Getting Hacked at Christmas

Another retailer, another security breach. This one involving 40 million shoppers at Target stores in the U.S. For many, the stress of holiday shopping is now through the roof.

While many are choosing to direct their anger and frustration at Target, they shouldn’t; the 2nd largest retail discount chain is doing everything it can after the fact to address concerns from customers.

Getting targeted by hackers, at Target

Getting targeted by hackers, at Target

The Minneapolis company, which has 1,797 stores in the U.S. and 124 in Canada, said it immediately told authorities and financial institutions once it became aware of the breach on Dec. 15. The company is teaming with a third-party forensics firm to investigate and prevent future breaches.

Target advised customers on Thursday to check their statements carefully. Anyone noting a suspicious charges on a credit/debit card is told to report it to their credit card company and then to call Target at 866-852-8680. Cases of identity theft can also be reported to law enforcement or the Federal Trade Commission. Of course, this is after the fact.

What I found most interesting about this case is how often this actually happens and what appears to be the response in the retail world among so-called experts.

According to a report on WCSH-6 with local reporter, Danielle Waugh, cyber crimes like hacking are common and difficult to prevent. Hackers overseas, who have a huge incentive to launch attacks like these against a major retailer like Target, will continue these activities. They are also more prevalent than often reported.

What was rather depressing about the orientation of this local news story, which featured Waugh doing a live shot outside a Target store in South Portland, was that companies seem more interested in purchasing insurance to protect their own interests, as well as managing the PR fallout from these attacks. Nowhere in the WCSH-6 story was the issue of the customer addressed. Dan Mitchell, part of a data protection practice at Bernstein Shur talked about ways that companies are looking to protect themselves, using methods like these.

Again, the angle was entirely that these things will continue to happen, and that companies will need to take steps to protect themselves — nothing was offered to consumers. Apparently, we’re on our own.

After doing a bit more digging on my own, I found another story in the New York Times indicating that the U.S. is lagging behind Europe and the rest of the world in our use of credit card technology.

While most new stories are targeting Target for blame, perhaps banks and credit card issuers ought to take steps and move into the 21st century on cyber security.

Experts are questioning why — with breaches recurring regularly and credit card fraud rampant — that American credit card issuers have not embraced smart-chip technology. The United States accounts for more than 47 percent of global credit card fraud, while generating only 24 percent of card spending, according to the Nilson Report, a card industry newsletter. More than 80 countries around the world use chip technology, but less than 1 percent of credit cards in the United States have chips.

When you use a magnetic-stripe credit card, it serves up the same data every time it gets swiped; chip cards on the other hand offer a different encrypted mathematical value, making it harder for criminals to use stolen data for future purchases.

“The U.S. is the only world region where counterfeit fraud continues to rise,” said David Robertson, the Nilson Report publisher. The absence of this chip technology at the physical point of sale is a large contributing factor, he added.

While it’s easy to bitch and complain, our compulsive shopping, and the ease with which we offer our personal and other unique information to hackers, every time we use a credit card contributes to the problem. What might be a proactive response is for consumers to band together and demand that rather than banks and other card issuers continue to reap all the benefits of Americans’ use of credit cards, they take the necessary steps to protect consumers, rather than leave the entire onus on them. If it’s ok for Big Data to mine every personal detail from us, possibly, they could also offer some assurances to us in exchange.

Of course, we could so something revolutionary and change the way we live our lives and decide that consuming for consumption’s sake becomes a thing of the past.

3 thoughts on “Getting Hacked at Christmas

  1. Security breach? I didn’t see anything on Facebook…it mustn’t be real. Thanks for offering the revolutionary approach at the end of your post. It’s old fashioned and practically medieval, but using cash for most transactions can provide a measure of “personal liberty” too.

    • It was amazing how one-sided most news coverage has been given the size and scope of this, and that it’s not limited to Target and it will continue. The only angle has pretty much been what the corporations can do to protect themselves.

      Big data continues to get bigger, and none of this is positive for the consumer.

      As they used to say, “cash is king.” Maybe cash will make a comeback. I can see the hipsters being all over this, as having a wallet, jammed full of cash, on a chain, as being great costuming for them.

  2. Having lived in the land of “chip and pin,” it’s not all it’s cracked up to be, either. Its credibility is right up there with the crypto of the new UK passport, which was cracked the day of release in about thirty minutes by a Cambridge researcher. The info on the card can be swiped nearly as easily, and a four-digit pin is nothing for modern microprocessors.

    The reason the card data aren’t stolen as much in Europe is because so much point-of-sale is done with cellphones or cash. I could always get gas after hours in Europe if I was willing to shove euro coins into the pump. It’s just a different operating environment.

    A security professional wrote this many years ago, and it’s likely still true: your data has already been stolen. The only reason yours hasn’t been used fraudulently is that the thieves have a few tens of millions of cards to use before they get to yours.

Comments are closed.