January 30, 2016
The recent major credit card data breach that occurred at Wendy’s is another evidence of a major problem that all industries face – loopholes in cyberdefense systems, which allow cybercriminals to leverage modern and evolving malware tools to steal consumers’ financial data. As breaches occur with major players across industries with frightening frequency over time, cybersecurity has a chance to become one of the hottest FnTech segments by 2020.
Realizing the scale of damage that data breaches cause, four banking industry giants — JPMorgan Chase & Co. ($500 million), Bank of America ($400 million), Citigroup ($300 million) and Wells Fargo ($250 million) — will collectively spend $1.5 billion on cybersecurity annually.
Cyberattacks are costing global businesses around $500 billion per year, according to RT. In the last five years, the financial industry has been the top target for cybercriminals with IT and telecom, defense, and the oil & gas sectors next in line. Security analytics, threat intelligence, mobile security and cloud security are expected to see the most significant growth.
In this situation of uncertainty, it is important to be ready for immediate responsiveness for both consumers and merchants, as those are the groups also bearing the costs of weak cybersecurity systems managed by financial services providers.
Jeremy Gumbley, CTO/CSO of Creditcall, shared with the LTP team his insights on the financial data breaches situation from different perspectives.
How can consumers protect themselves?
Consumers have tools in their arsenal to help with damage control and they shouldn’t be waiting for any official statements to take control of their own financial security. The first thing to do is to check online billing statements immediately. There is no need to face the actual disaster to take measures. Consumers should be actively keeping track of their statements as data breaches happen all the time – it’s just a matter of when they are detected and reported.
That said, the banks often do a great job at identifying and re-issuing cards when there’s any concern they have been involved in a data breach. For instance, Discover Card has a freeze feature that allows you to instantly hold further transaction activity if you’ve ever lost, misplaced or have concerns about that card.
As the Wendy’s breach investigation unfolds, consumers should be prepared for the inconvenience of cards being re-issued as the banks aim to mitigate any damages and further financial loss.
What are consequences of data breaches for merchants?
It’s too soon to tell what the scope of damage will be for Wendy’s, but with Target, the data breach impacted its bottom line, stock price and consumer perception.
Wendy’s data breach offers lessons for large and small retailers alike – again, hinged on the need for a multi-pronged payments security. EMV is a great first step, but it alone cannot prevent a data breach. P2PE is a fantastic complement, and for optimum comprehensive security, tokenization is an essential part of the mix.
Retailers often don’t care about the technical nuances. They want their payment technology to work – and be secure. The silver lining with the Wendy’s breach is that it reminds the industry that there are still too many loopholes and we need to move faster to more secure technology such as EMV and P2PE.
Is mobile/NFC/CNP/Apple Pay more secure than chip cards?
The only way that mobile, NFC, Android Pay, Apple Pay and the mobile brigade will have a tangible dent in card fraud prevention is if everybody starts to use it. These are two very different ends of the spectrum in payment technologies with different merit when it comes to data security.
Consider first the adoption rate of NFC. Do banks really want to send everyone an Android or Apple phone to rely on Android Pay or Apple Pay, or a chip card that is far cheaper to manufacture? The adoption for the Apple, Android, Samsung Pay options are currently relatively small. Given the volume of EMV terminals supporting chip cards out there globally, and increasingly being installed in the US, it’s unlikely we’ll move solely to NFC for a very long time. Most of the modern payment tools and devices are built on the EMV chip card framework.
What’s in it for hackers?
Why go to jail for stealing card data for 4,000 cards when you can steal the data of 40 million? Fame. Yes, financial incentives abound, but in underground hacker forums, compromising the card data of a major brand like Wendy’s gives you plenty of bragging rights. Cyberhackers are intrigued by the challenge of a hack and how they can monetize breaches. This is why well-known brands and large companies are popular targets, even though smaller merchants are often easier to hack.