Much has been made of the recent data breach at Target, and many place blame squarely on those responsible for making the breach possible. I’ve heard about a few arrests here and there of individuals with stolen credit card numbers, but the company and it’s employees paid the biggest price of all. Certainly negligence played a part here and that should be dealt with, but how much damage was actually done because of the security breach? For Target, and many other companies, it may not even be measurable.
Given my security background and focus, I keep an eye on new security related activity going on in the market. It never fails to amaze me how incredibly persistent and creative cyber-criminals can be. One particular type of cyber-criminal, the email phisherman, for lack of a better description, sends emails offering such amazing opportunities that some people bite, and then get taken.
I had a little fun with this one and put together a video highlighting some of the lines I’ve seen in phishing emails recently. I hope you enjoy it!
Given the recent credit card mega-breach at Target, it’s no surprise that the Feds will soon be jumping in to add a new layer to the already existing compliance guidelines and regulations. I’m sure this seems like a reasonable response for many, given the publicity around this breach and the potential for widespread fraud that could result. But as usual, I am concerned that Congress will be placing an undue burden on credit card processing companies instead of taking a balanced look at the industry as a whole.
Thankfully, Congress is considering ways to make credit and debit cards more secure. I’d suggest they take a good look at Europe, which has been ahead of the US for some time in this area. For starters, the smart card technology that many European countries have adopted is extremely difficult to duplicate or forge and has built-in tamper-resistance. It’s been about a decade since card issuers in EU and Japan started using smart chips. And in that time, it’s no coincidence that the US has become a high-value target in the fraud game.
Unless Congress adopts new regulations that require card issuers to update their technology, the real issue will never be addressed. By avoiding new technology Continue reading
My last post, some months ago, was published just before the craziness hit for the eCommerce holiday season of 2013. Things have been extremely busy for us and instead of writing, I have been focusing on several new projects and companies rushing to build last minute functionality and use that remaining 2013 budget! It’s been a crazy time…
Now that the end of the year is upon us and 2014 is looming a couple of days away, I thought it would be a good time to share a few predictions for changes I can see coming in 2014: Continue reading