The Problem: Up to 40 Million Credit Cards were compromised via a trail of badly made Information Security choices at Target last year, and that was only a single report. Now these events are on the news nearly every day, leading some experts to have to say that ‘A Breach Notification is not a Public Relations Stunt’, despite the fact that several companies since have used a false breach as a ploy to gain followers and coverage on Twitter.
A “Breach” occurs when an entity gains unauthorized access to something else. This can take many forms, but in Security this can mean either unauthorized physical access to the premises, unauthorized local access to computer hardware, or unauthorized remote access to secured information. This particular breach occurred with Point-of-Sale systems, when the customers are paying for their purchases.
The Solution: When a person is motivated enough, they are capable of doing just about anything. Additionally, new exploits are discovered every single day, making it very difficult for any organization to make sure that every single base is covered all the time- note, not impossible, just very difficult. With that being said however, it is possible to defend yourself personally against being a victim of one of these high-profile breaches by reducing the ways in which you grant other parties access to your information.
Solution the First: Use Cash instead of Credit
Let’s face it, the only way that a breach can affect you is if you have information present in their systems. Using cash reduces this vector considerably (unless you use something like a customer loyalty card), as well as increases your privacy overall (again unless you use a customer loyalty card).
Solution the Second: Use Pre-Paid Cards Online instead of your regular debit/credit card
Using credit cards or debit cards is super common online, however it also leaves a link back to your bank account that can be exploited. Using a pre-paid credit or debit card can eliminate the ability to abuse your real numbers. Please note that there is often a small fee associated with charging up the card, and that ‘refillable’ cards are no better than creating a standard credit card as far as information goes. The recommended route is to use one-time cards.
Solution the Third: Do not use ‘Pay at the Pump’
As was mentioned before with Skimming, it is commonplace now to see issues occurring with ‘Pay at the pump’ style card readers and ATM’s- compromised readers, additional detection methods, etc. Using your card at only authorized locations that are under close watch at all times can greatly decrease the chances of being exposed to a breach, but as has been shown many times now this is not always the case.
A Breach can happen to any organization. Anyone can be a victim of a breach, and being a victim is not a crime. That being said, all organizations need to do their due diligence in order to keep their customers information safe, or risk losing that customer base when they have no money to spend at their stores.
Kurt Ellzey has been involved in Information Security and Technology for the better part of the past 15 years. During that time, he has been published as part of the compilation Security 3.0, the writer for the Ramp with 5 Levels, and a contributor at LIFARS with the Weird Security Term of the Week series. More information about Kurt can be found on LinkedIn or on Twitter.