It is quite common for people to worry about the dangers of using their credit card to shop online or being conned into falling for phishing scams on the internet.
However, there never seems to be any concern when you’re standing in a store and hand over your credit card to the check-out chick to pay for your purchases.
The scary thing is you should be concerned. It has recently been revealed that US Target (not affiliated to the Australian Target stores owned by Wesfarmers) has been targeted (excuse the pun) by cyber criminals that have accessed as many as 70 million credit and debit card accounts used at physical Target stores in the US between November 27 and December 15.
The funny thing is that if you shopped at Target’s website during that time, you’re personal information and credit card details are safe and sound.
According to the Krebs on Security website, card issuers are seeing signs of fraud all over the US and this is just the beginning. Usually cyber-crimes involve hacking into a company’s server and stealing the customer database. However, according to the Wall Street Journal, Target has become a victim of theft by thieves that may have tampered with the payment terminals used in store.
While it is not known how thieves could have tampered with payment terminals and Target’s POS system (the software the company uses to carry out transactions at the cash register) on such large scale, they have gained access to customer names and their credit card details including the expiration dates and CVV security codes.
This is not the work of one lone teenager hacker; it is a highly organised band of cyber criminals who would have planned it well in advance to make sure they reaped the rewards of the busiest shopping season of the year.
According to Seculert, hackers used a virtual private server located in Russia to download the stolen data up to two weeks after attack. This commercialisation of cyber attacks is a problem that is a lot more serious and larger than it appears with experts suggesting that the data hacked may be sold on underground forums for as little a few dollars per sale.
While Target has advised customers who shopped at its stores in the designated time frame that they may have been affected by this cyber-attack, according to the www.go-gulf.com, in general, only 10% of cyber victims are able to recover fraudulently received funds.
During mid-December 2013, Neiman Marcus has also been identified as having had a financial data breach, with an increasing number of fraudulent credit and debit card charges being made that have been traced back to the brick-and-mortar high end retail chain of department stores.
Neiman Marcus spokespeople have chosen not to reveal any specific details but have admitted to the breach and are currently working with the US Secret Service, the credit card companies and leading investigations, intelligence and risk management firms to investigate the breach. While it has been stated that there is no direct link to Target, as the investigation unravels, it would be surprising if the two huge department giants weren’t linked in the same cyber scandal.
Meanwhile, Target has been offering customers one year of free credit monitoring, to assist customers in protecting themselves from identity theft and unauthorised charges to their debit or credit cards. It is nice to know in this day and age where retail globally has been said to have dwindling customer service, Target are trying to make amends for the security breach.
It will be interesting to follow the investigations as Target and Neiman Marcus dig deeper for answers. As CNN legal analyst Paul Callan recently pointed out, “The numbers could be staggering, really, because what the retailers are looking at are potential class action lawsuits”.
I sincerely hope these retail giants are prepared for the backlash. In the meantime, I urge you to be very cautious about handing over your credit card details, whether it is online or in store.
Fi Bendall is the managing director of Bendalls Group, a team of highly trained digital specialists, i-media subject matter experts and developers.