Ripples of the Target breach extend to multiple shores
January 16, 2014

In light of the recent Target security breach, many consumers and businesses alike are worried about what may happen to their data. Artificial spending limitations have been imposed on some cards to minimize the damage from unauthorized purchases, numerous financial institutions posted messages on their websites to let members know that they're aware of the issue and new cards are also being issued to mitigate the problem. 

But while anyone who shopped at Target between Nov. 27 and Dec. 15 could be at risk of fraud, those who may be the most vulnerable are individuals whose credit and debit cards were issued by non-U.S. banks, KrebsonSecurity recently reported. 

The local fraudster
The blog noted that on certain sites selling the cards, the mention of a payment card's ZIP code could be particularly key, as fraudsters can purchase data on a local account and then duplicate its magnetic strip to buy nearby items. This causes a delay between when financial institutions notice the unauthorized transactions and when they actually act on them, as the sales look superficially legitimate. As many individuals involved in the use of the stolen information live around the world, a card issued in their own country, or even immediate area, can be immensely valuable. 

While factors such as the expiration date of a card, the issuing bank and the type of card it is (credit or debit) all influence the stolen information's price on the market, the blog noted that accounts from certain regions can fetch particularly high prices. Cards from the United Arab Emirates, South Korea and Singapore all demand top dollar due to their relative scarcity on the market and their value to fraudsters in those countries. Prices can range from just a few dozen dollars to more than a hundred, but with some markets possessing hundreds of thousands of account details, even these seemingly small prices can draw in a considerable amount of profit for the thieves. 

Continued trouble with data theft
The problem with fraudsters using cards within their typical region highlights some of the issues involving current payment methods. Although financial institutions can block purchases originating in suspicious regions, this preventative practice grows less useful when fraudsters limit their activities to areas where a stolen card might reasonably be used. Because of this, businesses and consumers alike should seek out more effective means of preventing card or identity theft. The proliferation of smartphones and the push from certain segments for mobile payments are making this more of a reality by the day, and they may reduce the reliance on payment cards, or at least enhance their security by enabling multi-factor authentication or other measures. 

The recent Target breach also conveys the need for greater consumer privacy, as the release of complete card data helps fraudsters commit their crimes. Additional verification layers and encryption practices may be key to avoiding similar incidents in the future, which is why businesses should investigate their options for alternative, more secure payment methods. 

Regardless, the theft of customer data from Target reveals the continued need for businesses and consumers to take extra care with their private details. Cash minimizes some problems, but in an increasingly online or otherwise electronic world, physical currency has substantial limitations. Furthermore, even brick-and-mortar stores are vulnerable to some of the issues that e-commerce platforms experience – and in the case of Target, only those shoppers buying goods from physical locations were affected. Since consumers can only do so much under these circumstances, organizations should focus on improving their security to avoid those events in the future.