2014: The Year of the Breach?

We certainly hope not. But the FBI isn’t so sure. A recent Washington Post article states that  “nearly two dozen companies have been hacked in cases similar to the Target breach and more almost certainly will fall victim in the months ahead, the FBI recently warned retailers,” this “according to an official who was not authorized to speak publicly.”

So they want you to consider yourself warned, though not “officially.”  The piece noted that “only 11 percent of businesses have adopted ­industry-standard security measures,” a somewhat shocking statistic that leaves us at AVPS wondering what those other 89% are thinking.

But the rise in such attacks may come not only from the availability of malware on black markets, but because of this being another form of “copycat crime.”

As Nicolas Christin, a security researcher at Carnegie Mellon puts it, in the same article: “You’re going to see more and more people trying this. If you just saw your neighbor win the lottery, even if you weren’t interested in the lottery before, you may go out and buy a ticket.”

So while you need to be on guard — and check with your AVPS rep that all your security and payment options are up to date — note that the other under-secured 89% is finally being rallied to action, as well.

For banks, noting that it costs upwards of $15 per card replacement — when you factor in “the costs of plastic, embossing and encoding, PIN generation, mailers and postage, card activation, new account setup, expanded call center operations and processor fees.”

This according to an editorial in The Hill — the Washington, D.C.-centric newsletter aimed at legislators — written by the presidents and CEOs of two different banking associations. What they also say, interestingly, is that in light of such costs — multiply that $15 by the 100 million customers affected in the Target breach — they “believe that parties suffering a data breach should bear responsibility for fraud losses and restitution to affected parties. Whether it is a retailer, data broker, financial institution or other entity, the party that suffers a data breach should be responsible for fraud losses and the costs of mitigation and restitution when consumer information is compromised.”

Meaning it will be incumbent on every merchant as well — especially if the FBI’s prognostications come to pass – to be as up-to-date on secure transactions as possible.

Card issuers, on the other hand, are putting the pressure right back on banks. According on an article in The Verge, “banks must issue cards with microprocessors and merchants need the right equipment to process the so-called ‘chip and PIN transactions,’ which is likely to happen gradually. Additionally, the new equipment also processes ‘chip and signature’ transactions, which are less secure but more convenient. So far, many banks have opted to issue chip and signature cards rather than chip and PIN cards.

“There is pressure to adopt the more secure system, however. Visa, American Express, and MasterCard have announced that banks and merchants that are using less secure technology for face-to-face transactions by October 2015 will be liable for fraudulent purchases.”

So whether more breaches force faster change, that change is in the cards (pun?), pipeline, etc. Pick your metaphor, but know that transaction security needs to be more than symbolic.

We’ll keep keeping you up-to-date here on the AVPS Blog.  And be sure to keep your business up-to-date with all of AVPS’ merchant resources too!

Leave a Reply

Your email address will not be published. Required fields are marked *