Data breaches in 2013 continue to change the data security landscape
Target and other retailer data breaches in 2013 have started conversations regarding credit card security and data breach notification legislation, and those conversations are continuing. Since the end of last year merchants have been quick to try and upgrade their current payment processing systems and bolster their network security. At the same time data security companies, lawmakers and payment processors all started to become more vocal about the fact that there needs to be higher and better standards set for technology and data security.
After their breach, Target immediately decided to start putting new procedures into place to help protect themselves and their data. This also brought about pressure onto banks and other financial institutions to quickly start implementing and issuing cards with microchips, something that has been standard in other countries for over 20 years.
Another major concern is the approach that hackers are now taking to their craft. They are starting to treat it more like a business than they ever have. They are forming elaborate networks with which they can help one another and maximize profitability. Since profitability and return on investment have become a priority they are looking at systems that have more information and less security, they have found this in retail. Retail stores worldwide process billions of transactions a year and collect customer information that allows them to generate even more purchases.
Retail has become the focus of hackers over banks and financial institutions quite simply because they did not approach data security as aggressively.
Retailers are focused on making money so in many cases the level of security implemented was just enough to get by. Also, some companies only have to report their compliance to Payment Card Industry (PCI) standards once a year. There is a very good chance that they are not maintaining their compliance throughout the rest of that time.
So what does all of this mean moving forward? For starters we will see better network security and data protection (data encryption). This will help reduce the number of intrusion instances, but will not be fool proof. Because of this we will also see more focus on damage mitigation. We will also start to see more laws regarding organization response times to data breaches and heftier fines for non-compliance issues. Obviously these changes will not happen overnight but expect many of them to start happening soon.
Similar to this we are starting to see trends where people are moving away from credit cards and finding safer ways to spend money. Some are going the old fashioned route and using cash only for purchases under $300. While others are looking into other mobile payment systems that would require a mobile device, similar to Google Wallet. It will be interesting to see how much of this sticks and how quickly we will start to see some of the more drastic changes. This will hopefully lead to an all-around focus and concern with data handling procedures.