petitefrancaise

Another day and another letter - this time from Delta.com.
"Cyber incident" = unauthorised access to card details used on their site.

I have to say that I am totally and utterly fed up with all this.
Freeze credit reference accounts and would you believe that they charge you to unfreeze- this absolutely takes the biscuit from bloody experian. Remind them that their ineptitude was the reason for freezing in the first place??

Come on techies, there must be a way out of this. Block chain?

In France, we had to use one time codes issued by the bank to buy anything online. At the time it felt like stupid french overkill but now, it seems totally realistic.

rant almost over....

tom169

Oh dear, blockchain buzzword alert.

petitefrancaise

yes, I know I've already had eldest daughter - CS major- going on about how many much better distributed systems there are.

but seriously, have you nothing useful to add if you are such a techie????

tom169

Wow, harsh.

Unfortunately it's inevitable that companies with outdated IT infrastructure and policies are going to be breached. Many of these companies are just reacting to disaster, rather than proactively checking (aka penetration testing).

I'm struggling for the life of me to remember, but there is a free service that will give you debit card numbers that you can switch out at the click of a button to use online that are linked to your checking account. The idea is that you use a different debit card number for different websites and can either pause them in between or just remove them.

Sometimes I wonder if this is a service banks should start to offer, given how we won't be seeing much improvement in online transacting for a long time to go. That said, how many people still use the same password for every website? I would guess and say the absolute majority.

3DSecure was an okay idea in the UK, but people still chose easy passwords and saw it as an inconvenience.

tom169

Note what I said about generating card numbers is similar to how apple pay and Android pay work. They're using tokenised payments.

Basically for all purposes a card number is generated (fits luhn check etc) and that bundled with some other elements is used to process the transaction.

If you have the option to pay online using those it'll be much safer.

Nutek

It's so common and widespread that it's not worth even worrying about. Most breaches aren't even found (or admitted to) until a couple of years after the fact.

Freezing is only partially effective anyhow, not to mention inconvenient.

Keep an eye on your reports and that's about it. Always use credit instead of debit .. may as well be inconvenienced with someone else's money instead of your own.

My last (known) breaches were all from in-store register purchases.

/ obligatory <lol blockchain> goes here.

Steerpike

OK, what's blockchain ... ?

SpoogleDrummer

FWIW Capital One have a function that allows you to use virtual credit card and create a new number for each vendor so I imagine all the other cards will do the same at some point.
https://www.capitalone.com/applicati...l_id=EWE_modal

mrken30

Capital One
Bank of America
Citibank

All have options for virtual credit card numbers.

tom169

Interesting. Didn't realize that mainstream banks have started to offer this.