Random Thoughts – Randocity!

Shopping Tip: Target App and Prices

Posted in botch, business, shopping by commorancy on February 7, 2019

img_4265.pngTechnology has finally caught up with “live pricing”. While shopping at a competitor grocery the other day, I scanned an item while in that store within Target’s app to get a price comparison. What I found before and after visiting Target was surprising. Let’s explore.

Target App and Item Scanning

Assuming you have a smartphone running iOS or Android, the Target app is a way to both shop online as well as comparison shop. However, I found the following money saving trick that you’ll want to use to save money at Target.

Target’s phone app offers a UPC code scanning feature. This allows you to scan the UPC code and check that item’s pricing at your local store. As I said above, what I found when scanning away from Target versus inside of Target was a little unsettling… but is also handy trick to save money when shopping at Target.

Scanning Items In-Store

When you’re inside a Target store, you can scan each item’s UPC code and it will show you not only the price of the item in the store, it will tell you which aisle it’s on. It may also trigger a Cartwheel discount if you’re lucky. For example, if you happen to find a random loose item sitting on a shelf in the store (stray merchandise) and you want to know where it’s located in the store, you simply need to scan it in Target’s app and it will tell you what aisle it’s on and it actually shows you a map in the store. It will also tell you the item’s price. This actually works in the Walmart and Home Depot apps too.

This means you can easily find items in the store and determine the item’s price. This locate feature is particularly handy after a Target store remodel when items that were formerly on the left side of the store have been moved to the right side of the store. I’m not terribly a fan of such remodels, but I guess Target thinks it makes their stock seem “fresh and new” when it simply makes it confusing to find stuff in the store. It’s also a way for Target to raise in-store prices.

Cost Savings

Now for the cost savings tip that you’ve been waiting for. Target’s pricing shown in the app is entirely based on proximity to the store (assuming you have a GPS on your phone). For example, I was at a local grocery looking at Gold Medal Self-Rising Flour. The cost for a 5lb bag at this particular store was $3.99. I decided to pick the item up and scan it through Target’s app for a price comparison. The price at Target came up as $3.69. I thought, “Great, I’ll save 30¢. I’ll stop by Target on the way home and pick it up. Little did I know the surprise that my Target store had waiting for me.

A few minutes later, I arrived at Target and wandered through to their baking section and noticed the exact item priced at $4.29. I’m like, “Hold up.. what’s this?” When I scanned the item in the Target app inside the Target store, it again showed $4.29… not the $3.69 price I had been shown when at the other market. I had even confirmed that the “my store” location was set to the store where I was. Yep, that’s my store.

I wasn’t exactly sure what was going on with Target’s App, so I drove back to the other market thinking the UPC code might be slightly different. I hadn’t bought that other item over there before heading to Target. When I arrived at the other market, I again scanned it in Target’s app and it again showed the $3.69 price. I also took a picture of the UPC code so I could compare when I got back to Target. Stumped at this discount pricing I was being shown, I decided to add the item to Target’s cart and buy it via Target’s app for in-store pick up. Surprisingly, this worked.

By the time I arrived back at Target, my order was ready for pickup. In fact, the “Your Order Is Ready” notification arrived on my phone just as I drove into Target’s parking lot. I walked in, picked up my order and headed towards the door. I did actually get the item for the $3.69 price. Before I walked out of the store, I scanned the UPC code on what I had just purchased for $3.69 and it showed $4.29. I compared the code to the one from the local market. Same UPC code. I’m like, “Hmm…” I decided it had to do with Target’s proximity beacon. The app knew that I was in the store and raised its Target app pricing to reflect the store’s shelf prices.

As I had drove away and while waiting at a traffic light in front of Whole Foods Market (a store about a block away from Target), I scanned the item in the car. It once again showed the $3.69 pricing. Aha, Target is using its store proximity beacon to raise its prices to match its in-store shelf pricing.

Cost Savings Tip

If you’re looking to get your best savings from Target, you need to scan your items in Target’s app away from your local Target store. Because you’re not in proximity of the store, you could find lower prices on some items. Unfortunately, you won’t know that you’re saving money until you get to the store and scan the item inside the store. For this reason, ordering for store pickup may save you money over visiting the store and physically shopping in the store.

Just be aware that Target changes its prices on items in the App depending on where you are and whether you’re in or out of a store. It may even detect when you’re in a competitor’s store and mark prices in the app to compete with that competitor. Note that if you do place an order for pickup and find that an item you ordered is cheaper in the store or there’s an in-store coupon, Target will refund you the difference as long as you’re still within the return period. You simply need to ask.

For the reason of proximity pricing, you should save the UPC codes from your regularly consumed items in a drawer and scan them in the Target app at home. Then, place an order for pickup. You may find that you can save more money at Target before ever leaving home. It also saves you time because you don’t have to roam the store looking for stuff. It can also save you money by not seeing and buying random stuff that you don’t need.

If you scan for a price in the Target app while away from the store, take a screenshot. Screenshots are your friend for lower pricing. You can then compare those screenshots to price scans you make in the store to see if the pricing has changed. Because I’m assuming that scanned prices can go both ways (up and down), you might not always find your best deal in the app. However, it seems more likely you’re to find a better deal using the app away from the store than in the store. For this reason, taking a screenshot of the items you scan saves you hassles later. Whether or not Target’s customer service team will honor a price markdown as a result of a screenshot taken away from the store, I’m uncertain. You’d have to visit the customer service desk with the item in hand and ask. Target is usually willing to give the lowest price if you bring it to their attention, but in this case who knows? Worst case, just drive away from the store and order the item for in-store pickup. Then drive back to Target and wait for the item to become ready.

Proximity Pricing

Because most everyone is looking for a savings advantage when shopping, proximity pricing is likely to become an even bigger deal as we move forward. That Target is now using proximity pricing in its app shouldn’t be a revelation, but it is surprising to see Target using it in this way.

Always consider scanning items in the Target app when you’re looking for cost savings at Target. It can save you money without ever leaving home.

Trick of the Eyes

Here’s the part about proximity pricing that I don’t like, making this is a bit of a rant. When I first scanned the package of flour away from Target, Target’s app showed me the $3.69 price. When I visited the store and scanned the exact same item on the aisle, it scanned at $4.29 (30¢ more than my local grocery market at $3.99 and 60¢ more than the Target app had previously shown me). I couldn’t get the app to show me that $3.69 price no matter what I did while inside of Target. I felt that this was a kind of bait and switch tactic, something I have never before seen Target use.

This meant that I couldn’t get the app to show me that price at all while at Target. I was understandably miffed, particularly after having spent the time to drive over there thinking I would get the $3.69 price.

As a result, I couldn’t show that lower pricing to the customer service desk nor could I even prove at all that that pricing had ever been shown to me. The history in Target’s app is practically non-existent. What is there shows you the price wherever you happen to be… not what might have been shown to you earlier. I actually had to leave the store and travel a quarter mile away before I could see that $3.69 price again.

For this reason, that’s why I decided to order the item for pickup while still in the parking lot of my local grocery market and away from Target. To my surprise, I was able to add the lower priced item to my Target app cart and place an order. When I arrived at the store, I walked away with my order at the lower $3.69 price.

Higher In-Store Pricing

The proximity pricing problem signifies three things: 1) Target intentionally marks up items when you’re physically visiting the store, 2) these markups are impossible to detect (or argue) while you’re in the store and 3) you can only find these markups while away from the store.

You’re required to check the prices before and after arriving at the store. This means making a list of prices while away from the store, then again at the store and then see how proximity affects your Target’s in-store prices.

Ultimately, it’s a scammy practice by Target. It’s a scammy practice by any store that performs this kind of proximity markup. If anything, this article intends to call out this practice and warn consumers that the pricing you see in the store may not be the lowest price that store is willing to sell you that item. While you can’t haggle with a store (other than via competitor price matching), you can be armed with ways to cut your costs by being a shrewd shopper, particularly by taking full advantage of each store’s app proximity mark downs and avoiding store mark ups.

Note that this kind of proximity pricing is not considered under the store’s “price matching” guarantees. Whatever the store’s in-store pricing is, you’re expected to pay that… even if you find that the app shows you a cheaper price while away from the store. If you want that cheaper price, you’ll need to place an order in the app for in-store pickup. The unfortunate part is, you won’t know which is the cheapest price until you compare the item’s away app prices against in-store prices.

Even then, Target may offer differing prices in the app when in a Big Lots than when in Safeway. This means you might need to run around town and visit various discount stores to find your best price in the Target app. Yes, kind of a hassle.

Update for April 2019

I’ve run into yet another product with lower pricing away from the store versus inside Target. I didn’t intentionally check the pricing in the store first this time. I simply ordered the product online for pickup, only to run into difficulties later.

I ordered the item about an hour before Target opens. I expected to pick it up later in the day only to find that the item was “out of stock”, or so the order status said. With out of stock items, I’ve always found that it’s a good idea to recheck the store as the store staff aren’t always very diligent at checking and locating items. In fact, I’d go so far as to say that if the staff doesn’t feel like picking the online orders, they’ll simply mark the item(s) out of stock without even checking. But, that’s a separate topic entirely.

I hadn’t even checked the order status when I stopped by the store. I naturally assumed it would be ready and waiting. Instead, after getting in line at the Customer Service desk, the order status in the app informs me that the item is “out of stock”. I think, that’s got to be BS. So, I cancelled the order right then (because that was the only option) and I walk back to the household area to check the stock myself. Lo and behold, it’s actually in stock just as the app told me (and still tells me).

What I find is another pricearoo switch. The item is Combat Max 8 large roach traps and online it was marked $7.89. In the store, it’s marked $9.19.

 

 

So long as I remained in proximity of the Cupertino Target store, even on LTE service, the $9.19 price remained. As soon as I left the area entirely, the price dropped to $7.89.

This one was a little more of a hassle than the first, primarily because the store refused to sell this one and instead marked it “out of stock”. I ended up grabbing the item in the store, heading up to the Customer Service desk and then proceeded to ask for the $7.89 price. They obliged and marked it down… but that’s only because I showed them the online order I had placed and then cancelled.

Target’s playing games here and it’s not making me very happy. If you’re going to show me a price in your app, then you better be willing to honor it.

Better Luck and Happy Shopping!

↩︎

Advertisements

‘Tis the season to be breached

Posted in botch, business, california, data security by commorancy on December 8, 2014

As we roll into another holiday season just having passed through Black Friday, it’s wise to understand how to best protect yourself from these accidental data breaches at retailers (see: Bebe’s Data Breach). Let’s explore.

What is a data breach anyway?

A lot of people shop with credit cards without first understanding what they are or how they really work. By this statement I mean, I think people understand that the purchase extends credit for the items in advance and then pay the actual bill later to the credit card company. But, that’s not what I’m talking about. I’m talking about what happens when you swipe your card at a terminal. Let’s understand payment processing.

When you enter a store and swipe your card, information is exchanged between the terminal and the cash register. That information is whatever is on the back of the card (the card number, expiration, name, etc). All of that information is now accessible by the register (and cashier). Additionally, stores have networks that connect all of their registers (a type of computer system) to a central controller and ultimately to a company wide network. The company wide network may be connected to the Internet, but may only have direct connections to payment authorization providers.

When you swipe your card and that information is exchanged by the register, a program takes your card info along with the payment amount, securely asks a remote payment authorization service whether the card has sufficient funds to support the transaction (at least this part is secure). If your bank says yes, the transaction is approved and given a transaction number. This is a payment authorization and it instructs your bank to hold this dollar amount aside until the closing paperwork arrives (around 24 hours). If the paperwork never arrives, the authorization falls away and the money being held is released back into your account.

Now, if you don’t have enough funds (or for other reasons), the payment service receives a decline from your bank. The retailer and payment authorization service never know the reason for the decline, only that the transaction was declined. You will need to contact your bank to find out the reason for the decline. Declines can range from not enough funds to bad expiration dates on cards to reissued cards to fraud detection holds. Again, you will need to contact your bank to determine the reason and then rectify it. Note that if you are significantly over your limit and your card hasn’t seen a payment for several cycles, the screen may request the cashier call into a number. The person on the other end might request the card be taken and cut up. This typically means the account has been closed by the card issuer and you are no longer authorized to use the card. It is always wise to pay your bills if you value using that card.

Card Info Data Transit

The problem with data transit on a network is that, depending on the network and who built it, it could be designed to transmit your data as encrypted or in clear text. Let’s understand the difference. Encrypted data means that a key is needed to unlock the data to view it. This means that only devices that have the proper key can view and use the data. However, many network operators don’t use this type of security. A lot of people who build internal networks for corporations feel they are inherently ‘safe’ and choose to use clear text transit. What is clear text? Clear text is just like this blog article. It’s humanly readable without any extra work. Thus, many companies fail to adequately protect data transit between internal network devices under the assumption that no one should have internal access except authorized internal devices. In other words, because of the external border protections such as firewalls that prevent unauthorized inbound traffic, internal networks should be a ‘safe place’, thus adding extra safeguards only serves to slows down processing and, if you happen to be a retailer, could make the customers wait at the register longer.

Internal networks designed with limited or no encryption are a hacker’s paradise. If they happen to get into a network like this, everything is easy to read, easy to find and easy to download. It’s basically a dream come true for the malicious hacker. With little to no constraints on viewing data, it’s a kid in a candy store and that’s exactly how and why data breaches begin.

How do hackers get into a network then?

Because most companies today require their computers to have internet access, especially retailers who need access to payment authorization services, bugs in network and computer devices are impossible to squash. Internally, companies typically hire IT and operations teams to manage their network systems. They also typically hire security teams to help protect their networks. The security teams do their best to mitigate attacks and watch for data breaches, but it is the operations and network teams that manage the network gear and keep them updated. Because the security team and operations and network teams are separate sets of people, getting equipment updated with the latest-greatest version isn’t always expedient. This means that companies could be running one, two or five versions behind the latest version.

It happens for a lot of reasons. It could be old equipment that simply won’t support the latest update. It could be that there are thousands of servers that could be impacted by a single update. It could be that that single update might break custom software written by the company. There are a lot of internal factors as to why any piece of equipment is not on the latest version. Yes, sometimes it’s even a matter of complacence.

How do you protect yourself?

Before strolling into your latest big box retailer, you should arm yourself with knowledge. Knowledge like the above to better understand how your data gets moved around in company networks. Then, you can better understand when to take the risk to use your card and when to use another form of payment.

Use Store Cards

First and foremost, the safest card to use at a retailer is a store card without a Visa/Mastercard logo. These cards can only be used at the retailer where they were issued. They cannot generally be used anywhere else (unless the company owns several retail shops and shares the card among them). So, if you purchase at Target or Macy’s or Sears with a local store card, if there is a data breach, your ‘store card’ card number is no longer the lowest hanging fruit. The lowest hanging fruit are the Visa, Mastercard and Amex branded cards. With store cards, it will take time for a hacker to understand what that card is and how to use it. Also, once they realize that it only works at that single retailer or at that retailer’s web site, it’s much less appealing. Especially considering that many hackers today don’t live in the US. They might be living in China or Korea or Russia where that store may not exist and where they may not ship abroad.

So, sticking with store issued cards is really your safest bet when shopping at big box chains. Using a Visa or Mastercard or Amex branded card, if stolen, can be used anywhere around the globe (unless you call your bank an explicitly ask to prevent its use outside of your country). Note, not all banks can stop international transactions on branded credit cards, but most can. Call your issuing bank and ask.

Of course, should you plan travel abroad, you will need to make sure your bank authorizes international use before you leave. If you forget to call from home before you reach to your destination, you could have problems.

Limit transaction amounts

You can also limit your per day transaction amount to a much smaller amount. This can make it difficult if you want to buy a big ticket item with your card, so you’ll need to weigh just how often you make large purchase (and how big they are). However, lowering your per day transaction amount to $500 or less limits how much a hacker could put on the card per day. Again, your card would then no longer be low hanging fruit. Hackers want cards with high dollar amount transaction limits to they can spend a lot of money per day quickly and get away from it. As soon as a hacker tries to buy something expensive and they get a decline, that card is marked as not usable and they move onto trying another card.

Use gift cards

Because there are now Visa and Mastercard branded gift cards, you can put a dollar amount on the card that you wish to use while shopping. If this card number is lost to a hacker, it’s has limited liability (because of the logo) and it limits how much damage they can do to you financially. Also, because it’s a gift card, there’s limited personal information they could obtain about you in relation to this card. So, identity theft is much reduced by using gift cards. You should read Visa, Mastercard and Amex branded logo gift cards carefully. Some require fees after 1 year. So, you will need to use up the balance on the card within 1 year or you could start losing your balance to the monthly fees.

There are also store branded gift cards without any logos such as iTunes, Sears, Amazon, etc. These gift cards can only be used at their respective issuers. Again, these cards offer limited liabilities if stolen.

Though, if a gift card number is stolen, you will also want to read the terms and conditions with the card issuer. Not all of them assume replacement liability. So, if your gift card is stolen, you may be out whatever money was on them. So, you should always read gift card terms and conditions carefully.

Use good ‘ole cash instead

While cash does have its uses, I don’t believe holiday shopping is really one of those times. Because you’re typically buying large ticket items for holiday gift-giving, carrying a wad of crisp $100 bills around to pay for them can be downright dangerous. During the holiday season, you may be trading your financial safety for personal risk. For example, the first store you visit could lead someone seeing your cash, stalking you and taking your money and gifts from you by mugging…especially if you just happened to walk out of an Apple store. Depending on the city where you live, it’s sometimes not worth trading the potential safety of your financial security by putting your personal safety at risk. If you are mugged, they’ll likely steal your cards too, which also leaves your financial safety at risk.

And, if muggers rip off your cash, there is no replacement at all. It’s gone. Using credit cards, especially Visa, MC and Amex branded cards, these cards offer limited loss liability. So, if someone steals your card number and begins using it, your total loss is quite limited. The bank will pick up the tab on your behalf and then chase down the perpetrators for their involvement attempting to get the money or merchandise back.

Basically, cash is unsafe and insecure if carried in large amounts. Whipping out your wallet and flashing that set of crisp $100s once is all it takes during a busy shopping season to get you mugged.

Use a debit card

Last, but not least, use a debit card. Though, while liability on your debit card might be higher (check your debit card terms), you have a known pin code that is required to buy anything. A pin code is a lot stronger of a protection than a signature on a credit card. Basically, stores are not required to collect signatures from purchases. They can simply state ‘signature on file’ when that may not be true. This is how you can buy with a credit card from Amazon or Newegg without ever having to sign for your purchase. Even some retailers today are not asking for signatures on cards if the transaction amount is under $50.

Debit cards always require a pin for the transaction. With web site access today, pin codes are also relatively easily changed. You can also usually get the pin code changed long before the hackers are dipping into these cards to make purchases. Again, hackers prefer low hanging fruit. This means that most hackers would opt to use Visa, MC or Amex branded cards rather than trying to use someone’s personal debit card.

Though, keep in mind most debit cards issued by banks today contain a Visa or Mastercard logo. So, that means the card can be used like a credit card with a signature alone. Instead, you should ask your bank to send you a debit card without the logo. This card can only be used where debit cards are accepted or at ATM machines. It cannot be used to buy at places that don’t accept debit cards. Again, this keeps your card from becoming the lowest hanging fruit.

Limit your shopping days

When you do shop, keep your receipts so you know the date and time that you shopped and where. Keeping receipts is always smart if you need to return something, but it’s even smarter when there’s a data breach so you know if you may have been affected.

Also, limit your shopping to a limited number of places and keep record of when and where (use receipts or write it down). Four months after the holiday shopping season when a breach is announced, you might not remember that you shopped at that random store that lost data which then subsequently led to some random hacker racking up a large bill on your Visa card. In fact, you might only discover the breach yourself after you notice the large bill on your card.

If you limit the number of times you shop and use cards as suggested above, you can help eliminate your cards as being the easiest to rob.

Shop where breaches have previously occurred

This may seem counter to safe practices, but companies have have endured breaches are less likely to be breached again. This is especially true of big box retailers such as Target, Walmart and the like. These retailers have a whole lot to lose if they are breached a second time. It’s very likely that these companies networks are a whole lot more secure after the breach than before it.

Shopping at companies who have not yet had a breach doesn’t mean that their networks are insecure any more than they are secured. Yes, it could mean that. But, it could also mean that these yet breached companies are lucky not to have been targeted. If hackers focus their sights on a victim, they will chip away at the security until they find a way in. They also have plenty of time to do it. Let’s also note that way into a network may not be through the front door. The hackers could get in just as easily through an executive’s lost or stolen cellphone or notebook or a third party vendor (like HVAC, plumbing or other contractor who’s network might be less secure). Note that hackers may also work on several company networks at the same time until they find one to breach.

What about Sony?

Sony is a bit of an unusual case. Instead of strengthening their network security across the board, it seems their management team may have decided to only tightened security on the division that was compromised. Sony is a very large corporation containing many different entities all over the world. SCEA (the games division) was where the last breach occurred prior to this latest breach on the Motion Picture Group. So, anyone who has read through the MPG spreadsheet of salaries knows that there are at least 6 people in the US alone that are taking home well more than $1 million dollars a year in salary. You would think that these highly paid staff would understand the risks of computer networks and make it their top priority to secure their personnel and other records through best security practices. Nope. For example, an easy best practice is to use a password to open a spreadsheet. Sure, these can be easy to crack, but that’s extra effort required on the part of the hacker.

Unfortunately, these people are not doing their jobs. Some could argue, it isn’t their job. Their job is to be Senior or Executive VP of blah. Part of being a Vice President is to make sure your company is secure. If you can’t ensure that your division is secure, then you shouldn’t be taking home a million dollars in salary. It’s quite simple. These people are way overpaid for the job they perform for Sony. I digress.

Sony is clearly a situation where the left hand doesn’t know what the right hand is doing, and frankly they don’t care as long as they walk away with their pay. So, what about Sony? Here’s the takeaway.

For any company that has been double or triple breached (like Sony), you should stay as far away from that company (like Sony) as you possibly can. Sure, you can buy Sony products at a retailer because the retailer is responsible for the transaction. But, you should not use Sony products that require storage of credit cards for payment. You should also not purchase software from any site that Sony owns. It’s crystal clear, Sony cannot be trusted and they seriously don’t care about data security. If you must purchase something from Sony, use a Sony branded gift card, Paypal, Google or Amazon checkout. These payment systems are not owned or operated by Sony, but can send payment to Sony for whatever it is you need to buy. But, don’t buy directly from Sony (or any other company) that has repeatedly been breached.

Best Practices for Personal Finances

While these are but a few best practices to protect your home finances, there are plenty more common sense approaches to keeping your finances secure. Here are a few top examples of how to secure your own finances:

  • Keep your credit cards in a safe place.
  • Regularly check your bank statements for unauthorized transactions. Some banks now offer email notification of suspicious activity, use it.
  • During the holiday season, make sure you know what stores you shopped by keeping receipts in a handy place.
  • Open a second bank account to move small amounts of money in when you need to purchase items online or in stores. Secure your primary account using limited access to services like debit cards, ACH and other third party access. Use the second account much smaller account for these services. It’s easy to move money between accounts in the same bank using your phone app or on the web, so take advantage of this extra security.
  • Call the bank immediately if you’ve lost or stolen your card. You should write down the number on the back of the cards into your smart phone so you have it in case the card is stolen or lost. Don’t write the account numbers down next to the phone number.
  • Make use of the free credit report you can get once a year and check your credit every year.
  • Don’t purchase from any retailer where they are not following proper credit card practices. For example, they should not have to double swipe your card, write the numbers down or ask for any further information aside from looking at the back of the card.
  • Don’t allow any retail cashier to walk away with your card. They should only need to hold the card long enough to look at it or swipe it once at the register.
  • While it is a regular practice for waitstaff to walk way with cards and bring them back to the table as a convenience, you should be wary of this practice. In fact, it might be best to take the check to the cashier at the place where they ring up your meal and watch them ring up your bill. Allowing waitstaff to walk away with your card out of sight means it could be duplicated, swiped through a cell phone or written down.
  • Throughout the holidays, you should search through a major news site for data breaches at least once a week. As soon as you hear of any store that has breached where you may have shopped, you should ask for a replacement card if logo branded or change your pin immediately if debit. For Visa, Mastercard or Amex logo branded gift cards that may have been used at that retailer, you should call the number on the back to have a replacement sent immediately. Unused gift cards are not a problem.
  • Request your bank place a fraud watch on your account if you suspect anything amiss with your cards. You should also request a replacement card if you have any reason to believe your card number has been lost. Yes, I know that can be a hassle during the holiday season while you wait for a new card, but it can potentially save you thousands of dollars lost to a hacker.

Overall

It is up to you to secure your own home finances. Using the above best practices should help aid you in achieving that goal. But, you should immediately become suspicious of anyone who attempts to do anything out of the ordinary with your card. If a cashier asks to do something with your card that doesn’t make sense, you should immediately ask for the card back and call over the store manager to clarify what’s going on. If they are the only person in the store, you should leave without making the purchase, step out of the store and immediately call your bank and put a fraud watch on your card.

As the Holiday shopping season gets fully underway, you need to be ever vigilant over your finances because the stores won’t do this for you. Worse, because there are many people who need money to meet their own bills and cover holiday shopping expenses, fraud and theft can be anywhere from anyone. That’s not to say that most people working at retail establishments aren’t screened and trustworthy, but for some people, the temptation of all of that money gets the better of them and they resort to taking other people’s money. By far and away, though, data breaches are the biggest problems of all because you don’t know who or where the attacker is. So, this is where you need to watch your finances closely and use your card very limited amounts over the holidays. Use cash where you can, but don’t jeopardize your personal safety by carrying too much cash.

Wishing a Happy and safe holiday season to everyone from Randosity!

Stung by the Target data breach? Here are some tips.

Posted in botch, business by commorancy on December 22, 2013

Target LogoUnless you’ve been living in a cave, Target stores recently disclosed that it had potentially lost up to 40 million credit and debit card numbers when their point of sale systems became infected with malicious software. Let’s explore how to protect yourself from these situations.

Knee-jerk Reactions

A lot of people who are not very tech savvy immediately jump the gun and presume all credit card systems are vulnerable and that carrying and using cash is safer. Unfortunately, this is an incorrect assumption to make. Cash, while useful, is not always safer to carry around. If you are carrying, for example, thousands of dollars on your person, when you get robbed or mugged, your money is gone and is not replaceable on top of whatever injuries you may have sustained when they robbed you.

You’re probably thinking, “How is anyone going to know I’m carrying it?” You have to open your wallet to buy things. People can easily peer in and see how many bills you have tucked in there. It’s very simple. They’re not going to mug you immediately following seeing the money. No, they’ll wait and do it a much more opportune time for them, but when you are most vulnerable (alone in a garage or someplace else similarly alone and dark). So, carrying loads of cash is not the answer. Money is also not replaceable when it’s stolen.

When and what happened in the breach?

Target confirmed that cards swiped through its terminals between November 27th and December 15th were likely exposed in the breach. However, Target hasn’t been forthcoming describing exactly how the breach was accomplished. But, what has been said is that the point of sale terminals appear to have become infected with malicious software. This would likely include both the customer card terminal reader and the register itself since both are connected together. It has also been stated that the hackers only received data contained on magnetic card stripe, which indicates that the malicious software only infected the actual card swiping hardware device.

However, if the entire register and card-reader terminal was infected with malicious code, it’s possible they also captured all input from these terminals which would include PIN codes and signature digital data. So, I’d suggest proceeding on the assumption that they did potentially obtain keyed-in data including PIN codes.

To be the absolute safest in your response to any breach announcement, always assume the worst to take the most appropriate action in anything dealing with credit or debit cards.

Who is Most Vulnerable?

Mastercard, Visa and Amex card holders or debit card holders which contain Visa or Mastercard logos are the most vulnerable card holder types in this breach. These cards can be used anywhere, especially at online sellers without signatures. So, it’s easiest to use these cards all over the Internet.

The least vulnerable cards are Target RED cards without Visa logos. These cards would actually protect you against use. Since these cards are only usable at Target and must be presented at the register to be swiped, they cannot be used at Target without creating a physical card. Because these cards do not look or feel like regular credit cards, they would be a bit harder to duplicate. Though, it’s not impossible. Because the non-Visa RED cards only work at Target, this means that the perpetrators would likely use the ‘low hanging fruit’ first. That is, the perpetrators would opt to use card numbers that can be used anywhere and can be used online without needing to print a card. Or, more specifically, Visa, Mastercard or Amex branded cards. Cards without logos, like Target’s RED cards can only be used at Target which limits where the card can be used.

The RED card can be used, however, at Target.com. This means they could use your RED card on a Target.com account.

What should I do?

If you have a credit or debit card bearing the Mastercard, Visa or Amex logos, you should flip the card over, call the number on the back and ask to have the card replaced. Don’t try to contact Target, don’t ask questions at Target, just have the card replaced immediately. Yes, I know this is the height of the holiday shopping season and may make it inconvenient for you, but just consider how much more inconvenient if the perpetrators max out your card and you have to clean up that mess in addition to not being able to shop? It’s always better to err on the side of caution and replace your card.

If you have a RED debit card, log into Target’s RED card management site and change your PIN. You can get to it from the main Target.com web site. Go ahead right now and do it. I’ll wait. You can finish reading the article when you get back.

So, now that you’re all done changing your PIN to your RED card, that’s really all you need to do. If the perpetrators obtained your RED debit card number, it cannot be used without the PIN code. By changing your PIN, you have now just protected your RED debit account from unauthorized use.

If you have a RED credit card without a Visa logo, assuming this card only requires a signature to purchase, then you are also vulnerable to easy purchases online at Target.com. Even with a non-logo Target credit card, there’s much less that can be done with it as it only works at Target. Still, I suggest you also visit the RED card management portal and choose to replace your RED credit card. There’s a link in the management site to do this. I suggest doing this online rather than trying to call the number on the back and waiting on hold. Due to the extremely high volume of calls that Target is experiencing at the moment, it’s really a whole lot faster to use their web management site. However, before you run off and request a replacement card, I suggest reading the rest of this article first.

If you own a Target Visa card, you should replace it immediately just as you would any Visa branded card.

Should I cancel my RED card?

The answer to this question is not as simple. If you use no other card than the RED debit card to make purchases at Target, you are actually more protected than any other card you can use. So, I wouldn’t recommending closing out your RED debit card if you want to continue shopping at Target. However, if you no longer wish to shop at Target after this breach, then I would suggest you close out all of your RED cards as you don’t want these cards hanging around unused.

If you own a Target Credit card and especially a Target Visa card, you might want to consider closing these cards and replacing them with a RED debit card instead. Debit cards are protected by PIN codes. Without the PIN, the card is useless. With a credit card, only a signature is required in-store. For web purchases, no verification is really required other than the security code on the back (and not always even at that). With debit cards, your PIN code protects you. With a credit card, very little protects you other than fraud liability coverage and even then you can still be held liable.

The Best Card To Use

The RED debit card is the safest card to carry into Target to shop. It’s safer than a Visa, Mastercard or Amex branded card because it can only be used at Target. It’s safer than carrying loads of cash. It also gives you a 5% discount off of purchases. You won’t even get that discount with cash. It requires a PIN code to use the card and PIN codes are relatively easy to change on the Target management site by the authorized user. It’s not so easy to change by a hacker. The one downside to using the Target RED debit card is that it requires giving Target ACH access to your bank account. But, if you set up a separate account strictly for shopping purposes as suggested in Randosity’s Don’t Trust Paypal article, you can even protect your bank account from unauthorized ACH access by Target.

How do I protect myself?

There are limits to what you can do to protect yourself against technology. We are all vulnerable to attacks every day when using our phones, our computers, at work, in our cars. Technology is everywhere and malicious code is being developed as you read this article. There is no protection against malicious code technologies. Most technologies are written for the greater good, such as checking you out at the store, helping run your phone, helping run bank ATMs, etc. These are all good uses of technologies. However, there are people who’s goal it is to disrupt these technologies for their own pleasure, for political reasons, for terror reasons or simply to disrupt the flow of society.

Basically, sh*t happens. You can’t predict it, you can’t manage it, you can’t really do much about it. This is why your bank cards have limited liabilities and why they allow you to change PIN codes and ask for replacement cards. The banks are well aware problems happen and they have safeguards in place to help prevent these problems.

However, only you can protect you. If you want to be the safest you can be, then monitor your transactions in your accounts closely. Also, choose technologies and technology strategies that help you safeguard your accounts. Don’t expect the banks to do this for you. However, some banks do offer limited monitoring services and will contact you when suspicious activities appear. But, it is up to you to make sure your account information is safe. Basically, if you don’t trust in the current payment technologies, you’ll be left behind. If you do trust the technologies, you have to take the good with the bad. Cash paper money won’t last forever. Eventually, it will be replaced with something else. But, these new payment technologies will continue onward.

For now, cash is one way to handle the technology issue, but it is not the best way. Of course, you could go back to using paper checks, but even checks are vulnerable to electronic attacks. While the paper check is an older concept, it still suffers from technology attacks because checks are scanned by computers and from there they become digitally vulnerable. It can also be difficult to buy things with cash or checks at online retailers unless they accept Paypal. The bottom line, if you choose not to participate in the new payment technologies, you will find it difficult and inconvenient to buy things, especially online. If you choose to embrace the newest payment technologies, you will need to also embrace the new security paradigm that goes along with these new technologies. Target has just unwittingly become a poster-child for these new paradigms.

Tagged with: ,

Business and Politics don’t mix

Posted in business, politics by commorancy on August 19, 2010

As Target and Best Buy have so aptly found out, donating large sums of money to political candidates can backfire. I know why companies wish to donate. They want to be able to call in the candidate on local reform when necessary. The issue, though, is that while this may be the goal, the candidate may not stand for what your customers do… especially if you are a retailer. Retailers must sell to the public. The public are the people who support the retailers. However, when these same businesses choose to contribute to (aka endorse) candidates who may have agendas that a vocal part of your buying public opposes, then your company can get into hot water. And yes, Target and Best Buy have found this out the hard way.

Target And Best Buy

Both of these companies contributed over $100,000 that ended up supporting advertising for a local Minnesota gubernatorial candidate who opposes gay marriage and who advocates violence towards gays. While that wasn’t the crux of that candidate’s platform, it was a the part of it that caught the wrong attention from these donations. This set off a firestorm of negative publicity for both of these companies. Gay activists are now calling for boycotts of these stores.

This is cause and effect. This is why companies have no business contributing funds that go to specific candidates. In fact, companies have no business in politics. Yes, I know they want to have hip-pocket legislation, but at the same time, these companies also need to understand the direct relationship of any direct candidate donation to the bottom line. It’s very likely that Target and Best Buy have spent more than their donations in managing this publicity nightmare. This issue also proves that if a company feels the need to donate to politics, they need to do it directly to each local democratic or republican top level coffer. That way, the money is spread out among the candidates rather than going to a single candidate. Even still, politics is a sticky wicket and any contribution may backfire.

Oil and Water

Business and Politics don’t mix and this situation is the prime example of why. If companies want to contribute to political causes, they must understand the negative outcome of those decisions and weigh it carefully against the cost of a PR fallout. Worse, it could alienate customers whom you depend on for your bottom line. Being in business is already difficult enough without making such huge mistakes.

If company executives feel they must have hip-pocket legislation at their fingertips, then they need to find other ways to do it… like, for example, lobby groups. Send these groups to Washington like everyone else and get legislation made in a more generic way.. not by endorsing specific local candidates where their political agenda might conflict with the buying public.

Could be any cause involved..

Note that any donation could have gone to support some other problematic issue. So, any direct political candidate donation is not a good idea for any company.

So, how does Target and Best Buy deal with this issue? Well, clearly it’ll be difficult to get that money back. It’ll also be difficult for them to weather this storm. The best idea is to, obviously, issue a sincere apology regarding the donation. State that they didn’t understand the candidate’s platform and state that they won’t do this again. But, the deed is already done. Of course, a statement that they won’t do it again is probably a lie. It’s only a matter of time before they donate to some other cause that may get them into hot water again.

Companies like this never learn and are destined to make the same mistakes. As a consumer, you need to make your choices about whether you want the money you spend at those companies to go to supporting those causes. Just something to think about.

%d bloggers like this: