With the holiday shopping season in full swing, security experts, retailers and shoppers alike face the coming weeks with vivid memories of the Target holiday breach two years ago and the series of hacks and data theft we have seen since. It comes down to each of us to be on alert and to be smart about the valuable data we have.
Experts Warn of the ModPOS Malware Threat
Among other malware and hacking threats facing businesses and retail companies today, experts and security officials have warned in recent weeks of a threat first discovered in 2012 that could potentially endanger transaction data this holiday season. ModPOS is a sophisticated and difficult to detect malware that can grab user information at any point in the transaction where data becomes unencrypted. ModPOS is currently undetectable by antivirus scans.
Retailers Face Increased Liability, New Threats, and New Tools
Even with the newer EMV chip card, retailers are encouraged to use a point to point transaction encryption system that maintains encryption until the last step in the transaction, when the data reaches the payment processing center. When surveyed, approximately 40% of retailers say they have point to point encryption in place and up to 85% reported that they would by the end of the year. This comprehensive encryption can help protect customer data from sophisticated threats like ModPOS.
Retailers face greater liability for any credit card fraud that originates from their point of sale (POS) this holiday season. The deadline for banks and card issuers to adopt EMV chip technology widely used in Europe and around the world came and went in October. Many retailers still face challenges in adopting the new technology and this is especially true of small businesses. Even large retailers are wrapped up in a required approval process that must be completed before they can begin using the newly installed EMV transaction terminals.
Shoppers Must be Aware of Risks to their Data
Retailers have EMV technology and advanced tools at their disposal to help keep shoppers’ data safe. Unfortunately for shoppers, they really have no way of knowing which retailers have fully implemented these safeguards and where their data may be at risk. Shoppers must remain vigilant but many seem to be experiencing breach fatigue. One in five consumers report that the new EMV transaction terminals take too long to use. While the difference is an estimated four to eight seconds, this extra time required to process transactions using the new cards, it is feared, could lead to longer lines and more frustrated shoppers during the busy December shopping days.
Consumers are strongly urged to avoid making online purchases while connected to public Wi-Fi. The dangers of unsecured public Wi-Fi are real year round but is convenience overcoming important precautions? For shoppers who are wary of credit can debit card transactions but are not comfortable carrying cash, a payment tool like Apple Pay may be the answer. Apple Pay uses a token system to complete in store purchases without exchanging any customer data on site.
Retailers have considerably more incentive to protect customers’ data with the potential for liability even higher this season. But shoppers still bear the responsibility to use caution whether online or in stores. Overcoming credit card fraud and cybercrime requires awareness and due diligence on both fronts. Share this article and our recent Identity Theft Security Tip with your employees and colleagues to help them recognize and avoid the dangers for a safe and happy holiday season.