In what could be the largest breach to date, Target announced that thieves were able to compromise data for some 70 million people and approximately 40 million credit and debit card accounts. The data was exposed for transactions made between November 27 and December 15, 2013. The breach is believed to be limited to in-store purchases, where the “track data” was compromised. Track data is the information stored on the magnetic stripe on the back of a card and can be used to produce counterfeit cards.
As a consumer and as a merchant, this breach impacts you. Here’s what you should be doing to protect yourself and your organization:
1. Monitor Your Card Activity
This should be something you do regularly. Review the activity on your card and if you see something suspicious, call you card issuer right away. The customer service number will most likely be printed on the card itself or will be on your monthly statement. Your card issuer can help research the suspicious transaction and can deactivate and re-issue your card if necessary.
2. Credit Monitoring
If you shopped at a Target store then you are eligible to participate in the free credit monitoring program Target is offering through Experian. Credit monitoring alerts you when there may be an issue so that you can respond quickly. Target offers an FAQ on their website.
3. Protect Your Own House
Target was a victim of a sophisticated, large scale attack. Being one of the largest retailers may have made them more attractive, but even small merchants can be victims of a card breach. Verizon released a report on 2012 data breaches that revealed 72% of breaches covered in the report were at organizations with less than 100 employees. In order to help reduce the likelihood of becoming a victim, take these steps:
- Validate your own PCI compliance. Compliance covers many security components from software and firewalls to internal policies. Working with a Qualified Security Assessor (QSA) to close up vulnerabilities and validate compliance is the best way to ensure you are more protected from an attack. You can find a list of QSAs here.
- Be sure to work with PCI validated software and gateway providers. You can check out providers at Visa. Visa will share with you what services the company is validated to provide and when the validation expires.
There is no way to stop 100% of attacks, but you can reduce your exposure by following industry standard security guidelines to protect your organization and your data.