The holiday season can be a frustrating time on numerous levels, thanks to the crowds, stress of shopping and myriad other factors that may make the new year seem like a relief once it arrives. But just as shoppers are purchasing goods with greater frequency and bigger budgets than any other time of the year, some thieves may also be searching for any crack in security to steal consumer data for their own use. Considering the number of transactions occurring throughout the months of November and December, it's possible that customers and businesses alike might miss unauthorized purchases until it's too late.
One big Target of data theft
Although Target recently noticed that hackers had accessed customer payment data, it only recognized this breach nearly three weeks after it happened. Between Nov. 27 and Dec. 15, 40 million credit and debit card accounts may have been exposed to fraudsters. While the retailer reports that it is working with law enforcement and financial institutions to resolve the issue, the full impact of the incident has yet to be realized and it may take some time before details fully become available.
"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," said Gregg Steinhafel, chairman, president and chief executive officer at Target.
One among many major breaches
Krebs on Security noted that the breach only appears to have affected Target's brick-and-mortar shoppers. The blog highlighted that intercepted PIN data could allow the thieves to recreate debit cards and withdraw cash straight from ATMs. Based on the amount of information stolen, this may also be one of the biggest breaches ever, although retailer TJX had data on 45 million cards stolen in 2007, and Heartland Payment Systems experienced an incident that led to data theft on 130 million cards.
"The breach window is definitely expanding," one anonymous anti-fraud analyst at a top ten U.S. bank card issuer told Krebs on Security. "We can't say for sure that all stores were impacted, but we do see customers all over the U.S. that were victimized."
Achieving tighter security
In light of this incident, businesses and consumers alike should take more care with their data and how they manage payments. For most individuals, this may require paying more attention to financial statements and using cash where possible. For organizations however, this could mean implementing more stringent security protocols that won't otherwise impede the flow of business.
Moving toward multi-factor authentication or mobile payments can minimize some of the data breaches that businesses experience, particularly if those organizations have less contact with and better encryption of customer financial information. While security remains critical to retail and most other industries, it is rarely the focus of their organizations and they may be better off enlisting the aid of companies that emphasize financial safeguards and improved authentication methods.
By working with third-party firms to bring together financial institutions and businesses, organizations can implement triple-blind security measures that enable easy mobile payments that don't let any one group see every part of a transaction, but that still enable sales and other services without a problem. Thus, when hackers break into a company's files, there isn't enough data available to commit data theft or other forms of fraud. As the Target incident showcases, some form of better security is already necessary, and will likely be even more important moving forward.