Data Breach: It's Not Just Target Any More
NEW YORK ( TheStreet) -- Shares in Target
But Target was apparently not the only victim.
Nieman Marcus , acquired last year by Ares Management and the Canadian Pension Plan Investment Board for $6 billion after it flirted with going public, also seems to have been hit. At least three other mall-based retailers may be victims.
As many as 110 million people, one American in three, may have had their personal data exposed in the Target attacks.
While past breaches mainly targeted the systems processing transactions, the new breaches are different in that they may involve malware placed in Point Of Sale (PoS) devices.
Target CEO Gregg Steinhafel now says he favors moving toward the EMV (Europay, MasterCard, Visa) chip-and-pin credit card transaction systems widely used in Europe. These use an encrypted computer chip to improve security, allowing more identifiers to be accessed than with the magnetic stripe cards used in the U.S.
EMVCo, which manages the chip-and-pin standards, estimated there were 1.62 billion EMV-compliant payment cards in use during the fourth quarter of 2012, and in some parts of Europe 95% of Point of Sale devices took the chips even then. In the Asia-Pacific region, half of all PoS devices took chip cards at the end of 2012.
The U.S. is thus the last major economy to move toward higher credit card security. A switch to EMV means replacing most credit cards and nearly all PoS devices. Visa and MasterCard
The problem with EMV is that its increased security doesn't apply to "card not present" transactions like those done online. EMV-USA, which advocates for the technology in the U.S., suggests that U.S. online merchants add two-factor verification to those transactions. Some companies, like Google
The credit card industry's problem is part of a larger problem of proving identity I wrote about in December at our sister site, MainStreet.
Problems in health IT, in credit card processing, in Internet identity theft and even in voting can be solved if government and private industry would invest in more secure proofs of identity, and if they made sure everyone had them.