If you want to keep your credit card information and other personal data safe from hackers, it’s a scary time to go shopping in America: Payment system hacks have targeted a rash of retail chains of late, including Target, Neiman Marcus, Michaels, Goodwill, SuperValue and most recently, UPS.
Sadly, the cyber attacks we do know about are likely just the tip of the iceberg: According to an advisory report by the Department of Homeland Security, more than 1,000 American businesses have been affected by the same payment system hack that compromised in-store cash registers at Target.
Earlier this summer, Homeland Security asked companies to check their in-store payment systems for a malware package, known as Backoff, found on Target's registers; seven companies that sell and manage in-store registers subsequently discovered that they have multiple customers who have been affected, The New York Times reported. While some companies, such as UPS, have alerted customers that their information "may have been exposed" most affected companies have yet to take that step; at least in part, that's because many remain unaware that their payment systems have been breached.
At Target, Backoff malware siphoned away shoppers' personal data via the magnetic stripes on their credit and debit cards. In response, banks have been pushing for increased security standards courtesy of chip-based smart cards, which are much harder to hack. By October 2015, credit card companies want American retailers to switch from magnetic in-store registers to chip-based terminals.
It's unlikely retailers will meet the deadline, however, primarily because upgrading payment systems is expensive, upwards of $500 a terminal, the Times reported.
But if retailers continue to drag their feet, American consumers will continue to pay: According to the Times, the black market is flooded with payment information stolen from American credit and debit cards.
In the meantime, the Department of Homeland Security has some basic, practical tips for retailers looking to protect themselves against a hack job: Restrict the number of vendors who can access your internal network, improve existing passwords (the longer and more complex, the better) and shut down access to an account after multiple incorrect log-in attempts.