Target security breach a reminder that threat lurks in stores and online

We’d been warned time and again this holiday season about the risk of identity theft when shopping online — the dangers of making a purchase when connected to unsecured WiFi or entering a social security number on a sketchy shopping website.

But the massive security breach at Target, which compromised up to 40 million customer credit and debit cards in late November and early December, is a reminder that the good ol’ fashioned brick-and-mortar stores still carry massive risks for shoppers. The theft of customer credit- and debit-card information at Target, which went on for 19 days during the height of the holiday shopping season, has left individuals vulnerable to fraudulent charges on their accounts and identity theft that could take months to resolve. And it will inevitably hurt Target’s sales during this critical time of year, when many retailers make up to 40 percent of their annual sales, and do even longer-term damage to its reputation. Just hearken back to the public relations crisis and customer backlash that Sony endured in 2011 after millions of Play Station users had their accounts hacked.

With more consumers shopping online this season – and especially on smartphones and tablets while consumers are on the go — and making more expensive purchases online than ever before, it seemed that should a massive security breech happen, it would happen in the cyberworld. Security experts sent out messages almost ad nauseam about being careful not to disclose too much information online and to use only secure sites and networks. Check the encryption standards of public hotspots before you connect, they said, avoid sites that lack clear Terms and Conditions and think twice about offering up personal information that’s not necessary to make a purchase. Experts at Connecticut-based data security firm Private Communications Corporation warned customers to take caution where they do online banking (maybe not in the middle of the mall) and protect themselves when using public networks.

The threats online are very real, especially since shoppers in a rush are more willing to share personally identifiable information that invites thieves to take advantage of them, and may discount red flags for the promise of a good deal, according to experts at IDentity Theft 911, an identity and data risk management service. And as the Target heist showed us this week, the threats inside our neighborhood big-box store are just as real. So is anywhere really safe?

Thieves are after your money, whether you spend it online or in the physical world. It’s a bit disheartening, as the robust consumer backlash against Target shows us.

But there are also a lot of signs that online shopping could get safer before brick and mortar transactions. Online payments companies such as PayPal, Stripe and Dwolla have robust fraud detection, and in some cases these systems are so overzealous about fraud protection they end up stopping even legitimate payments. Many of these companies require a unique email or phone number for each user, and customers are prompted to enter your unique four digit PIN for each a transaction. As more companies accept PayPal and other online payments systems, the opportunities for making safer retail transactions is greater. Amazon and Google are also working to improve their online payments platforms.

In the meantime, all the experts remind us that we consumers must be more diligent with personal information, whether we type it into a website or swipe it through a credit card machine. There’s also the option of using cash to buy the rest of our holiday gifts this year — if we can remember how to use an ATM.

Image: AP Photo/Steven Senne

 

 

Heather Somerville Heather Somerville (224 Posts)

Heather Somerville is a business reporter covering venture capital and startups for the Bay Area News Group.