The recent data breach that targeted Target has many consumers concerned about sharing their personal information, and rightly so. The holiday hacking is reported to have endangered the data of more than 100 million Target customers. Not only were credit and debit card numbers compromised, their encrypted PIN numbers were as well. Though the original hackers have yet to be found, two people were arrested with 96 fake credit cards linked to the Target breach in McAllen, Texas. The theory is that the hackers are now selling local data to other criminals who then create and use counterfeit cards.
According to an NBC News investigation, an iSight report about the data breach reveals that a type of malware was placed into Target's point of sale system where it was able to capture encrypted credit card data during the authorization stage when the data was in an unencrypted state. This type of breach is reportedly new and likely to be attempted again due to its low risk and big payoff to cybercriminals.
Many financial institutions have taken proactive measures by issuing new credit and debit cards to their customers. For example, USAA Bank uses sophisticated software to monitor accounts for suspicious activity along with a "zero liability policy" that protects account holders from unauthorized purchases. For accounts that USAA has determined are at risk, new debit and credit cards have been issued.
Retailers are also concerned. After all, if it could happen to a retail giant such as Target, it could happen to virtually any retailer with an electronic POS system. The United States has yet to adopt the more secure EMV cards which are widely used in Europe. EMV cards contain embedded microprocessors that provide much stronger security than traditional magnetic strip cards.
According to Smart Card Alliance, EMV reduces card fraud "resulting from counterfeit, lost and stolen cards." It also "... supports enhanced cardholder verification methods and, unlike magnetic stripe cards, EMV payment cards can also be used to secure online payment transactions." EMV cards are also nearly impossible to counterfeit and use, unlike magnetic stripe cards.
While EMV cards have enhanced security features, they're not widely available in the United States which is one of the last countries to adopt the EMV standard. Another option retailers have is to use stronger data encryption technologies.
For example, SAP data encryption solutions are available for encrypting, archiving, masking, and purging sensitive data such as credit card data, Social Security numbers, and other sensitive electronic data. Data masking of live data is ideal for working with critical information in real time without revealing the actual data. Data masking could be used when accessing Personally Identifiable Information (PII), Protected Health Information (PHI), Social Security numbers, and credit and debit card numbers.
Cybercriminals pulled a major heist against a retail giant. The Target breach has retailers, financial institutions, and consumers alike concerned about the integrity of personal and financial information. The breach is also a wakeup call that security needs to be prioritized and strengthened ASAP.
James Hadley is a professional business consultant specializing in information technology. Sources collected for this article can be found at http://www.dolphin-corp.com/information-lifecycle-management/sap-data-security-management.