Target - the largest credit card breach in history.

Posted by Pat Phelan on January 10, 2014

This is getting pretty unbelievable. What started as a holiday season news story is quickly turning into the worst data and security breach in retail history as more and more information comes out.

It's now been announced by Target that the credit card breach has affected 70-110 million customers

http://www.nytimes.com/2014/01/11/business/target-breach-affected-70-million-customers.html

Imagine what that actually means - upwards of 100 million credit cards all free in the wild and able to purchase online by any one with a basic level of fraud ability. Existing security features are not going to be able to cope with the volume, level and sophistication of some of these fraudsters.

The real interesting piece to this story is that this information was stolen between Nov. 27 and mid-December, its now almost 2 months later and it looks as if most of these cards are out in the wild. Target's attempt to protect its own reputation had left hundreds of thousands of online merchants vulnerable to attack.

In one of the most bizarre moves today Target offered personal credit monitoring to its customers, this is of no use whatsoever, the customers relationship is with their credit card issuers and they are fully protected by this.

https://corporate.target.com/discover/article/Target-to-offer-free-credit-monitoring-to-all-gues

What are Target doing about the merchants who will lose real money on goods purchased online with these stolen credit card numbers? Who will compensate them when the fraud becomes apparent? Who will suffer the full brunt of Target's failure?

The increasing volume of attempts make it impossible for merchants to manually screen each and every transaction. At Trustev, we're already seeing inflated fraud attempts from our global merchants but especially with our USA based customers. Many of these attempts are coming from behind fake IP and other forged credentials which in normal cases would be accepted on the basis of the payment method (in this case, the stolen card numbers) being valid. Fortunately for Trustev's customers our platform looks beyond this and works to identity the person making the transaction, weeding out this type of fraud. Our solution sits ahead of the checkout monitoring what's going on, stopping the fraud before the card details are even entered.

Metrics2

Some recent sample figures

 

 

Topics: fraud, Identity