Skip to main content

See also:

Target and Snowden signal deeper security risks

Neiman Marcus announced last evening that its security breach and credit card theft is much larger than originally known, reports the New York Times.

Target has been on front headlines since late December when the breach into their system was revealed and the numbers grew worse each day from 40 million card entries to 110 million customer entries. Snowden is a different separate type of security breach, but both signal a deeper issue at the core in the US and how vulnerable we are in Internet use which Snowden discussed in an Internet chat yesterday.

While Target was under scrutiny and working with the F.B.I. Neiman Marcus announced in January that it had been compromised. Neiman Marcus released a statement on its website Wednesday evening that the malware had been ‘clandestinely’ put into its system and had stolen payment data off cards used from July 16 to Oct. 30. MasterCard, Visa and Discover have told the company that about 2,400 cards used at Neiman Marcus and its Last Call outlet stores have since been used fraudulently

The malware installed on terminals in Neiman Marcus stores seems to be the same malware that infiltrated Target’s systems and exposed information from as many as 110 million customers, according to a person briefed on the investigations that spoke on the condition of anonymity and is not authorized to speak publicly about the attacks.

Neiman Marcus who owns Bergdorf Goodman will offer one year free of credit monitoring as Target has already done for its customers.

In the instances of widespread data theft at Target and Neiman Marcus, the malware was designed to hook into cash registers to monitor the credit card authorization process and steal it, according to a private report issued by iSight Partners, which is working with the Department of Homeland Security to investigate the retail attacks.

Since the attack on retailers, EMV which is Euro-MasterCard-Visa an encrypted system, is in the news regarding embedded cards with chips that are swiped into a terminal to transmit the encrypted card to the computer center.

‘EMV wouldn’t have stopped it, but it would have helped minimize the impact after the event, according,’ to Don Tait, an analyst at IHS.

The United States is one of the last countries to move toward the technology. In Europe, 81 percent of the cards have EMV chips, according to the consulting firm Celent. Countries that have adopted the technology have seen a sharp decline in credit card fraud. In Britain the amount of fraud per transaction has dropped 57 percent since 2002. Meanwhile, fraud has risen sharply in the United States, some 70 percent between 2004 and 2010, Celent information shows.

While the United States accounts for only 27 percent of the credit card transactions in the world, it is responsible for 47 percent of card fraud, according to data from the Nilson Report, a newsletter about the payment industry.

The US has remained using a magnetic strip on its cards. Visa, MasterCard and American Express have all said that American retailers need to install hardware that can read EMV cards by October 2015. Any retailers that do not, and have data stolen, will be liable for the costs of any fraud.

Although Snowden is a cyber-theft of a lone operator, both episodes clearly demonstrate that every organization relying on sensitive information from financial services and healthcare corporations to government agencies is in its own way a target (there’s that word again), states Eric Chiu, co-founder of Hy Trust, a cloud security automation company.

Please, see the articles listed below in Author's suggestions and the video atop this article on Snowden and US cyber security. Click on 'subscriber' next to my name for update to receive articles in real time.