22 Dec The 2013 Target Breach/Heist
2013, Black Friday – The second-largest credit card data breach in the history of the United Sates resulted the compromise of over 40 million customer’s credit card information. Any customers who made purchases by swiping a debit or credit card at Target between Nov. 27 to Dec. 28in the United States could have their card data stolen.
This included customer names, credit/debit card numbers, expiration dates and CVV codes. The stolen data is everything needed to make online payments.
“Annual losses from global credit and debit card fraud are on the rise. Last year, it reached $11.27 billion, up 11.4% from the previous year, according to The Nilson Report, which tracks global payments.” – USA Today
How did this happen?
KBW analyst Sanjay Sakhrani stated that the breach had nothing to do with their acquiring/processing partners. It’s likely that this was because of weak credit/debit card security – the use of magnetic strip swipe payments.
The magnetic strip uses the same technology as cassette tapes, making it very vulnerable to data theft.
Had Target used EMV Compliant Chip & PIN it’s likely that their customers could have been safer from credit card fraud. These digital chips generate a unique code every time they are used which makes it difficult for criminals to steal your information.
Additionally, Target may have been storing credit card data in a non-compliant format with the Payment Card Industry Data Security Standard (PCI-DSS).
Target is now facing a class action lawsuit, unhappy customers (who potentially will never shop at target again), a drop stock-prices and lower store traffic.
Is weak security worth the risk?
We don’t believe it is. Companies should work had to avoid breaches at all costs, maintain updated PCI Compliance standards.
Kubera has a team of security experts on hand to help your business avoid fraud stories like these. Contact us for more.