Target’s Account Hack highlights Weak Card Security Systems

AMA12-22-13Even if you aren’t one of the 40 million debit and credit card holders burned by the recent hack into the databanks of giant retailer Target, you may still be at risk for having your account information hijacked, thanks to weaknesses in the way credit card data is captured at the point of sale.

Target’s data swipe happened on Black Friday – the annual post Thanksgiving retail-athon that puts millions of credit and debit cards to work nationwide. It involved cards from a variety of issuers – banks, credit unions and other institutions – and included data such as customer names, card numbers, expiration dates and security codes. That information can be used to make purchases on the account or to generate bogus cards.

According to the Consumer Financial Protection Bureau, Target may have been partially responsible for the problem. Although no one knows yet exactly how the data hack happened, or who was responsible, security professionals believe that the hackers were able to get access to point-of-sale data – the information read from a card swiped through a card reader upon checkout – -and were able to intercept it on its way to Target’s databases.

The problem points up a basic flaw in how card data is managed, say security experts. Not all retailers use sophisticated encryption technology, and it’s all too easy for hackers to collect data from unsecured point of sale terminals and credit card readers.

That suggests, say representatives of he CFPB and other digital security experts, that Target may not have taken enough steps to protect information carried on cards—including encryption measures. And although Target began notifying affected customers fairly quickly, it didn’t announce the incident until several days after it occurred.

Card issuers, including major banks Bank of America, JP Morgan Chase and numerous regional banks and credit union, moved to assure customers that their accounts were protected. Measures included limiting ATM withdrawals and imposing purchase limits on cards involved in the incident.

But those measures aside, representatives of the CFPB remind consumers that it’s largely their own responsibility to ensure the safety of their accounts. They advise cardholders – whether they’ve shopped at Target or not – to carefully monitor all receipts and account activity, and report discrepancies to card issuers.

If there’s any suspicion of a breach, experts advise getting a replacement card and changing PINs and passwords immediately. Changing passwords frequently is a good idea even if there’s no question of a break-in – and it’s wise to choose passwords that aren’t obvious or commonplace.

Target and the card issuers involved say they’re taking steps to protect consumers and make sure that data thefts like this never happen again. But even so, smart consumers need to stay aware and in charge of their financial affairs, as Jason Hartman recommends – and keep a careful watch on accounts not just this holiday season but all year round. (Top image:Flickr/ Cooperweb)

The American Monetary Association is the source for financial and monetary policy you can use. Read more from our archives:

The Ven: A New Challenge to Mainstream Money

Is There a Bitcoin Backlash?


Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks