Rippleshot Blog

This week, industry executives and thought leaders from all across the retail ecosystem gathered in Chicago for Retail Reinvention to discuss the strategic future of retail and payments. R₂, powered by PYMNTS.com, brought the best and brightest together to discuss how emerging payments and technologies from industry heavyweights like Walmart, McDonald's, American Express, Amazon and Target.

Since we last covered the Target lawsuit, we saw a potential $19 million settlement brought to the table by Mastercard, which was defeated by their issuing banks in May. The settlement would have forced an end to the class-action litigation, which is now moving forward, in parallel with MasterCard’s attempt to renegotiate their settlement deal. Late last week, the banks involved in the lawsuit filed a request with the U.S. District Court of Minnesota to unseal some documents that until now, Target has been attempting to keep classified as confidential.

Every day, fraud analysts across the U.S. are stretched razor thin attempting to curtail the ever-growing fight against fraud. The current methods of common point of purchase (CPP) analysis are labor-intensive and time-consuming, that are done in-house via a manual process.

As the deadline for implementation of EMV nears closer, and chip cards are starting to hit customer mailboxes, questions surrounding the conversion are growing louder. The most controversial being why the U.S. has chosen to implement chip and signature over chip and PIN (like most other countries that have made the switch). There has been a ton of speculation over the decision, so we’re taking a step back to explain the differences, their impact, and what it really means to not be implementing PIN verification.

Back in March of this year, we put together ten data breach statistics that should have your attention, followed shortly there after with ten more statistics that needed your attention. After the publishing of the 2015 Trustwave Global Security Report, and the 2015 Ponemon Institute Cost of A Data Breach Study, we’ve pulled 10 new stats that financial institutions, retailers and cardholders need to be aware of moving forward.

In 2013, we saw the start of a series of massive data breaches impacting organizations of all sizes, across a variety of industries. Ranging from retailer heavyweights such as Target, to regional grocery chains like Supervalu. In 2014, we saw organizations like Home Depot, JPMorgan Chase and eBay fall victim to a data breach, compromising a total of roughly 330 million personal records. 

The introduction to Trustwave’s latest Global Security Report said it best - “Compromises are nothing new, of course, but 2014 just felt different.” Many called it the “Year of the Data Breach.” Many more were affected directly, with billions of personal records being compromised. But maybe most importantly, 2014 thrust data security into the public eye, forcing merchants, financial institutions, government and everyone in between to place a higher priority on breach prevention and detection.

Trustwave’s report provides a unique overview of the global security landscape, what trends emerged over the past year, and what the payments industry should keep an eye on moving forward.

The Ponemon Institute and IBM recently released its annual Cost Of Data Breach Study: Global Analysis, receiving contributions from over 350 organizations in 16 different industries in 11 countries that were involved in an event where an individual’s name plus a medical or financial record is potentially at risk.

Last Thursday, IBM and the Ponemon Institute hosted a webinar covering the findings from the 2015 report led by David Puzas, Director of Portfolio Marketing, Security Services at IBM and Dr. Larry Ponemon, Chairman and President of the Ponemon Institute.

While we’ve been busy keeping a close eye on the happenings of the Target lawsuit, issuers have filed another one - this time against Home Depot and the data breach that occured over the summer of 2014 and exposed 56 million payment cards.

Falling in line with Target, there are two lawsuit tracks - consumer and issuers. Now that both have been formally filed with the United States District Court in Georgia, follow along as we take a deep dive into the complaints and claims listed.

The Rippleshot team had the pleasure of attending ISMG’s Fraud Summit here in Chicago this week. Unsurprisingly, the topic on everyone’s minds and mentioned in almost every single panel was the impending shift to EMV in the coming months and how that will impact card security moving forward.

We live in a day and age where cybercriminals and security professionals are in a constant battle of Cat and Mouse. Cybercriminals are creating and testing new attack methods at this very moment to test and compromise an organization’s systems. As security professionals, only one mistake has to be made for a security incident to occur, while cybercriminals only have to be right one time. And when cybercriminals are successful, we as consumers feel the repercussions as our personal and financial data is stolen and used for illegal activities.

According to Ponemon Institute and Experian’s Data Security in the Evolving Payments Ecosystem study, nearly 70% of respondents cited that pressure to support new payment technologies is putting customer data security at risk.

As the United States prepares for the migration to chip-embedded cards, known by many as EMV cards, we as consumers will face one last hurdle before card present fraud is reduced. In October of 2015, merchants and their point-of-sale terminals will have to be EMV compliant to process chip & signature transactions, prompting card issuers to begin aggressively issuing EMV cards.

We’ve all seen the articles by now. Ditch your network security provider. Forget about perimeter protection. Firewalls are useless. Data breach prevention is dead, and the only way to beat hackers is to turn to detection software instead.

Given that the number of data breaches involving 100 million or more records doubled in 2014, it’s understandable that the industry is frantically searching for the silver bullet that is going to fix this problem. The problem is, we don’t think there is one.

Earlier this week, Verizon released their annual security report, 2015 Data Breach Investigations Report.  With the help of 70 organizations from around the world, the 2015 Data Breach Investigations Report (DBIR) provides unparalleled insight into the various threats and security incidents that have plagued organizations of all sizes.  We’ve put together some of the key takeaways from the DBIR to highlight some of the major trends ranging from attack methods to the latest data breach trends.