As you know, one of the biggest stories in the history of credit card security broke — happened — over the holidays: The hacking of credit and debit card information on millions of customers — perhaps as many as 40 million — at Target Stores, over the holidays. Specifically, in a period ranging from Black Friday to about mid-December.
We touched on some of the fallout last week, in our New Year’s post: Some banks, generally smaller or regional ones (so far) were unilaterally cancelling existing customer cards and reissuing new ones, leaving some surprised customers potentially scrambling, with cash or checks in hand, to try and pay for goods and services.
The fallout continues apace, and promises to bring, or accelerate, changes to the card industry here in America.
According to a recent CNBC article, while customers won’t have liability for false charges on credit accounts, similarly, there will be “‘zero liability’ on most debit accounts, but there are questions about which party—the bank in question, Target, or industry authorities—will ultimately be found liable. (A Target statement at the time the breach was disclosed only sought to reassure guests they would not be held financially responsible.)”
But the search for responsibility — especially the next massive breach happens — continues. As the article notes, “The National Association of Federal Credit Unions has sent a letter to congressional leaders calling for retailers to be subject to the same standards of data security as the banking industry.
“’Credit unions and other financial institutions—not retailers and other entities—are out front protecting consumers, picking up the pieces after a data breach occurs.’”
As the industry newsletter Green Sheet said on the same subject, “Beyond the legal costs, a forensic investigation must be performed to pinpoint the source of the breach, and steps must be taken to shore up security vulnerabilities.”
But the article affirms that even non-Target sized businesses — like yours — have a role to play in that “shoring up:”
Quoting the head of one security firm, the article continues that while “larger businesses are diligent in reporting breaches.. that is not apparently the case with smaller companies. ‘The vast majority of small and middle-sized companies: one, may not even know that breaches have taken place; and two, many times they sweep them under the carpet.”
The article notes the potential fines that can occur from lack of reporting, along with the lack of customer trust, which Target has been wrestling with since their own breach woes. And in the pipeline, are changes that will help make subsequent breaches less likely. MasterCard, for example, is working on technology that would create “disposable” customer numbers which are used for only one transaction at a time, making the information obtained in hack worthless to the hackers.
And this may speed up the implementation of EMV standards for American cards — where customer information is contained in a chip, instead of on a magnetic strip, as is already the case in Europe and other parts of the world.
We will be reporting on all these developments in the year to come. Meanwhile, right now, in the early going of this year, be sure to contact your AVPS rep if you have any questions about your customers’ security, or what your options are for expanding their payment options, including mobile processing, eChecks, prepaid cards, and more.