60 Minutes On Credit Card Breaches

This past Sunday, CBS’ long running news program, 60 Minutes, aired a segment on the high-profile credit card breaches at retailers over the past year or so. It was very nice to see Brian Krebs getting some much deserved kudos for the work he does in researching and disclosing these breaches. Congrats to him!

Much of the content shouldn’t come as a surprise to regular readers of this blog, or those in the security, banking or retail industries.


Some key points from the segment:

  • Of the 40 million or so credit cards compromised in the Target breach, only about 5% were actually sold through the online black markets
    • This is still 2 million cards
    • At an average purchase price of $20 per card, we’re talking about roughly $40 Million in ill-gotten gains for the sellers
  • Roughly 97% of businesses have experienced a data breach, whether they are aware of it or not
  • Retailers and other businesses are spending tremendous amounts of money to combat network intrusions and fraud, between technology and headcount
    • Breaches will happen
    • Key to stemming this issue is early detection, relying on skilled professionals, to “stop the bleeding” as soon as possible
    • With Target, as is often the case, alerts were generated, but were lost in the noise of non-critical notifications
  • Banks and retailers have agreed that current credit card technology is antiquated, having not changed much since the 1960s, whereas the criminal technology is constantly evolving
  • The move to what’s commonly called chip-and-PIN equipped cards has begun, but it will be years before fully implemented
    • The cost to banks, retailers and the credit card companies to make this change will be billions of dollars
  • The cost of these breaches, and of the measures to prevent them in the future is passed on to all of us, in the cost of the goods we purchase
  • The thieves (I hate using the term “hackers”) are often members of organized crime syndicates, their customers are common criminals, often employing little if any technological know-how

So what does this mean to me?

Well, that depends on who you are, I suppose.

  • If you are a retailer or financial institution, it means you have to be on the lookout for these things, now more than ever with the holiday buying season in full swing. The key, as I always say, is discovering issues as soon as possible
  • As a consumer, which I suppose we all are, we need to watch our credit card and bank statements proactively. It’s easy to pass the buck to the financial institutions, credit card companies and retailers, but if we all stay on top of these things and alert the appropriate people when we discover something amiss, we make the bad guys’ jobs that much harder