Rippleshot Blog

Over the past few years, data breaches have pounded the payments industry.  Target’s 40-million credit and debit card data breach washed away their C-suite, billions of their market capitalization, and hundreds of millions of profit in lost sales and imposed fines. The list of catastrophic data breaches continues to grow as Issuers struggle with a rising tide of fraud losses, merchants faced with a public breach are most often swept under within six months. Consumers, faced with reissued card after reissued card feel lost at sea, distrustful of the whole system.

For much of past year, the debut of Apple Pay was eagerly anticipated to be the solution to a litany of credit card payment problems. And certainly the new method of transacting is game-changing in that it employs not only a cryptogram (much like EMV credit and debit transactions use), but also a dynamically generated 16-digit token, ensuring that merchants never directly receive or have the ability to store customers’ actual credit card numbers - which would go a long way toward preventing the large payment card breaches that have dotted the landscape for the last several years.

In addition to the tokenization, transactions are also authorized using either Touch ID (fingerprint) or through a PIN number, providing an extra layer of security to ensure that purchases are verified through the iPhone owner, in case the device gets lost or stolen.

But the problem isn’t with the transactions themselves - it’s with the card set up process.

The number of U.S. data breaches grew 27.5% and hit a record high of 783 in 2014, according to a recent report released by the Identify Theft Resource Center. With data breaches growing at an alarming rate, you should be aware of the latest statistics. If last month's Data Breach Statistics surprised you, the following will be even more concerning:

Many have called 2014 “the year of the data breach,” which saw breaches affect retail organizations including Target, Home Depot, P.F. Chang’s and UPS. These data breaches combined for over 220 million exposed records in a period of just over 15 months. However, cyber criminals may have their sights set on a much more lucrative and untapped industry in 2015, insurance and health care providers.

On February 12th, a day before the White House held a cybersecurity summit at Stanford University, President Obama signed an Executive Order to “encourage and promote sharing of cybersecurity threat information within the private sector and between the private sector and government.”

While 2014 was aptly named "The Year of the Data Breach," 2015 has unfortunately started off in a similar trajectory, with breaches at several parking services and Anthem suffering the largest healthcare breach in history. On their own, these incidents paint a pretty bleak picture for data security, but in aggregate, they're even more alarming.

A couple weeks ago, we covered the initial hearing held by the House Subcommittee on Commerce, Manufacturing, and Trade entitled “What are the Elements of Sound Data Breach Legislation?” The Senate is pursuing a similar path and plan to propose their own version of data breach notification legislation, which started with a hearing on February 5th initiated by the Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security.

We’re in the midst of a dark time for the payments industry. In 2013, Target lost 40 million payment cards, which started a snowball effect of large scale data breaches that have affected The Home Depot, P.F. Chang’s and Sony Pictures. And sadly, we here at Rippleshot are beginning to see the subtle indicators of more massive data breaches that have yet to be discovered and publicly announced. And there are hundreds of smaller data breaches that will go undetected for months, even years.

Bizrate recently released the results of their second Payment Security Study, and the results for retailers are grim. While it's been several months since a massive data breach the likes of Target or Home Depot, the residual impact of these incidents on consumer spending habits is holding strong.

At last count, 140 lawsuits were filed against Target in the wake of the massive data breach that exposed credit and debit card payment information for tens of millions of consumers in late 2013. If your head is spinning at the thought of how this will all be handled and what it means for payment security, you’re not alone. Follow along as we take a deep dive.

In the first step toward federal data breach legislation, the House Subcommittee on Commerce, Manufacturing, and Trade held a hearing on Tuesday entitled “What are the Elements of Sound Data Breach Legislation?” Testimony was heard by CompTIA, Acxiom, The Retail Industry Leaders Association and the Cumberland School of Law in the first of what we can assume will be many steps to drive toward a single national breach notification requirement.

With a growing problem of retail data breaches over the past year, our friends over at Tripwire Inc. put together a webcast bringing together five security experts to discuss the different phases in a retail data breach lifecycle. This group of experts includes: Sam Heiney, Product Solutions Director for Netop, Ken Westin, Security Analyst at Tripwire Inc., Randal Cox, Chief Scientist & Co-Founder at Rippleshot, Scott Waddell, CTO at iovation and Jeremy Henley, Director of Breach Services at ID Experts.

During a speech at the Federal Trade Commission on Monday, President Obama outlined his plans on attacking several cybersecurity issues, including a legislative proposal to help protect the millions of Americans whose personal information has been compromised as a result of a data breach.

In a year of broad-ranging and publicly damaging corporate data breaches, the malware attack on Sony Pictures Entertainment joins the ranks of companies like Home Depot, JP Morgan and eBay who suffered incredible losses at the hand of deft cyber-attackers.

Here’s the timeline of everything we've learned so far:

What a year it has been for data security. Earlier this month, CBS 60 Minutes correspondent Bill Whitaker deemed 2014 “the year of the data breach,” and we find it hard to disagree. Kicked off by the mega-breach at Target at the close of the year prior, 2014 saw large-scale data breaches at many well-known companies such as Michaels, P.F. Changs, Home Depot and Jimmy John’s. Did the industry see the tidal wave coming? We take a look back at last year’s predictions and what made an impact in 2014.