Dedicated to Deposits: Deals, Data, and Discussion

Who’s To Blame for Data Security Breaches: Banks or Retailers?

POSTED ON BY

The massive Target data security breach has sparked a debate between banks and retailers. Who holds most of the responsibility? The Target data breach impacted an estimated 40 million credit and debit card accounts in late November and early December. The data breach was so large that Congress has started holding committee hearings to determine what can be done to better protect consumers. With Congress investigating, the banks are pointing blame to retailers and the retailers are pointing blame to the banks. This AP article summarizes their arguments:

The retailers' argument: Banks must upgrade the security technology for the credit and debit cards they issue.

The banks' counterargument: Newer electronic-chip technology wouldn't have prevented the Target breach. And retailers must tighten their own security systems for processing card payments.

I thought a poll asking who’s to blame would be interesting.

As Congress, the banks and retailers try to determine what should change and who should pay for it, consumers will have to keep on top of their credit card and debit card accounts. Last month I reviewed some of the things consumers can do to reduce the risk of being a victim of a data breach.

Changes will be coming in the next few years. Both the banks and the retailers agree on the need for a national standard for notifying consumers on data breaches. Banks already have a plan to embed digital chips on debit and credit cards by the fall of 2015. These chips should provide more security than the current magnetic strips. They’re now common outside the U.S.


Related Posts

Comments
6 comments.


Comment #2 by Anonymous posted on
Anonymous
Several store have been involved. Target, Michaels, Neiman Marcus etc. Think 6 stores are involved in this breech. Spoke to Pen Fed yesterday on another matter and he said they have so busy because of this matter. I thought he would say that it was because of the 3% CD and he said no that it was the Target matter. 

5
Comment #3 by Anonymous posted on
Anonymous
Both are to be blamed.

8
Comment #4 by Outer Space Guy (anonymous) posted on
Outer Space Guy
Personally, I think the criminals are to be blamed the most...

5
Comment #5 by Anonymous posted on
Anonymous
If you make the transactions hacker proof, there will be no longer criminal element to do the crimes. Just issue micro chip cards and introduce a biometric confirmation for every transaction, problem solved.

7
Comment #6 by gli (anonymous) posted on
gli
Oh yes... please... give the bank your fingerprints/retina scans/facial recognition... then when the retailer/bank gets hacked the hackers have that as well.

It's easy to get a new card number... not quite so easy to replace your fingerprints/eyeballs... Think about that a little before you advocate utilizing unique physical portions of your body for banking/monetary transactions. 
And then think again with someone smarter around =)

7
Comment #8 by Anonymous posted on
Anonymous
#6, You gave or you have a very limited knowledge of what biometric is or is included in. There are millions ways to combine unique feature of every one of us. For example, we all emit certain frequencies from our body that are unique and can not be duplicated or under strong monochrome light we have different patterns of veins and arteries in our fingers, nose, forehead that are unique and can not be duplicated. We all emit unique smells, just ask the dogs, they can identify you out of millions other smells and the technology is here to read your mind and thoughts of who you really are.

5
Comment #9 by gli (anonymous) posted on
gli
I gave a general two examples of a biometric - the two that are frequently discussed in topics of identification procedure. Your post only solidifies my point - I do not want any unique physical feature of mine being in the bank's possession. Even if it is my.... smell as you suggest. When that unique biometric is lost/stolen - I cannot get it back - I cannot replace it with a new smell... it can then be duplicated and I have no replacement or recourse when that biometric is then utilized by another who is not me.

Secondly - You said that the technology is here to read your mind and thoughts of who you really are. First of all - I am not convinced that such technology exists in an proven accurate form & application.

Secondly - why on this planet would I give up my privacy - my thoughts/mind to a bank..... for the pleasure of storing my own money there?

No thanks - improve the technology in the cards sure - but leave my own irreplaceable physical unique qualities out of it.

2
Comment #10 by Anonymous posted on
Anonymous
#9, what if your card is stolen and somebody empty your account. Now you have to prove it was not you. How you will do it without any unique feature from yourself attached to the card?
If there is no connection between the card and myself, I can empty my own money and say to the bank, someone else did it, give my money back and you wind up with double the amount in your pocket and the bank loses every time someone claims fraud.

4
Comment #11 by Anonymous posted on
Anonymous
Pulse Wallet is coming for ultimate security.
The technology actually scans palm vein patterns underneath the skin. It is more secure than fingerprints because there are no traces for someone to replicate and the scanning requires blood flow for a proper read.
You don't need any credit/debit cards nor money on you and only you know which cards are attached that day when shopping around town and you can change the accounts that are attached to your vein pattern with your computer or calling a toll free number any time.

#6, please re-educate yourself about the bio metric uses. The vein pattern is stored nowhere and only you have the master scan that is encrypted and digitized with a password that only you can change or use.

4
Comment #12 by gli (anonymous) posted on
gli
That is no safer than any other info though... it can still be stolen at the main storage point and decoders are mighty smart... anyhow - this IS an interesting idea:

How does PulseWallet work? PulseWallet scans the unique vein patterns in your palm to identify you. Using near-infrared light, an image of your vein patterns is captured, converted to an encrypted hash function, and then sent for verification along with your phone number to retrieve your digital wallet in seconds. How accurate is palm vein pattern recognition? The average acceptance rate for a scanned palm vein pattern is 99.99992%. To ensure absolute security, we use your phone number as a second factor of identification. You can think of your phone number as your username, and your palm as your password. Can palm vein patterns be replicated? Unlike fingerprints and other biometrics that are scanned externally, palm vein patterns are underneath your skin, so you can’t leave traces for someone to replicate. Furthermore, vein scanning requires blood flow for a proper read. What if someone cuts off my hand? Even if someone, somehow, got away with sneaking a chopped off hand into a grocery store, they wouldn’t be able to use it at check-out due to a lack of blood flow in the severed hand.

How do I register and link my credit cards to my palm? Registration is very simple. Simply go to any location that has a PulseWallet terminal, pay for your things as you normally would using a credit card, and then follow the 2-step process to complete the registration: Scan your palm, then enter your phone number. It’s that simple. Do I have to register at every store? No, registration need only be completed once at any store, after which you’ll be able to pay at all PulseWallet terminals without registering again. Where is my sensitive data stored? All payment information is stored with the bank/ISO and is never sent to the terminal. We use tokenization to protect your sensitive data and retrieve payment information without exposing or sending credit card numbers. Your biometric data and profile data are encrypted using a private key and stored on separate, secure Amazon cloud servers. Does the merchant have any of my information? Your phone number is only used for the 2-factor identification, and is not shared or viewable by the merchant. The merchant also cannot see your profile nor can he see what payment methods you have in your account other than the ones you use at their location. In the future, users will be able to opt in and share profile info with merchants in exchange for perks. How much does PulseWallet cost? PulseWallet is absolutely free for consumers to use, and always will be. Merchants can either purchase or lease the hardware and software solution at a very competitive price, which will be announced after our closed beta program ends. Who will process my credit cards? PulseWallet provides credit card processing on behalf of the merchant. We currently do not integrate with third party processors. What are your processing fees? Credit card processing fee structures are convoluted, but we generally use the interchange plus fee structure as opposed to fixed rates, depending on the merchant. Our guarantee is that we’ll either match your current rate or beat it. When is the closed beta and how can I sign up? Select retailers will have access to the PulseWallet beta program starting February 2014. It will go on for 3-6 months, and all merchants participating in our beta program will receive free upgrades and other perks. Merchants who want to join the beta can register. Can I add multiple credit cards to my account? Yes, PulseWallet allows you to add multiple credit cards and other payment options through the online portal. At checkout you will then be able to swipe through your payment options and confirm. How fast is the PulseWallet checkout process? The palm scan takes less than half a second, and the full payment process is completed in seconds. You won’t need to sign anything, or enter your zip code, or wait for receipts. Do I need a smartphone or any particular app to use PulseWallet? Although you can easily manage your wallet and view past transactions on our mobile app, it is not needed to register and use PulseWallet. Our goal is to be as inclusive as possible while providing the easiest and most convenient checkout experience possible.

1
Comment #13 by Anonymous posted on
Anonymous
The vein patterns are not stored ANYWHERE. They are created at the scan machines and immediately destroyed and never sent for any verification. An encrypted token is created with a transaction number and sent to the bank that already had received your encrypted token number and nothing else.
The token changes at every transaction and again nothing is stored or compared with your vein pattern and it never exists on any computer anywhere.

3