Target Data Breach Pushing Retailers To Tighten Up
The holiday season attack on up to 110 million credit card customers' identities sounded the alarms from bank and department store boardrooms to family kitchens.
As the investigation deepened in January, the attack placed a particular spotlight on retailers who issue their own cards and their customers' data. The customers most seriously affected held cards issued by retailers since those cards include more personal information.
You can expect retailers soon to develop the same data protections many banks already employ in the ever-evolving world of financial data security.
Serious as the data breach was, relatively few customers whose identities were breached are likely to see any effect. Even so, every customer should pay close attention to daily online bank reports. The dwindling number of paper-only customers must check their mail right away as people must report fraud to the bank within 60 days of its appearance on the account.
Once news of the data breach came out, banks acted instantly, notifying customers and in many cases reissuing cards
Still, there is no room for complacency.
Credit card companies require encryption. This means customers' personal identification numbers, or PINs, are supposed to be encrypted, or converted into a code or form that cannot readily be understood by unauthorized people.
MasterCard and Visa require this for member banks such as ours. In addition, most banks employ an extra defense of data at rest encryption, which prevents captured data from being read and used. This defense is critical for any card issuer.
Smart banks use monitoring alerts. To protect their customers, they retain services that scan the Internet for attempts to phish—or flush out financial or other confidential information from Internet users. These services start by crawling the Internet like a minesweeper for efforts to tease out your bank's bank identification number, or BIN, generally the first six numbers on your credit card.
Criminals will crawl through the Internet in efforts to buy and sell complete credit or debit card magnetic strip information. When the phishing is discovered, the customer is notified, the account is blocked, and a new card is issued.