This week, 60 Minutes correspondent Bill Whitaker deemed 2014 “the year of the data breach” – and for good reason:
“The theft of 40 million credit cards from Target late last year was followed by news of a breach at Michaels stores involving more than two million credit cards. Then came P.F. Chang’s. And in September, Home Depot announced that 56 million of its customers’ credit card numbers were stolen,” he reported.
Whitaker dug into the tough questions around this year’s retail breaches with top experts to find out what’s causing the explosion in retail breaches, who’s behind them and how these breaches affect government, banks, retailers and consumers.
What’s causing breaches?
Mallory Duncan, who represented The National Retail Federation, shared the underlying problem leading to these retail breaches: outdated magnetic stripe credit cards.
“We have cards that were designed for the 1960s, ‘70s and ‘80s, but we now have hackers who are using 21st century tools to break in,” Duncan shared with Whitaker. In Payments 101: An Intro to Payment Security and Transaction Trends, CSID explains that the majority of consumers in the United States use magnetic stripe cards, which are capable of storing and transferring data within a magnetic stripe. This is the least secure kind of credit card, as you don’t need a PIN to process a transaction.
Who’s behind these breaches?
Whitaker explained that there are two kinds of criminals with separate motives involved in this kind of breach: the “sophisticated cyber thieves [who] steal your credit card information” and the “common criminals [who] buy it and go on shopping sprees – racking up billions of dollars in fraudulent purchases.” After the sophisticated cyber thief steals a “dump” or a big batch of credit card numbers, they will sell it to the common criminals online, Whitaker reports. He shares that many of the cyber criminal “masterminds behind the hacking and selling of stolen card data are sophisticated crime syndicates. Most are in Russia and Eastern Europe – primarily Ukraine – and out of the easy reach of American law enforcement.”
How do breaches affect others?
Out of all the players involved, including the retailers, banks and consumers, “the banks are the victims who are actually paying for the breaches, rather than the retailers that have had the information compromised,” said Barry Abramowitz, chief information officer for Liberty Bank in Connecticut. They are the ones that are stuck with the cost to replace millions of cards and monitor customer accounts for fraudulent activity.
Interested in hearing the whole story? Head over to CBS News to watch the 60 Minutes episode and let us know your thoughts on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.