BreachExchange mailing list archives
Another View: Banks, credit firms, retailers put customer data at risk
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Sat, 28 Dec 2013 22:03:00 -0700
http://www.thetowntalk.com/article/20131228/OPINION/312280006/Another-View-Banks-credit-firms-retailers-put-customer-data-risk?nclick_check=1 News that cyber-criminals have put the accounts of 40 million customers of retail giant Target at risk is a sober reminder that as much as you might think your credit and debit card transactions are safe from theft, they’re not. Target isn’t the first or the largest victim of cyber-crime. Nor will it be the last. The U.S. is where the money is, but U.S. banks, credit card companies and retailers are woefully behind their European counterparts in tackling this threat. Consumers and lawmakers must demand tighter security on personal information, the theft of which can cause years of consternation. Financial networks are more connected than ever, leaving many entry points for thieves to exploit any transaction to rack up unauthorized charges. After dozens of high-profile data breaches in recent years, you’d think retailers and financial institutions would have installed state-of-the-art security technology, especially at the checkout counter. Few have. Sophisticated fraud-prevention technology is expensive, and retailers, banks and credit card companies all want someone else to pay for it. The Nilson Report, which tracks these things, says financial fraud reached a record $11.2 billion in 2012. That’s a staggering figure to the average person but amounts to only about 5.2 cents for every $100 transaction. Companies often chalk up this loss as a cost of doing business or pass along the expense to consumers. As a customer, you should find this maddening and unacceptable. If a breach causes you to be a victim of identity theft, you can be sure that your retailer, bank or credit rating agency will not be of much help. You’ll be on your own to straighten out the mess. In Europe, credit cards store encrypted information digitally on embedded computer chips, which generate a unique code every time the card is swiped. Card fraud has dropped in Europe but continues to rise in the United States. Security experts say that’s because the magnetic strip on our credit and debit cards is a decades-old technology that is too easy to copy. Target is telling customers that they won’t be responsible for fraudulent, unauthorized charges and is discounting purchases to placate rattled consumers. JPMorgan Chase has limited the amount of cash withdrawals available to Target customers as a precaution. On the legal front, Sen. Charles Schumer, D-N.Y., is demanding a federal probe into the breach, at least four state attorneys general have sought answers from Target, and class-action lawsuits from consumers are under way. But acting after the fact is not enough. We live in a plastic society, so it is unrealistic to ask consumers to not use debit or credit cards. It is entirely reasonable to demand that banks and retailers do much more to protect customers.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Another View: Banks, credit firms, retailers put customer data at risk Audrey McNeil (Dec 31)