60 Minutes dove into the underworld of credit card scamming on a recent episode before Black Friday and Cyber Monday, two of the biggest sales days of the year for US retailers. The CBS program covered the massive Target data breach that occurred this time last year - and how security experts and retailers alike are finding it more and more difficult to protect themselves from a cyberattack. We've pulled someone interesting quotes and tidbits from the segment, but highly recommend watching the entire piece. (It’s here.)
Dave DeWalt: “Most of the large companies are growing their security spend. Yet 97 percent - literally 97 percent of all companies - are getting breached.”
DeWalt is the CEO of FireEye, one of the biggest cybersecurity firms in the world. Their systems alerted Target about the data breach as it was occurring, yet the retailer did nothing. He went on to explain how persistent these hackers are, attacking 24 hours a day and that an average breach lasts 229 days.
Brian Krebs: In the case of Target they stole 40 million cards. But you know how many cards they managed to sell? About five percent of those.
Krebs, a renowned security expert who broke news of the Target, Home Depot, and Neiman Marcus data breaches, says that these cards are sold for between $10 and $50, depending on the card, credit limit, location, and other factors.
Barry Abramowitz: The banks are the victims who are actually paying for the breaches, rather than the retailers that have had the information compromised.
Hell must have frozen over if we live in a world where the financial institutions are the "victims." Banks could have avoided dealing with this if they had been a bit more proactive with adopting EMV and chip-and-pin technology.
Of course, now that the customers are outraged over fraudulent charges, card issuers have been pushing out chip-enabled cards more and more (it doesn't hurt that the financial liability is switching from the banks to the retailers in October 2015, as long as banks get those chip-and-PIN cards out). That being said, once that happens, fraudsters will move to online transactions, which are even easier to hack without the proper security.
Linda Swartz: "It's inevitable. We feel like we're just kind of sitting and waiting for it to happen. There's not a lot we can do to stop it."
Wow. A pretty scary statement from Swartz, who's the head of security for Westfield Bank in Massachusetts. Cyberhacking will continue to be a problem, though the future looks hopeful - retailers are focusing their efforts towards educating both customers and their employees about early warning signs.