If so, you can kiss off whatever assurances you hear from Target.

Remind me not to shop at Tar-JAY again.

Right after getting hacked, they always tighten everything down. It's all the other places you have to worry about...

(but Target isn't necessarily the best place to shop, regardless.)

use my pin, I have no worries?

Really, the best thing to do is call your issuer and get a new card with a different number.

Call them and tell them that you feel compromised and need them to reissue it. Better safe than sorry.

We reissued all impacted cards by default, but not all banks are doing that. Be proactive about it - and NEVER use a debit card on the internet (PSA).

Saying they were sending me a new card shortly. I have a feeling it had to do with this.

where they will cancel your existing card in 10-14 days after sending the new one. If they are being proactive about this, this is normally part of the plan. They don't tell you, they just do it.

When you get the new one, authenticate it ASAP and take the old card to a branch and ask them to shred it.

take this whopping 10% off coupon and just keep moving along...

I had manged to change my PIN on their website last week but I didn't feel like that was enough.

I also had my bank card replaced as I'd used that once at Target during the period. But that was easier to do - I just walked into a branch office, told them I'd used my card at Target and before I could get another word out was told "Let's replace it to be safe." They gave me a temporary card on the spot that will work until the permanent card gets here.

rather than expending effort up front to correct the problem.

One more example. If I remember a while back, BP lied about the impact of their "accident" until they no longer could get away with it and in the end cost US so much more.

Tobacco companies lied about their products and cost us even lives.

And the list goes on.

In the end the "justice" department will demand restitution (of pennies on the dollar) then allow the company to pass on the penalty to the taxpayer, put the penalty into the budget, etc,

meanwhile, we the people get nothing but grief, inconvenience, and little restitution.

And are told that we should be more careful in how WE do things. That somehow it was our fault for trusting a company to do the things they said they would do.

I would think it would be lost in space after the card has been approved instead of stored.

They stole all data off the pad, I'm not sure what target says is the whole truth.

The breach was big enough a bank is going to restrict cards at christmas...seems pretty huge and wide open.

I'n theory target should never have access to the pin number, just the merchant.

As George Bush says...."Just send (use) cash"

were compromised. This has happened before (e.g. Michael's Arts & Crafts and Hancock Fabrics stores) and involves swapping out the existing terminals for modified terminals to which the criminals have added additional electronic components. This is presently the only way to gather unencrypted PINs.

The Target compromise involves the compromise of a server receiving and forwarding card data. Any PINs in transit were encrypted before actually leaving the merchant terminal.

It's unlikely that the encryption on the PINs has been cracked. If it had, then massive numbers of PIN transactions (e.g. ATM withdrawals) would by now have been made using the compromised cards. Criminals know that there is a clock ticking for each card they steal, and they typically try and cash out as much and as quickly as possible before the cards are blocked. So far the fraud associated with the compromise appears to be POS (i.e. "point of sale" = non-PIN) transactions.

A key issue to understand is whether the card data was being stored long-term. According to VISA rules, card data is to be stored only so long as to complete the transaction at hand. Years ago Office Max got hit with this type of compromise and it was determined that they were keeping card data for marketing analysis, in violation of VISA rules. The Payment Card Industry Data Security Standard is an attempt by the credit card companies to self-regulate the industry, and it obviously hasn't been entirely successful.

If the resulting fraud is POS purchases, rather than PIN transactions, then Federal Regulation Z allows the cardholder's bank to dispute the fraudulent transactions and charge them back to the originating merchant. Given the expense of mitigation for this incident, it seems likely that Target may face legal action from both affected financial institutions as well as merchants facing large losses.