Target's name has become even more apropos, given that over the course of the past several months 40 to 70 million of their Target Stores' cardholders have had their personal information compromised in an account information data breach of massive proportion. In December of 2013, Target announced that the data breach included all customers who used debit or credit cards at any of the store's physical locations within the first three weeks of the holiday season. The information contained customer names, card numbers, card verification data and expiration dates.
The ripple effects of the Target breaches (plural) were evident in the decision of banks like Citibank to reissue all debit cards that may have been compromised in the breach. Target Stores is hardly alone in this; the Nielson Report estimates 2012 losses in U.S. Merchants and Banks' credit card fraud at $11.3 billion. While retailers and banks scramble to do damage control, one blogger posed a highly shrewd question: why do retailers refuse to participate in cooperative security groups (ISACs or Information Sharing and Analysis Centers) the way other industries do?
But it's not just a matter of the prevailing business model of retailers that this breach is shaking up, it's also an issue of how banks evaluate the cost-benefit of credit card fraud. According to Richard Sullivan, senior economist at the Federal Reserve Bank of Kansas City, banks generally consider it cheaper banks to absorb the cost of fraud (up to a certain point) than generating and distributing new cards (i.e., with chip technology or other stronger fraud preventative capabilities) and have lagged behind incorporating these types of measure against the recurring menace of credit card fraud... until now. The Smart Card Alliance estimates that 1.5 billion smart cards are in use worldwide - but few of those are in the U.S. In fact, the Aite Group estimates only 14% of payment terminals in the U.S. are capable of reading a smart card when one is presented. Over the next two years, the financial and retail sectors are mandating that banks issue chip cards (by October 2014) and by that time the following year, retailers are expected to install equipment to read them.
However these measures are not expected to create a fool-proof security program for credit card fraud prevention, especially since these cards will not be the strongest defense against cloning - chip and PIN cards. For this reason, the wisest retailers might also institute a program of training their staff to do a drivers license check at each point-of-sale site. Unlike magnetic strip debit cards which can be easily faked, ID Checking Guides can allow retail employees to accurately verify the authenticity of ID using images and identification details.
For more information about retail fraud prevention, visit https://www.driverslicenseguide.com/retail.html.
What can stores do?
One real-life scenario is that of the owner of chain of mall stores that repeatedly got hit with charge-backs from accepting stolen credit cards and card numbers. Once the employees were trained in fake ID detection and also trained to consistently check ID (including signatures and holograms), the number of charge-backs declined. Their training was further enhanced by training on the identification details in their state and immediately surrounding states. Not only is this type of training helpful with credit cards it is also helpful in "how to prevent check fraud" trainings. The ID Checking Guide is the definitive, low cost, first line of defense for retailers wishing to avoid falling prey to credit and debit card fraud.
Recently, two suspects were detained after using information from cards stolen in the Target data breach to buy tens of thousands of dollars' worth of goods from local stores. So, the question is, did anyone check their ID?
The author of this article has worked in the IT security industry for a number of years and has gathered from a variety of sources including http://online.wsj.com/news/articles/SB10001424052702304027204579332990728181278 to write this article. Feel free to connect with her over at Google+.