According to Experian’s 2015 Data Breach Industry Forecast, the risk of companies experiencing a data breach is higher than ever with almost half of organizations surveyed suffering at least one security incident in the last 12 months. Cybercrime continues to reach an epidemic status and every consumer is keenly aware that they could be next. Living with the fear of the unknown is not fun, but being an actual victim of a breach is like being thrust into the center of a crime ring (who is buying $10,000 worth of electronics on my card from Nigeria??). Panic mode sets in and then come the questions: Will it happen again? How bad will it be next time? And what can I do to prevent this?
Unfortunately, there aren’t any measures that consumers can take to prevent these large-scale breaches – in other words, cardholders are stuck in the cycle of being reactive rather than proactive. Ultimately, it is the responsibility of the retailer, the issuer and the payment processor to keep card data secure.
Security expert Brian Krebs recently posted an article addressing the most common ways cardholders’ accounts can be compromised. Here are the top three types of card fraud:
- Hacked merchant and retailer POS systems
The most common type of fraud, often powered by malware that is remotely installed within the POS system. Hackers take card information to produce counterfeit cards that can be used in big box stores or sold for cash.
- Processor breach
A network compromise at a company that processes transactions between credit card issuing banks and merchant banks. Large volumes of cards can be stolen in a short amount of time, and it is difficult for banks to trace this type of fraud.
- Hacked POS service company/vendor
The vendor providing the point-of-sale devices to the merchant are hacked. This fraud is usually localized to a specific town or geographic region served by the vendor.
Perhaps the only good news for cardholders about these data breaches is the awareness they bring, which hopefully will spur security changes. Recent high profile data breaches at the Home Depot, JPMorgan and Sony Pictures have helped to increase the momentum in efforts on Capitol Hill to pass a federal data breach bill that would require breached companies to notify their customers within a set time period that their information has been exposed – and creating nationwide data security standards for companies.
At Bluefin, we agree that prevention is the key to keeping cardholder data secure. That’s why we became the first North American PCI-validated provider of a point-to-point encryption (P2PE) solution last March. P2PE is designed to encrypt card data at the point of entry (the card device) so that it is not “in the clear” in the device or in the merchant’s network.
Just think how useless a breach would be to a fraudster if they broke into a system and found no card data to steal? And while many merchants, retailers, processors and issuers agree that encrypting POS card data is just important as EMV (if not more important) we all still have a long way to go before these security technologies are actually implemented. In the meantime, it will still be a wait and see game for consumers – which means yes, continue to check those card statements every week.