Breaches exposed 1 in 7 US debit cards in 2013

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.networkworld.com/article/2450441/breaches-exposed-1-in-7-us-debit-cards-in-2013.html

Data breaches at retailers and financial services companies exposed 14
percent of all U.S. debit cards in 2013, according to a nationwide survey
by a major ATM network operator.

The figure is three times that of 2012 and comes as consumers are using
debit cards to make more purchases than ever before.

The survey, conducted by Discover Financial Services’ Pulse ATM network,
found that the majority of affected cards were exposed in a single event:
the Target data breach that compromised some 70 million customer records in
late 2013.

Around 10 percent of all U.S. debit cards were affected in the Target
incident, and the majority of financial institutions affected were pushed
to reissue cards.

The Target breach will likely encourage a faster switch to so-called “EMV”
cards, which contain a microchip rather than a magnetic strip, and require
a PIN for authorization rather than a signature.

While EMV is already standard in Europe, U.S. banks and credit unions
dragged their feet on the technology, but the Target breach has pushed the
industry to a tipping point, said Pulse. Two-thirds of financial
institutions plan to begin issuing EMV cards in 2015.

They are also being pushed by an Oct. 1, 2015, change in the liability
rules concerning card purchases. After that date, card issuers and
retailers that have invested in EMV technology will be protected from
liability for losses.

The change gives banks and retailers the incentive to use EMV because the
cost of the new technology is offset against the amount of fraud it will
deter.

In the case of PIN-based transactions and traditional debit cards with
magnetic strips, the difference is an order of magnitude. The survey found
banks carried a fraud loss of 2.2 cents per signature transaction in 2013,
compared with just 0.3 cents on PIN-based transactions.

The survey found consumers are using their debit cards more—the average
card was used 20 times a month in 2013, up by one transaction from 2012.
The average debit card was used for US$8,875 of purchases in 2013, up $122
from the previous year.

The Pulse survey covered large banks, credit unions and community banks
that together account for 45 percent of all debit card transactions in the
U.S.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!