12/3/14 Saline Patch, author Beth Dalbey
Data breaches “could get ugly” during the holidays, and retailers are woefully underprepared to defend their customers against cyber attacks, security experts warn.
Last year, cyber criminals stole credit card and personal information for up to 110 million customers of Minneapolis-based Target in a massive security breach that began on Black Friday and continued through Dec. 15.
Problem solved? Not exactly, the San Jose Mercury News reports.
“Compared to two years ago, I would say that not much has changed except the urgency by the criminals,” said Martin Ferenczi, president of North American operations for Oberthur Technologies, a digital security company.
The newspaper cited a study by BitSight Technologies, a Cambridge, MA-based security firm that analyzed the risk of breach at 300 large retail companies and found that 58 percent are less secure than they were a year ago.
The reasons? There’s little cyber-security expertise in board rooms; retailers can’t find the cash to invest in protection systems; and they’re playing catch-up trying to stay ahead of tech-savvy criminals.
Since the sweeping Target breach, there have been at least 20 public data breaches, the newspaper said. Though retailers have beefed up their networks to protect their customers data, thieves have become stealthier, smarter and more efficient hackers, the newspaper said.
“It’s definitely going up,” John Kipp, chief operating officer for the cyber risk security company Sera-Brynn said. “We’ve already eclipsed last year in terms of data breaches, and the holidays haven’t arrived yet. I think it’s going to get ugly.”
At the same time, some retailers have lowered their safeguards to avoid processing delays during the busy holiday shopping season.
“It’s the perfect time to get boatloads of credit cards in one shot,” Kipp said. “The holiday season is a wonderful time for criminals.”
To protect themselves from retail hacks, experts advise consumers to use cash or prepaid cards instead of credit and debit cards. Also, make financial transactions only on encrypted websites beginning with “https,” and avoid making online transactions on public wi-fi.
Forbes offers additional advice:
- Set one day a week to monitor your credit card statements;
- Sign up for real-time alerts for purchases deemed “unusual;”
- Keep your private information private and avoid disclosing too much to unsolicited callers;
- Routinely change passwords and make them strong;
- Subscribe to an identity protection service that will keep tabs on your Social Security number, credit card transactions and other data.
