Tactical Advice

Target Data Breach Highlights Payment Security Weaknesses

The hack heard round the world is forcing banks, businesses and customers to reexamine holes in the U.S. electronic-payment system.
Target Data Breach Highlights Payment Security Weaknesses
Credit: Andriy Bandurenko/iStock/ThinkStockPhotos

Did Target shoppers get on Santa’s naughty list last year? If so, that would explain the lump of coal that hit customers right before the Christmas holiday when roughly 40 million credit card and PIN numbers were snatched up by hackers in a devastating data breach for the major retailer.

The hack inconvenienced Target and its customers, and banks and credit unions had to put in overtime to alert customers and provide them with new cards.

In a report from the Las Vegas Review-Journal, the One Nevada credit union acted swiftly to inform affected customers and replace their existing cards.

One Nevada Credit Union says about 7,000 debit cards and about 500 credit cards will have to be replaced. The Las Vegas-based credit union has 75,190 members statewide.

“We are being proactive,” said Greg Barnes, senior vice president of marketing with One Nevada. “We have reached out to our members and told them that their debit or credit cards would be replaced.”

For One Nevada, the damage from the Target breach was “very minimal,” around $2,000, Barnes says in the article. But analysts have speculated that the total cost of the breach could be a whopping $680 million, according to a report from Reuters, and big banks could potentially sue Target for costs associated with dealing with it, says CNBC.

And that’s just the dollars and cents impact of the breach; there’s also the eroded trust and security between Target and its customers.

Technology’s Role in Improving Payment Security

After news of the Target breach hit the wire, some financial and security experts began to point the finger at the U.S.’s outdated magnetic stripe technology in credit cards. In much of Europe and other parts of the world, cards with magnetic stripes were phased out long ago in favor of cards with smartchips because the magnetic stripes were considered an easily compromised method of authentication.

The smartchips in EMV (Europay, MasterCard, Visa) cards send unique codes at the point of sale (POS), and customers must enter their pins rather than simply sign for their purchases, which helps increase security, reports The Buffalo News.

“As other countries started adopting the technology, the fraud moved to whoever was the most vulnerable, so it left the United Kingdom and shot up in the United States,” says Janna Herron, a credit card analyst with Bankrate.com, in the Buffalo News article.

Aaron Colwell, an inside solution architect with CDW, points out in a post on the CDW Solutions Blog that while the Target breach was massive, it was somewhat blunted by the fact that the PIN numbers nabbed by the hackers were encrypted with Triple DES encryption.

Target maintains the PIN data is still secure, and Colwell points out that while it’s not impossible for the encryption to be cracked, doing so would be extremely challenging and resource intensive.

Triple DES (3DES) uses a bundle of 3 different 54 bit keys K1, K2 and K3. The algorithm looks like this:

ciphertext = EK3(DK2(EK1(plaintext)))

There are 3.7×10^50 (370 Trillion Trillion Trillion Trillion) different key combinations so it is not going to be easy to read the plaintext without the encryption keys. The goal of encryption is not necessarily to make getting at data 100 percent impossible but rather make it so exceedingly difficult it is not worth the attempt.

SecurityMetrics, a merchant data security and compliance company, found that 71 percent of the businesses surveyed in its 2012 Payment Card Threat Report were storing unencrypted payment data on their networks.

Frankly, with so many businesses leaving so much unencrypted information out in the open, customers are lucky that breaches don’t happen more often.

The Payment Data Gold Rush

The Target breach is an example of the catastrophic impact of a data breach, and it should inspire companies of all sizes to beef up their payment security — especially since mobile payment solutions are turning tablets and smartphones into POS devices.

As we shift to a more cashless society, data is the new gold, and hackers are treating companies’ payment systems like it’s California during the gold rush. For now, encryption, up-to-date infrastructure and robust authentication policies are the best defenses businesses have against these malicious gold diggers.

Sign up for our e-newsletter

About the Author

Ricky Ribeiro

Online Content Manager

Ricky publishes and manages the content on BizTech magazine's web site. He's a writer, technology enthusiast, social media lover and all-around digital guy. You can learn more by following him on Google+ or Twitter:


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.