Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

How Main Street Will Pay for Home Depot's Data Breach

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 17 Sep 2014 10:33:03 +0000 (UTC)
http://www.businessweek.com/articles/2014-09-16/home-depot-breach-why-small-merchants-will-pay

By Patrick Clark
Businessweek.com
September 16, 2014
Federal law protects consumers from the cost of fraudulent charges incurred when thieves steal credit-card and debit-card numbers. That’s good for the millions of Americans who had their payments data exposed by the hackers who breached Home Depot’s (HD) computer system earlier this year. And it’s bad for merchants, who often take losses on sales made to crooks with stolen cards.
When a credit-card company identifies fraud, it wipes the payment off the cardholder’s account and notifies the merchant. Unless the store can prove the payment was authorized, the credit-card company debits money from a merchant’s checking account, leaving the vendor on the hook for the cost of items that were fraudulently purchased. Merchants also pay penalties, called chargeback fees, for accepting unauthorized charges. Accrue too many chargebacks and you’ll pay higher processing fees or lose the ability to accept certain credit cards.
Those costs add up. The average merchant lost .68 percent of annual revenue to fraud in 2013, but the total cost is a multiple of that, according to a survey published (PDF) last month by LexisNexis. For every dollar lost to fraud, merchants spend a further $3.08, to replace lost inventory and cover chargeback fees and other penalties, according to the survey.
The Home Depot hack left as many as 60 million credit cards and debit cards exposed, according to a report in the New York Times. Add those to the 40 million accounts affected by a hacker assault on Target (TGT) last year, plus the cards pilfered from Chinese restaurant chain P.F. Chang, luxury retailer Neiman Marcus, and others. A lot of stolen identities are floating around. 

[...]


--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: