Article for reference: http://www.usatoday.com/story/news/nation/2013/12/18/secret-service-target-data-breach/4119337/
The gist of the article is that Target, a US super store retailer, lost who knows how many credit card numbers. They have about 1800 stores in the US, and another 120+ in Canada. The losses appear to involve all of their stores from around Thanksgiving through December 15th.
My company processes credit cards. As a matter of course we don't store any of that information. Instead we just store the transaction ID, which, quite frankly, is ALL that is necessary to deal with any type of refunds or accounting audits. There is simply zero reason to keep the card number.
What I'm absolutely mystified about is why in the hell anyone, other than the card issuers themselves keeps the numbers at all? What could they possibly use them for? I'm sure I'm going to get a couple letters from a few banks I do business with letting me know that yet AGAIN they are cancelling my current cards and are reissuing. I also got bit by Adobe's loss of card numbers earlier this year. Actually, this will likely be the 4th time in 2013 I've had to replace a card..lovely.
At what point will Visa/MC and the banks start suing the crap out of these companies for losing those details? The banking costs alone for reissuing thousands (potentially millions) of cards has got to be enormous.
So, here's a question for the people here: Do systems you work with/on store credit card details? If so, why? I have yet to see anyone with a valid reason for it.