0 – The number of customer cards that Chip-and-PIN-enabled terminals would have been able to stop the bad guys from stealing had Target put the technology in place prior to the breach (without end-to-end encryption of card data, the card numbers and expiration dates can still be stolen and used in online transactions).
The PIN system as used in Europe (or at least where I live) always requires you to physically enter your PIN-Number with any purchase, even online. The card alone is useless as you MUST enter the PIN-Number, and 3 wrong tries blocks the card permanently. To make purchases online your bank would send you a small device which takes: a number supplied by the online website indicating your purchase, your card and then asks you for a PIN-Number. It then does some magic and outputs a number that you would need to verify the purchase.
It seems that this is not that same type of system or am I mistaken in some way? Seems to me that it would have helped; my account number/card number/exp. date are useless on their own.
I'm not sure how they figure that. How would having a having the Chip and Pin have prevented the data from being stolen? How does them encrypting the data they send relate to the cards? Those seems like separate issues.
With regards to online use, I'll say I'm not familiar with how Chip and Pin really works, but presumably they have some guard for online use, right? Or is that just wide open still?
With online use, the chip does not come into play.
How would having a having the Chip and Pin have prevented the data from being stolen? It does not. The "Chip and Pin" argument is brought up each time this sort of retail breach happens, like a reflex.
The chip is not part of the equation for online transactions. So if everything but the chip is stolen, the bad guys are going to use the card online.
Check out http://krebsonsecurity.com/2014/05/the-target-breach-by-the-..., particularly his "by the numbers" section:
0 – The number of customer cards that Chip-and-PIN-enabled terminals would have been able to stop the bad guys from stealing had Target put the technology in place prior to the breach (without end-to-end encryption of card data, the card numbers and expiration dates can still be stolen and used in online transactions).