If you’ve used your credit card at Target since Black Friday, you’ll need to keep an eye on your credit card statement to make sure there aren’t any unauthorized purchases. Target announced earlier today that they’ve had a massive credit card data breach. According to Target, the breach happened to customers using their credit and debit cards in U.S. stores from November 27 to December 15, 2013. The data breached included customer name, credit or debit card number, the card’s expiration date, and the security code, the three or four digit code either on the back or the front of the card.
It doesn’t make sense that if there was a data breach involving U.S. stores why the security code would be compromised. The fact that it happened in the physical stores and not online, would indicate that the breach involved only swiped transactions. When a credit card is swiped, the card reader obtains information from track one and track two on the card’s magnetic strip. This information includes the cardholder’s name, the credit card number, and the expiration date. That’s it. Track one and track two data doesn’t contain the security code. This code only appears physically on the card, either on the back, or in the case of American Express, the front. Furthermore, the security code is only processed on mail order/telephone order (MOTO) or e-commerce transactions. It’s not processed on retail, face-to-face transactions.
The fact that Target is saying that security codes were also breached would indicate they really don’t know what’s going on, they don’t know how the breach happened, and they’re just making stuff up.