Well, Target’s December 2013 data breach is turning out to be historic. The largest ever in number of affected customers? Check. The widest ever in exposure of cardholder and personal data? Check. The costliest ever in cyber liability and brand damage? Check, no doubt.
It’s the cost that terrifies the retail and bank industries. Neither can afford a $100 million cyber liability with margins and stock prices under pressure. But that’s exactly what they’re facing, as the opening salvos in Target’s data breach litigation indicate.
The Associated Press provides a good overview of the fight in “Target Data Breach Pits Banks against Retailers“. What’s missing is the historical context. The US is 15+ years behind the rest of the world in payment card and Point of Sale (POS) security. Neither retailers nor banks have made any meaningful attempt to modernize their payment chain security.
The only conspicuous exception hasn’t even happened yet. The US is finally migrating from magstripe payment cards to EMV payment cards – by the end of 2015. But there is no agreement between retailers and banks as to whether those EMV payment cards will be chip-and-PIN or chip-and-signature.
Regardless, EMV payment cards do not address Card Not Present (CNP) fraud – fraudulent online and mobile transactions using stolen payment card data. Enter SurePassID. We have a single unified solution for Card Not Present fraud which leverages passwordless, transparent multi-factor authentication that can be delivered using any OTP method on any device. Contact us to learn more!