PITTSBURGH (KDKA) — Hackers stealing millions of debit and credit card accounts from customers at Target has dominated the headlines. But what happens to all that stolen data?
Well, it’s up for sale. And in some cases, banks are the ones paying off the crooks to get the information back.
Security expert Neal O’Farrell says there are many sites now selling the credit and debit card numbers that were stolen from Target customers.
“Here we have a Discover card. It’s selling for $39,” says O’Farrell.
So, who is buying them?
Well, anyone can, but right now some of the primary customers are the banks themselves, trying to limit the damage.
“They sell them to not the highest bidder, but any bidder,” says O’Farrell. “It’s almost like a kind of ransom.”
But numbers aren’t the only things the hackers have exposed. They also showed how vulnerable the current generation of credit cards is to fraud.
“It’s very, very old technology,” O’Farrell says.
Here in the United States, all of our card information is stored on magnetic strips, which can be easily compromised and duplicated.
But in Europe, they use a smart card technology known as “chip and pin.” The card generates a new card number with every swipe.
“It’s much safer because it’s got essentially a tiny computer on board, which has got security mechanisms,” says O’Farrell.
So, why aren’t we using “chip and pin” in the U.S.? Well, it would cost billions to replace card readers, not to mention new cards at $3 to $5 a pop.
But considering the costly fallout of credit card breaches, many Target customers say it would be a small price to pay.