Expanding Target Breach Shows Need for Highly Secure Payment Systems
NEWS ANALYSIS: It's clear from the expanding scale of the Target data breach that highly secure systems are needed as quickly as possible for payment methods of all types.The longer the revelations continue about the data breach at Target, the worse the news gets. The news was bad enough when the word was that hackers had managed to extract the magnetic stripe data from Target's point-of-sale (POS) terminals, allowing them to sell credit card information and even make counterfeit credit cards. But since then, the number of affected customers has vastly grown. Now, the breach appears to be much worse than Target originally disclosed. Besides the 40 million or so customers affected originally, it now appears that the total may be as high as 70 million to 110 million customers. And the amount of data that was stolen has also grown. In addition to the mag stripe data, some PIN numbers were stolen. It also appears that complete customer records, including names, addresses, phone numbers and even email addresses, were sucked out of Target's customer relationship management database. The announcement on Jan. 10 that the hackers also penetrated Target's CRM database means that they have nearly everything they need to create a fictitious identity, including financial information, of a very large number of Target customers. It's unclear just how much worse this can get, but there's probably more to come. With these events, there always seems to be something else.
The problem with the new Target revelations is that it's hard to see how anyone could protect themselves against such a breach, other than by never buying anything at Target. The mag stripe data theft could have been prevented through the use of EMV-equipped credit cards, which would have prevented the creation of counterfeit cards. But EMV (Europay, Mastercard, Visa) won't prevent the theft of basic data from the CRM system.