Page 15 - GS140101
P. 15
ChapterTitleNews
Does Target
breach As details of the breach emerge, it may come
to rival the sizes of past breaches of TJX
show PCI Companies Inc. in 2007 and Heartland Payment
not reaching Systems Inc. in 2009.
merchants?
arget Brands Inc. con-
firmed Dec. 19, 2013, that
its U.S. stores were the
T source of a nationwide
fraud scheme perpetrated between
Nov. 27 and Dec. 15, 2013. Target
reported that approximately 40 mil-
lion credit and debit card accounts
may have been breached in the attack.
The retailer said it is working with
law enforcement and has contracted
with a third-party fraud examiner on
the investigation into the incident.
Meanwhile, a payments industry
expert told The Green Sheet that the
Target breach shows that security
weaknesses are largely a problem
of retailers, not back-end payment
providers. Therefore, the anonymous
source said the PCI Security
Standards Council (PCI SSC), which
promulgates the Payment Card
Industry Data Security Standard (PCI
DSS) and related security standards
for the entire payments and merchant
ecosystem, needs to focus more on
the retail sector.
The PCI SSC and the card brands
need to realize "that once again this
is a retail breach," the source said.
"This is a big-box store, just like
T.J. Maxx got breached. This is not
your online stores. This is not your
payment gateways. This is not the
usual entities that they go after when
something like this happens.
"Clearly PCI and its program is not
properly set up for the retail location.
And what they really need to do is
stop basically bullying companies
like us."
15
15
Does Target
breach As details of the breach emerge, it may come
to rival the sizes of past breaches of TJX
show PCI Companies Inc. in 2007 and Heartland Payment
not reaching Systems Inc. in 2009.
merchants?
arget Brands Inc. con-
firmed Dec. 19, 2013, that
its U.S. stores were the
T source of a nationwide
fraud scheme perpetrated between
Nov. 27 and Dec. 15, 2013. Target
reported that approximately 40 mil-
lion credit and debit card accounts
may have been breached in the attack.
The retailer said it is working with
law enforcement and has contracted
with a third-party fraud examiner on
the investigation into the incident.
Meanwhile, a payments industry
expert told The Green Sheet that the
Target breach shows that security
weaknesses are largely a problem
of retailers, not back-end payment
providers. Therefore, the anonymous
source said the PCI Security
Standards Council (PCI SSC), which
promulgates the Payment Card
Industry Data Security Standard (PCI
DSS) and related security standards
for the entire payments and merchant
ecosystem, needs to focus more on
the retail sector.
The PCI SSC and the card brands
need to realize "that once again this
is a retail breach," the source said.
"This is a big-box store, just like
T.J. Maxx got breached. This is not
your online stores. This is not your
payment gateways. This is not the
usual entities that they go after when
something like this happens.
"Clearly PCI and its program is not
properly set up for the retail location.
And what they really need to do is
stop basically bullying companies
like us."
15
15
