In the past few days it has been revealed that not only Target was hit with security breaches that allowed millions of names, account information, e-mails and pin numbers to be gathered and repackaged for sale to fraudulent use (now at 110 million and counting), but that Neiman Marcus was hit before Christmas as well (40 million and counting), and at least three other retailers who, while apparently not hit as hard, have chosen to remain anonymous.
It is time, as consumers, to take action to protect you. The possibility of this kind of information theft was has been tracked by people specializing in internet security and was a big enough problem for VISA to issue an alert to merchants in April of 2013 and again in August 2013. They had noticed an increase in network "intrusions" in grocery stores since January of 2013. The same kind of intrusion allowed so much information to be taken from Target and others.
Various news reports and internet security experts are saying the kind of breach suffered by Target and Neiman Marcus was very well organized, was methodical in nature and likely was put in place 8 months to a year in advance while the thieves waited for the right time to make the biggest gain. Most likely they used smaller trial runs to make sure their systems worked before stealing the information at unprecedented speed.
Why did this happen? The information coming out seems to indicate that it is because the United States and our card providers are at least a decade behind in security for our plastic. Most of Europe uses EMV or "chip embedded" and pin cards where the magnetic strip is replaced by a chip that is much harder to counterfeit. This technology has been around since the late 1980's but become common around the world starting in about 2004. But why not here?
Some security analysts estimate that changing all the cards to a chip embedded card would take about 5 years and cost about a billion dollars. Those same analysts estimate that the going rate for stolen card data is about $80 per card –figuring on the initial reports by Target of 70 million accounts, that equals a payday of almost 6 BILLION dollars-and that doesn't count what the people purchasing the card information will steal with that information. The amounts are staggering! One thing is clear- with that kind of potential loss for banking institutions and retail merchants- the 1 billion dollar cost to replace the card with something more secure is an absolute no-brainer.
Analysts are also predicting that this kind of breach will continue to happen during the coming year. It's sort of like speeding, when you get away with it-it is more tempting to repeat the practice. ... until you finally get caught. While financial services have been targeted in the past, industry experts are expecting to see the focus shifting to retail this year.
To be fair, some US banks are slowly beginning to "chip and pin" their customer cards- mostly credit cards. Some are linking card use with a phone app that alerts you that the card is being used and requires you to use a pin and approve the transaction on your phone. While that sounds like a pain in the neck in our hurried lives, it seems like cheap insurance to protect your hard earned money.
What can you do? Take a serious look at your spending habits and see where you might be able to replace your card use with cash. I am going to take the cards out of my wallet today (except for the one I hide for emergencies when I travel). I am going to make lists of what I need to buy and take cash out of my account and not spend more than that amount. I am not going to let thieves get my information...or my money.
What about writing of checks? Keep in mind that many merchants run your check through their register system and convert it to an electronic format, capturing much of that same information about you that is attractive and available to thieves.
I am also going to call my bank and ask when they are going to replace my cards with chip embedded cards- or something even more secure. I am letting them know that I will not be using their card again until I am assured that it is safe to do so. I am going to put that sentiment in a letter and send to the bank CEO's and Board of Directors. As consumers WE have the power to effect change- but only when we do things together. I am reminded that most times when banks have threatened to raise or add ATM fees, public outcry has stopped that in its tracks.
Finally, I am taking all my financial information off all the websites where I do business. I know that this is an area we haven't heard about breaches of security...yet. I'm not taking the chance. It takes me longer to purchase something online but I now believe the time I am investing is more than worth the inconvenience.
We need change in this country when it comes to protecting our financial information through the use of electronic means, whether it is credit and debit cards or checks converted to electronic funds transfer at the cash register. In order for that change to come now- we have to use the power of our consumer dollars to create it.