not too hard to figure out.

[stardustmo]

Part 2
Dave Hogan (from the Natl Retail Fed) was a riot, don''t you think? Seriously, he gave so much bogus information, it was laughable. He opined that card companies are not serious about security. Pule-e-e-eze. What a joke ....spoken like a true lobbyist for the retailers It doesn''t take much research on Google to see the folly of his statement. His accusation that card companies use fines to increase revenues is simply not a credible statement (pule-e-e-e-ze again) to even the casual observer. Fines, like traffic fines, like all fines, are tools to change behavior that needs changing. Who wrote that line for him to parrot on the air anyway? (Ya just gotta shake your head...) I will admit though that Hogan was effective in conveying the point that the security problem "ain''t my fault". Point that ol'' finger of yours, Big Dave, and blame everyone else. That''s really effective in solving the problem, ol'' buddy. (Not a single productive thing came out of his mouth.) I could go on and on.

The issues of security are very serious and the solution will not be easily or quickly accomplished. They are complex and, yes, can be expensive to implement. But, it is absolutely critical that it be taken to heart. There are a number of productive efforts that are in place that should be embraced and adopted by those entities entrusted with protecting their customers personal information. It''s past time to get on board and quit playing the blame game.

[mastermind_j]

The issue with your whole card number on your recepit is an issue with the merchants using old POS ''Point of Sale'' terminals. Back when the system was created this information was used as check against the card provided.

[mastermind_j]

Your charges made online can be made almost fraud proof by using Visa''s Verified by Visa, and Mastercard''s Shop Safe. These programs use give you a number not related to you card number that can only be used a certain merchant, for a set dollar amount at a set time. T.J. Maxx is definately not the only merchant this has happened too. DSW shoes was another large leak.