2014: The Year of the Breach?
FBI Warnings and the Recent Spate of Breaches
We certainly hope not. But the FBI isn’t so sure. According to a recent Washington Post article, the FBI recently alerted retailers that almost two dozen companies have already faced hacks similar to the Target breach. Furthermore, they anticipate more companies will likely become victims in the upcoming months, based on information from an official not authorized for public statements.
So they want you to consider yourself warned, though not “officially.” The piece noted that “only 11 percent of businesses have adopted industry-standard security measures,” a somewhat shocking statistic that leaves us at AVPS wondering what those other 89% are thinking.
The Rise of Copycat Crimes in the Cyber World
But the rise in such attacks may come not only from the availability of malware on black markets, but because of this being another form of “copycat crime.”
Nicolas Christin, a security researcher at Carnegie Mellon, articulates in the article, “With increasing numbers of people attempting this, consider a scenario: seeing your neighbor win the lottery might prompt you, even if you had no prior interest, to buy a ticket yourself.”
Merchants, Banks, and the Financial Aftermath
Therefore, you must remain vigilant. Additionally, ensure that you consult your AVPS representative to confirm that your security and payment options are current. Importantly, it’s worth noting that efforts are now underway to mobilize the previously under-protected 89% into action.
For banks, noting that it costs upwards of $15 per card replacement — when you factor in “the costs of plastic, embossing and encoding, PIN generation, mailers and postage, card activation, new account setup, expanded call center operations and processor fees.”
This according to an editorial in The Hill — the Washington, D.C.-centric newsletter aimed at legislators. The presidents and CEOs of two distinct banking associations have written an intriguing statement. Given the costs, specifically when you multiply $15 by the 100 million customers impacted by the Target breach, they argue that any entity experiencing a data breach, be it a retailer, data broker, or financial institution, must take on the responsibility for the fraud losses. Moreover, they should handle the restitution to the affected parties and cover all costs related to mitigation when consumer information is at risk.
Meaning it will be incumbent on every merchant as well — especially if the FBI’s prognostications come to pass – to be as up-to-date on secure transactions as possible.
The Ongoing Debate: Chip and PIN vs. Chip and Signature
Card issuers, on the other hand, are putting the pressure right back on banks. According on an article in The Verge, “banks must issue cards with microprocessors and merchants need the right equipment to process the so-called ‘chip and PIN transactions,’ which is likely to happen gradually. Additionally, the new equipment also processes ‘chip and signature’ transactions, which are less secure but more convenient. So far, many banks have opted to issue chip and signature cards rather than chip and PIN cards.
“There is pressure to adopt the more secure system, however. Visa, American Express, and MasterCard have announced that banks and merchants that are using less secure technology for face-to-face transactions by October 2015 will be liable for fraudulent purchases.”
The Future of Transaction Security
So whether more breaches force faster change, that change is in the cards (pun?), pipeline, etc. Pick your metaphor, but know that transaction security needs to be more than symbolic.
We’ll keep keeping you up-to-date here on the AVPS Blog. And be sure to keep your business up-to-date with all of AVPS’ merchant resources too!