Another View: Banks, credit firms, retailers put customer data at risk

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.thetowntalk.com/article/20131228/OPINION/312280006/Another-View-Banks-credit-firms-retailers-put-customer-data-risk?nclick_check=1

News that cyber-criminals have put the accounts of 40 million customers of
retail giant Target at risk is a sober reminder that as much as you might
think your credit and debit card transactions are safe from theft, they’re
not.

Target isn’t the first or the largest victim of cyber-crime. Nor will it be
the last. The U.S. is where the money is, but U.S. banks, credit card
companies and retailers are woefully behind their European counterparts in
tackling this threat.

Consumers and lawmakers must demand tighter security on personal
information, the theft of which can cause years of consternation. Financial
networks are more connected than ever, leaving many entry points for
thieves to exploit any transaction to rack up unauthorized charges.

After dozens of high-profile data breaches in recent years, you’d think
retailers and financial institutions would have installed state-of-the-art
security technology, especially at the checkout counter.

Few have.

Sophisticated fraud-prevention technology is expensive, and retailers,
banks and credit card companies all want someone else to pay for it.

The Nilson Report, which tracks these things, says financial fraud reached
a record $11.2 billion in 2012. That’s a staggering figure to the average
person but amounts to only about 5.2 cents for every $100 transaction.
Companies often chalk up this loss as a cost of doing business or pass
along the expense to consumers.

As a customer, you should find this maddening and unacceptable. If a breach
causes you to be a victim of identity theft, you can be sure that your
retailer, bank or credit rating agency will not be of much help. You’ll be
on your own to straighten out the mess.

In Europe, credit cards store encrypted information digitally on embedded
computer chips, which generate a unique code every time the card is swiped.
Card fraud has dropped in Europe but continues to rise in the United
States. Security experts say that’s because the magnetic strip on our
credit and debit cards is a decades-old technology that is too easy to copy.

Target is telling customers that they won’t be responsible for fraudulent,
unauthorized charges and is discounting purchases to placate rattled
consumers. JPMorgan Chase has limited the amount of cash withdrawals
available to Target customers as a precaution.

On the legal front, Sen. Charles Schumer, D-N.Y., is demanding a federal
probe into the breach, at least four state attorneys general have sought
answers from Target, and class-action lawsuits from consumers are under way.

But acting after the fact is not enough. We live in a plastic society, so
it is unrealistic to ask consumers to not use debit or credit cards. It is
entirely reasonable to demand that banks and retailers do much more to
protect customers.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.