Details Emerge on Neiman-Marcus Hack, as Mag Stripes and EMVs Make News

Once again in the world of payments, a confluence of seemingly “separate” articles all point in the same direction: about the changes coming to how payments are made, and how secure that process will be.

After several weeks of being talked about only in a general sense, details are finally emerging about the extent of the data hack on Neiman-Marcus customers last year.  Previously, the event was referred to only in a general way, usually as an adjunct to the infamous Target breach which affected upwards of 98 million people (according to a Senate hearing in this report).

But specifics were always puzzlingly vague about the NM breach — until now. According to an article in Wired, the numbers of “affected” were, happily, much lower: a mere 1.1. million or so!

Of course, there are fewer Neiman-Marcus than Target shoppers to begin with. Of those whose data was pinched, “the company said debit and credit cards were compromised, but not PINs, since the company does not use pinpads in its stores.

“According to the store, malware was installed on its point-of-sale system in mid-July and attempted to siphon card data until October 30.”

Both the Target hack, and the one at Neiman-Marcus “are believed to be related, according to investigators who spoke with the New York Times

“The company says it’s notifying all customers who shopped at its stores between January 2013 and January 2014.” Meaning, if you used plastic at Neiman-Marcus at all in 2013, you should start doublechecking accounts, or consider replacing cards, now.

Simultaneously however, in other payment industry news, Wal-Mart continues with its suit against Visa, alleging rate fixing in bank interchange rates (the result of Wal-Mart opting out of a previous class action settlement against Visa and Mastercard.)

One aspect of the lawsuit takes in data safety. As quoted in the payment industry’s Greensheet newsletter, “Visa has long recognized that the magnetic stripe technology … is inherently insecure and fraud-prone,” according to Wal-Mart. “Yet, Visa has shifted most of the cost of fraud losses to merchants in this country through the implementation of various compliance programs and liability rules. Its success in forcing merchants and consumers to accept and use technologically-inferior and fraud-prone products is further evidence of its substantial market power.”

Attorneys on the other side, however, say consumers are reluctant to switch, and merchants likewise need to switch over to EMV-compliant payment systems.

The reasons for switching are there, but the payments industry faces a chicken/egg horse/cart situation, in terms of who will move first — in a substantial way — toward safer payment technology.

Meanwhile, toward the end of March, an appeals court in Washington, D.C. overturned an earlier ruling affecting Sen. Dick Durbin’s amendment to the 2010 Dodd-Frank Act, ordering the Federal Reserve to now revisit how it interpreted the way the regulations in the act affected both prepaid and debit cards.

As noted elsewhere in the same edition of the Greensheet,  “Payment networks have noted that debit issuers were awaiting the appeals court ruling to decide whether to move ahead with the higher-cost EMV or delay the EMV decision based on a longer term evaluation.”

So another publicly stated roadblock toward EMV implementation has been removed. One remaining question might be how soon, or how loudly, customers will clamor for them as their personal data keeps getting pilfered.

Changes, however, are clearly coming. Get ready for them by contacting your AVPS Rep, and making sure the payment methods for your own business covers a range of options both for your customers, and your own ability to keep up with them when and wherever they want to do business with you.

Leave a Reply

Your email address will not be published. Required fields are marked *