I want to know an explanation of why credit card data was stored. Is this standard? Shouldn't they only need it long enough to process the transaction - there's no reason to store it, correct?
Was the data stolen in transit (should be entirely encrypted) or stolen while at rest?
Is there any evidence the transaction was stored, except insofar as storage was necessary to carry out the heist? The credit card data could have been intercepted while being input (e.g. by a keylogger).
One of the things that bothers me most about all these breaches is that I can't think of a single reason for many of these companies to store the data, yet they do it, presumably to make some sort of additional profit. Then, when they lose/have that data stolen, its just an "oops! we're doing our best to fix it". Maybe some of these companies can just stop collecting/storing this data if they can't do it securely?
Credit cards have great fraud protection. My accounts even offer a "Dispute this charge" button right in the activity list. If someone steals my number, then I dispute the charge and ask them to mail me a new card.
It's also why I rarely use a debit card. Your at the mercy of your bank if you get PIN scalped and they take money from an ATM. That happened to me once but luckily we got the money back from the credit union (hate banks).
People need to to re-evaluate their personal security and convenience protocols.
I consciously consider whether to use a credit card in some venues, because I'm aware that many businesses have significant security lapses and often simply no understanding of the problems, much less motivation to tackle them.
In most situations, you can still pay in cash.
As a side-benefit, with cash you aren't directly giving the "vampire squid" of Big Finance its 3 or 5 or whatever percent... "tithe", I guess I would call it, these days.
(And as for debit cards... unless you are forced to use one, as an end-user why would you forgo the additional protections a credit card offers and take on the risk of a direct route to your personal assets?)
I suggest keeping a few $20's in your wallet and paying for things such as Chang's in cash. I'd rather lose $100 in cash, than deal with a breach of my account security.
I recognize that my thinking at this point doesn't encompass what happens to risk if and when we all start carrying more cash around, again, and become as a group sweeter targets for random robbery.
I also don't haul out an obviously loaded wallet or money clip, when paying. No point in "waving" that cash about and thus standing out of the crowd.
I agree, but don't understand why one would consider credit cards risky. I'd be willing to paint my credit card number on the side of a building for $2000 (and I'm overestimating here, since who knows what chaotic billionaire will read this). There's simply nothing secret about them - they are mere identifiers not authenticators. Public key crypto has been around for nearly 40 years and ubiquitous online transactions for nearly 20 - Visa and Mastercard simply don't care to change as they just push the costs onto merchants, and the costs are still low enough that merchants don't push back.
Paying cash in general is a good idea for privacy's sake (do you really want your auto insurance company becoming aware of how much alcohol you purchase?), and avoiding the 4% tithe is nice. But more importantly, paying tips with cash helps waiters avoid the much more burdensome and directly destructive >30% tithe.
> But more importantly, paying tips with cash helps waiters avoid the much more burdensome and directly destructive >30% tithe.
Oh, honestly. Marginal tax rate of your average full-time waiter is going to be at best in the 25% bracket, and much of their wages will be in the 10% and 15% brackets. Functionally it'll be even lower, given deductions and credits.
It's taken directly off the top, so it will be from their highest bracket. And that money is used to directly work against the interests of said waiter, funding NSA datamining, drug persecution, worldwide war and mayhem, etc. So in a sense, it should be counted twice.
You're sounding almost like you've never gotten a paycheck. No, it won't be from the highest bracket. Waiters aren't in some bizarre class of people that don't get marginal tax rates. Any competent payroll company will estimate the final tax rate, and the number of deductions can be adjusted to fix it if your return is overly high each year.
That money is also used to educate their children, build the roads and bridges they drive on, and in the case of generally lower-income waiters, might well help with food and medical care.
I don't like the things you highlight, but pretending taxation offers zero benefits to anyone is silly.
Clarified my comment by editing it to "their" highest bracket. If they lower their taxable income by $10, that is where it comes from, yes?
The benefits you describe mainly come from state and local taxes, and they'll still be paying property taxes (directly or through rent). Except if you want to talk about disenfranchising federal subsidies - yet another example of their interests being undermined.
The problem is that with no way to opt out of supporting just the blatantly harmful facets of government, the beneficial aspects are held over one's head any time they talk about reducing funding. Witness the local appeal to underfunded teachers every time residents balk at raising property taxes, while newly created functions continue unhindered. The only winning move is to reject the skewed compromise.
Back in my high school days, I worked at a restaurant as a waiter (cough "server", being more polite/correct), and always hoped people would leave the tip in cash.
You had the option at the end of the shift to punch in a total for your claimed tips. There are pro's and cons to claiming cash tips -- Pro's being it keeps your actual income on the books, making you more attractive for loans/financing. Con's are you get taxed more.
You get the money either way at the end of the night, but the tax man was not kind to you at year's end with all those claimed tips.
You say to use a credit card over a debit card for the added security, but then advocate paying cash instead of relying on that security. Why?
I've had my Amex number stolen once or twice and it was fantastically easy to straighten out. Amex noticed it and called me. They next-day'd a new card, and provided me with a list of places I autopay so I could change my CC#.
The whole ordeal cost me maybe 20 minutes of my time -- well worth the benefit of not fretting over account security.
The list of places one "autopays" (recurring payments) is a new one, to me. Although not all of my payments are monthly or on a regular schedule.
I had to replace a card (at my initiation) a few years ago. The card was overnighted, but I still had to change a number of registrations using it.
For $5 or $10 somewhere, I sometimes decide the risk of such a hassle isn't worth it. As various vendors have had demonstrated what I always, based upon personal experience, wondered about: Poor security. As that has grown in reporting in the last couple of years, I've continued to tighten up on where I'll use a card.
Some further years back, there was a burgeoning problem with "carbons" in the old mechanical swipe mechanisms. Many places didn't dispose of them properly, leading to dumpster diving -- or their setting aside by a malicious employee. If you thought the place felt "dodgey", you paid in cash.
Plus ca change...
And as I also mentioned, I feel not just a lack of desire to hand that percentage over to some big issuer / payment processor combine, but an outright obligation not to. "Big finance" is already "out of control", and I think we have an obligation not to feed it and so empower it further. Not the entrenched players who have so recently and persistently demonstrated their own corrupt and malicious nature.
P.S. While I'm at it, I'll also mention that I don't want to participate further in data mining that I find is increasingly antagonistic to the card holder's best interests. Buy the wrong stuff, go to the wrong places, etc., and the next thing you know, e.g. your insurance rates may increase. You might even have employment problems. Who knows? Data mining is still in its "Wild West" phase.
So far -- so far as I know -- serial numbers on $5's and $10's are not being tracked. (I'm unsure about $20's. $50's and $100's, probably soon if not already.)
Rarely are the prices different if paying in cash vs credit (due to agreements I believe) which means you still pay the extra 3 to 5 percent, but receive no reward points, cash back, or anything extra. So in affect, by paying cash, you are receiving less for your money.
I'm opposed to participating in making financial institutions that are already "too big to fail" yet bigger.
I'd rather the merchant get the percentage. Particularly with smaller merchants who are forced to pay larger percentages on charges.
I also don't like all the games that card issuers make us play. "Rewards" -- with qualifications. "Cash back" -- with qualifications. "Miles" -- don't even get me started.
For my part, I no longer wish to participate -- any more than I find absolutely necessary -- in furthering this system and its entrenched leaders. So, putting my money where my mouth is...
After working for a few years in the financial industry, I believe that interchange fees are fundamentally immoral. The US interchange market is fundamentally broken, and they act as a perverse incentive.
I make it a point to use cash when I can, especially with smaller businesses. I feel like I'm getting my money's worth.
Reminds me of the people who get $100 bills from the bank, and like to whip them out like it's a lot of money. As soon as they spend it... it's now in $20's and $10's... seems pointless.
I do like the idea of carrying some cash around -- far too often I've been at a bar with friends and the venue refuses to split the tab, and somehow I always get stuck fronting for everyone.
But... as with most things... it's not convenient to get cash from an ATM all the time, and I always end up not having cash on me when I need it most.
Was the data stolen in transit (should be entirely encrypted) or stolen while at rest?