(1) Don't use debit cards. You're much better protected as a consumer when you use a credit card. http://www.bbb.org/blog/2013/11/do-debit-cards-and-credit-ca...

(2) Use BillGuard https://www.billguard.com/

(3) Review your transactions every week or so via a personal finance tool (I use https://www.mint.com/)

I don't particularly care if my payment credentials are compromised as it's highly unlikely a fraudulent charge would go unnoticed by me just using the advice above. It's quick, easy to set up, and stuff you really ought to be tracking anyway.

Love the EMV plug, as if it'd actually have helped. EMV transmits the card information in the clear, it only makes physical copying of the cards harder (Which really doesn't matter since credit cards can be used online).

The only thing EMV would achieve is making this data slightly less valuable, but still worth it for the attacker. Replacing the EMV cards would also be more expensive by an order of magnitude.

tl;dr: if you use your EMV card on a compromised POS, you'll be as fucked as you'd be with a magstripe card. Your bank will be ten times as fucked.

I wonder if this will be less of an issue here in Canada with our euro-style chip & PIN setup. In theory the attackers wouldn't have long-lived access to any of the payment information. I suppose we'll see.

The attackers probably have my name/email address/mailing information, which kind of sucks.

> The Home Depot is offering free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store in 2014, from April on.

This is absolutely not acceptable, and I deplore how this has become the status quo. I reject these services and want nothing less than a full lawsuit.

It seems to me like the breach may still be ongoing/the vulnerability may still exist. In the announcement, they use "have been" as in its actively occurring. Additionally, in the press release (http://ir.homedepot.com/phoenix.zhtml?c=63646&p=irol-newsArt...), they don't indicate that the breach has stopped; they only say they have taken aggressive action.

It seems unlikely that the attack would continue since the attackers have lost their cover, but the wording is a bit strange.

encouraging that they are using this as a motivator to "roll out EMV "Chip and PIN" to all U.S. stores by the end of this year" ahead of the prescribed deadline.

edit: "Chip and PIN" is taken directly from the sec filing that is linked.

the described deadline of october 2015 for the liability shift comes from banks[1] and not a US law or similar.

[1] http://en.wikipedia.org/wiki/EMV#United_States

Official SEC Edgar filing: https://www.sec.gov/Archives/edgar/data/354950/0000354950140...

Some home depots let you pay with paypal as well.