Details Emerge on Neiman-Marcus Hack, as Mag Stripes and EMVs Make News
A Closer Look at the Neiman-Marcus Data Breach
In the realm of payments, various seemingly unrelated articles once more converge to highlight a common theme: the impending transformations in payment methods and the heightened security concerns stemming from the Neiman-Marcus data breach.
Neiman-Marcus Data Breach Specifics
After weeks of limited discussion, specific information is now surfacing regarding last year’s data breach affecting Neiman-Marcus customers. Previously, this incident had discussed it in general terms, often linking it to the well-known Target breach, which a Senate hearing in this report confirmed impacted over 98 million individuals.
But specifics were always puzzlingly vague about the NM breach — until now. According to an article in Wired, the numbers of “affected” were, happily, much lower: a mere 1.1. million or so!
Of course, there are fewer Neiman-Marcus than Target shoppers to begin with. Of those whose data was pinched, “the company said debit and credit cards were compromised, but not PINs, since the company does not use pinpads in its stores.
Investigators who spoke with the New York Times believe that the Target breach and the Neiman-Marcus data hack are connected.
“The company says it’s notifying all customers who shopped at its stores between January 2013 and January 2014.” Meaning, if you used plastic at Neiman-Marcus at all in 2013, you should start doublechecking accounts, or consider replacing cards, now.
Wal-Mart’s Lawsuit Against Visa
Simultaneously however, in other payment industry news, Wal-Mart continues with its suit against Visa, alleging rate fixing in bank interchange rates (the result of Wal-Mart opting out of a previous class action settlement against Visa and Mastercard.)
One aspect of the lawsuit takes in data safety. As quoted in the payment industry’s Greensheet newsletter, “Visa has long recognized that the magnetic stripe technology … is inherently insecure and fraud-prone,” according to Wal-Mart. “Yet, Visa has shifted most of the cost of fraud losses to merchants in this country through the implementation of various compliance programs and liability rules. Its success in forcing merchants and consumers to accept and use technologically-inferior and fraud-prone products is further evidence of its substantial market power.”
Attorneys on the other side, however, say consumers are reluctant to switch, and merchants likewise need to switch over to EMV-compliant payment systems.
The reasons for switching are there, but the payments industry faces a chicken/egg horse/cart situation, in terms of who will move first — in a substantial way — toward safer payment technology.
Changes in Regulations
Meanwhile, toward the end of March, an appeals court in Washington, D.C. overturned an earlier ruling affecting Sen. Dick Durbin’s amendment to the 2010 Dodd-Frank Act, ordering the Federal Reserve to now revisit how it interpreted the way the regulations in the act affected both prepaid and debit cards.
As mentioned in another section of the same Greensheet edition, payment networks have observed that debit issuers were awaiting the appeals court ruling to determine whether they should proceed with the higher-cost EMV implementation or postpone it for a more extended evaluation.
This eliminates yet another publicly stated hindrance to EMV adoption. The remaining question pertains to the timing and the extent of customers’ demand for these advancements, especially in light of persistent breaches of their personal data.
Changes, however, are clearly coming. Get ready for them by contacting your AVPS Rep, and making sure the payment methods for your own business covers a range of options both for your customers, and your own ability to keep up with them when and wherever they want to do business with you.
