Big credit card comprise issues at Target. Check your bank statement! (Tampa: Home Depot, discount) - Tampa Bay - Florida (FL) -Tampa - St. Petersburg - Clearwater - Page 13 - City-Data Forum

BucFan · 06-21-2014, 10:33 AM

Quote:

Originally Posted by Tamatem

Ok, so its been a bit of time since this event, has anyone heard a peep about them actually fixing the problem? I keep using cash at target, but it's rather annoying.

Didn't they fire their CEO?

Former Target CEO Greg Steinhafel Gets $15.9 Million Severance Package - TIME

bentlebee · 06-21-2014, 11:54 AM

They had another issue last week whigh had something to do with their cash registers, but they claimed it had nothing to do with happened before.

Tamatem · 06-21-2014, 12:14 PM

Quote:

Originally Posted by BucFan

Didn't they fire their CEO?

Former Target CEO Greg Steinhafel Gets $15.9 Million Severance Package - TIME

I was more looking for an announcement that there has been a change in their security teams or whatever. Firing a CEO especially when they still get their base salary, severance package and other assorted funding isn't exactly what I call fixing the problem.

Sunshinecc · 06-21-2014, 06:41 PM

Here's a couple of articles from the one of the newsletters I get:

Lack of National Security Standards for RetailersRemain Six Months After Target Data Breach Since Target’sdata breach, there has been a major data breach discovered almost every month,with breaches reported at Michaels Stores, Sally Beauty Supply, Neiman Marcus,AOL, eBay, and P.F. Chang's Chinese Bistro. Based on a recent Ponemon Institutesurvey, an estimated 47 percent of all American adults have been affected bydata breaches over the last year, with an estimated 432 million online accountsbeing affected. The latest Javelin Strategy & Research study, “2014 DataBreach Fraud Impact Report: Consumers Shoot the Messenger and Financial InstitutionsTake the Bullet,” confirms that since financial institutions are the ones thatoften notify the cardholder of the breach, they are the ones that consumersassociate with the breach, even if they were not responsible for it. NAFCU wasthe first financial trade organization to call for national data securitystandards for retailers, and it continues to push for legislative action onCapitol Hill. Credit unions and banks are already subject to such standardsunder the Gramm-Leach-Bliley Act, but retailers are not. Editors Note:The financial institutions are pushing to get Congress to pass legislation thatforces retailers to take some or even all of the financial responsibility andwith the trend of data breaches continuing to spiral it won't be long before retailersare sharing the expense. Once that happens the Loss Prevention executives willbe more involved in the process and held accountable to some degree. This couldbe a decisive moment in our industry where investigative elements of ITSecurity becomes a normal customary function and expectation in the LossPrevention pyramid. Thereby reinforcing the NRF's recent rebranding to NRFProtect. Those who are prepared will benefit and those who aren't will miss agolden opportunity. (Source businesswire.com)

[SIZE=3][/SIZE]
[SIZE=3]With the [/SIZE][SIZE=3]recent resignation[/SIZE][SIZE=3] ofTarget CEO Gregg Steinhafel, the story of the Target breach soon will probablyfade away into darkness. Target will likely implement new anti-fraud servicesand spend millions of dollars on both hardware and software. I would say itwill take a few years for customers to fully regain trust in the company, whichwill always be associated with “the big data breach” regardless that itwas a third-party vendor responsible for the data compromises. [/SIZE]
[SIZE=3][/SIZE]
[SIZE=3]Will these measures prevent it from happening again? Idon’t believe they will. This is not an article about Target; nor isTarget the latest victim in a never-ending series of attacks aimed atseparating customers from their hard-earned money. The fact of the matter is,attackers will always find their way into systems that offer a high enoughreward—they will devote the resources to make it happen. One look at the [/SIZE][SIZE=3]anatomy of the attack onTarget [/SIZE][SIZE=3]and you can see how determined the attackers are to makethings work to their advantage. [/SIZE]
[SIZE=3]With e-commercegrowing year after year, breaches like this will happen more often. The publicis aware of data breaches, yet at the moment there is little they can do toprevent them. [/SIZE]

MortonR · 06-21-2014, 07:21 PM

As an IT security professional, I can tell you that the Target breach was more an issue of them not wanting to trust what they saw from their security systems and react to it than anything else.

Target had purchased and deployed one of the most sophisticated intrusion detection systems in the market, but it was new enough to them that they didn't have the confidence to believe what it was telling them.

Credit card system security in the US is years behind the rest of the world, mainly because the retailers don't want to spend the money to update their systems. RFID and embedded chip approaches for payment cards have been in broad use throughout the world for some time with the exception of the US. These are very secure, and while they don't totally privet fraud, they reduce it significantly due to the measures that are taken for security.

Some of the most egregious flaws revolve around companies not segmenting their POS systems from the rest of the network, allowing rogue operators to gain access to POS terminals and processing servers. PCI standards dictate that these systems be segregated, but that costs money....

RM

Sunshinecc · 06-21-2014, 07:34 PM

MortonR, I'm in total agreement in what you are saying. I'm not an IT person but I work as a fraud investigator so I try to keep up with all the current reports (and, admittedly, try to understand some of it as well).

As I understand, by Oct. 2015, the US is adopting using EMV and if a retailer chooses to opt out, the liability shifts to them in the event of fraud, yes? I know my company is looking into the ROI of cost (to all the POS systems) vs. the predicted $ savings. Also, we deal with both card present and card not present issues and it is only applicable to card present so there is a constant battle fighting fraud.

MortonR · 06-22-2014, 05:44 AM

Quote:

Originally Posted by Sunshinecc

MortonR, I'm in total agreement in what you are saying. I'm not an IT person but I work as a fraud investigator so I try to keep up with all the current reports (and, admittedly, try to understand some of it as well).

As I understand, by Oct. 2015, the US is adopting using EMV and if a retailer chooses to opt out, the liability shifts to them in the event of fraud, yes? I know my company is looking into the ROI of cost (to all the POS systems) vs. the predicted $ savings. Also, we deal with both card present and card not present issues and it is only applicable to card present so there is a constant battle fighting fraud.

That is correct. This has been part of the problem that has slowed acceptance of more secure POS systems in the US. The retail industry has a very strong lobby, and they have used it to ry and keep the banks and processors from adopting the newer technologies, mainly because it will shift much of the liability to the retailer.

They have used RFID and related technologies in Europe for a some years now, and have a fraction of the fraud we see here in the US. I used to work in western Europe regularly in the 90s and was surprised by the systems they had in place at that time (and that was almost 20 years ago!)

As for systems security, a lot of companies don't want to invest the time and money necessary to protect their assets and systems, as silly as that may sound. Sadly, they're ready to part with some serious coin the minute they get compromised. By then it's too late.

PCI compliance goes a long way to help those who process payments, but again, if they don't adopt the principles 100% it doesn't do the job.

Believe me, there were a lot of us who saw this coming, and Target won't be the last.

RM

Sunshinecc · 06-22-2014, 06:28 AM

This will be very interesting to see how the retail industry adopts (or doesn't) this push in 2015. My company takes data breaches very seriously which, of course, is completely separate from fraud. We also are moving towards a policy of enforcing data encryption for all PII, not just credit card info. But...we are also a franchised company so the franchisees can have a say in adding this security to the POS systems.

My point is, there are so many different business models that I can see there will be a huge inconsistency in how we (industry) react.

I agree, Target is just the beginning. The fear before with using your credit card somewhere was simply that it would get compromised and used fraudulently but you always knew you were protected through your bank. Now, the fear has escalated that if there is a data breach, all of your information could be compromised resulting in identity theft which I hear is an utter nightmare to fight. I'm at the point where I don't want to use my credit card anywhere.

EngGirl · 06-23-2014, 07:04 AM

Lessen learned - DO NOT used your debit card at the retailers

bentlebee · 06-23-2014, 07:52 AM

Quote:

Originally Posted by EngGirl

Lessen learned - DO NOT used your debit card at the retailers

Credit cards are ok...I got all the money back.