More Fallout From the Target Breach — and Changes in the Pipeline
Target Breach Overview
Transitioning to the topic of “Wooden Nickels Vulnerabilities,” it’s vital to remember recent events in the digital world. For instance, during the holidays, specifically from Black Friday to mid-December, one of the most significant credit card security breaches unfolded. Hackers compromised the credit and debit card information of millions, possibly up to 40 million customers, at Target Stores.
Immediate Aftermath of the Breach
We touched on some of the fallout last week, in our New Year’s post: Some banks, generally smaller or regional ones (so far) were unilaterally cancelling existing customer cards and reissuing new ones, leaving some surprised customers potentially scrambling, with cash or checks in hand, to try and pay for goods and services.
Continuing Repercussions and Liability Questions
The fallout continues apace, and promises to bring, or accelerate, changes to the card industry here in America.
Based on a recent CNBC article, customers won’t face liability for incorrect charges on credit accounts. Similarly, most debit accounts will also offer “zero liability.” However, questions arise regarding who—whether it’s the bank, Target, or industry authorities—will ultimately bear the responsibility.
The Industry’s Search for Accountability
But the search for responsibility — especially the next massive breach happens — continues. As the article notes, “The National Association of Federal Credit Unions has sent a letter to congressional leaders calling for retailers to be subject to the same standards of data security as the banking industry.
“’Credit unions and other financial institutions—not retailers and other entities—are out front protecting consumers, picking up the pieces after a data breach occurs.’”_
The industry newsletter Green Sheet commented on this matter, stating that, beyond the legal expenses, experts need to conduct a forensic investigation to identify the breach’s source. Additionally, measures are essential to address and strengthen security weaknesses.
The Role of Smaller Businesses in Data Breaches
But the article affirms that even non-Target sized businesses — like yours — have a role to play in that “shoring up:”
Quoting the head of one security firm, the article continues that while “larger businesses are diligent in reporting breaches.. that is not apparently the case with smaller companies. ‘The vast majority of small and middle-sized companies: one, may not even know that breaches have taken place; and two, many times they sweep them under the carpet.”
The article notes the potential fines that can occur from lack of reporting, along with the lack of customer trust, which Target has been wrestling with since their own breach woes.
Future Changes in Card Security
Transitioning to enhanced security measures, changes are underway to reduce the likelihood of future breaches. For instance, MasterCard is actively developing a technology to generate “disposable” customer numbers, designed for single-use transactions. This ensures that any data hackers retrieve becomes valueless to them.
To address this, the U.S. may expedite the adoption of EMV standards for their cards. Unlike the traditional magnetic strip, these cards house customer information in a chip, mirroring the system already established in Europe and other parts of the world.
Reaching Out to AVPS and Final Thoughts
We will be reporting on all these developments in the year to come. Meanwhile, right now, in the early going of this year, be sure to contact your AVPS rep if you have any questions about your customers’ security, or what your options are for expanding their payment options, including mobile processing, eChecks, prepaid cards, and more.
Remember the old saying, “don’t take any wooden nickels.” Interestingly, this phrase brings to light that even coins faced vulnerabilities in the past. Wishing you a Happy New Year, and looking forward to connecting next week!
