Customers sue Target over data breach, but the problem is with American credit cards
People worry about losing their credit card number every time they buy something online. But as Target’s massive security breach shows us, shopping at a brick and mortar store can be just as dangerous.
After all, they too are connected to the Internet.
We still don’t know exactly how the Target breach occurred. Last week, Target admitted that hackers had acquired the names, credit card numbers, and expiration dates from somewhere in the neighborhood of 40 million customer credit cards.
But in all fairness to Target, a large part of the problem comes from a nation-wide, antiquated credit card system. An Associated Press article by Jonathan Fahey called the United States “the juiciest target for hackers hunting credit card information,” and warned that things “will get worse before they get better.”
"We are using 20th century cards against 21st century hackers," says Mallory Duncan of the National Retail Federation. "The thieves have moved on but the cards have not."
When you make a credit card purchase, your sensitive information gets passed between multiple entities. There’s the store, the store’s bank, your bank, and so on. If any one of these companies has a security breach, you suffer.
Why haven’t we fixed the problem? Money, of course. All of these entities want someone else to pay the bill. “Card companies want stores to pay to better protect their internal systems,” explains Fahey. “Stores want card companies to issue more sophisticated cards. Banks want to preserve the profits they get from older processing systems.”
The U.S. is planning on moving to a chip-based system in 2015, but the system may still not be adequate. The best credit card security systems uses not only a chip but a personal identification number (PIN). The proposed US system, like the current one, uses signatures for verification, and they’re not very reliable.
Oddly, the Target disaster may help improve things. Multiple lawsuits, including large-scale class-action suits, have been filed against the large retail chain, keeping this high-profile story on the front of everyone’s mind as they do their holiday shopping.
A Mercury News article by David Hanners reports on “two separate suits filed Friday in U.S. District Court in Minnesota…for all other people who might be affected, accused the company of negligence.” One lawsuit states that “Defendants have not made efforts to directly notify individuals whose information was compromised.” The other claims that “Target failed to secure the payment information of its customers over the busy holiday shopping season.”
And that’s just in Minnesota. A CBS news article estimates that “At least five lawsuits seeking millions in damages have been filed against giant retailer Target.”
As expected, Target won’t comment on the lawsuits.
Perhaps these legal proceedings will convince everyone involved that they must be more careful with their customers’ private information. And maybe with enough lawsuits, we can see some changes. But until then, remember that any company connected to the Internet is a risk. Only you can protect your security.