A little while ago, I wrote here that when news broke that Target's database of credit card numbers had been hacked, 40 million cards were compromised. It was also claimed that no PIN numbers were stolen. Neither of those claims turned out to be true. PIN numbers were indeed stolen—which means if you shopped at Target (ever?) your credit or debit card is certainly compromised—and the number has been revised upwards to 110 million customers. That means my previous total of all the big US credit card thefts in recent years also has to be revised upwards—it is now in the neighborhood of 400 million. That's more than the US population.
Credit card security seems to be a joke. In another earlier post, I wondered if the NSA isn't also tracking all of our online financial transactions. What do you think? Of course they are! It's very likely that they too have all of our credit card, social security and PIN numbers. Sorry if I sound like a paranoid conspiracy monger, but these seem to be pretty much the facts. If Google and Target have this stuff, then the NSA has even more of it.
One has to wonder what kind of future—or present—the Internet and the Cloud have for any sort of businesses when almost nothing is secure.
I do recommend in my post that US credit card companies immediately adopt the European style cards with chips* in them, and abandon the magnetic strip. It might be only a stopgap measure, but it's a relatively easy one to take.
*CORRECTION: chips aren't the fix, so where does that leave us? Cory Doctorow of Boing Boing notified me: "Basically, chip-and-PIN was known to be broken (that is, easily forged by crooks) at least a year before it was implemented in the EU. The banks went ahead with their plan even after respected cryptographers pointed out definitively that it wouldn't work, because they'd already committed to it, and had already told governments, the press and their customers that it would be secure. They'd have looked like assholes if they'd given up."