In last Friday's Wall Street Journal, Danny Yadron and Shelly Banjo tell an interesting tale of big business in an article about Home Depot trying to stay ahead of hackers. When Target broke in December, (which for those in computer security, was not really December), they started to plan to do a makeover that would keep them from getting hit with the same type of attack.
Target missed an opportunity to do the same thing [see http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data ] before Thanksgiving, avoiding the Christmas rush which allowed its numbers to be so high. The rumors were flying then, and I wonder how Home Depot missed them.
Home Depot started to implement a system that would protect their payment structure from the same kind of attack. They found it was slow work, and they only got about a fourth of the network done before they got hit. It is easy to second-guess them on this, because they are a big organization and they don't want to screw up their payment system with a hasty change that might destroy them just as quickly as word that they were hacked. On the other hand, they were missing something the community knew about for a long time before Target. They, and many other businesses, are not listening to the drums.
We seem to be missing a basic function of business - business intelligence - that should tell us when a trend is about to shake up the business world with a shaft of light from "Eastern Europe". I can't believe the credit card industry is so lax that they allow these organizations to be hit, one after another, without instituting changes to the credit card systems that are getting this data and processing it. A credit card holder can do nothing, short of paying cash and moving away from them, and surely has to rely on this industry to keep us safe. It is one thing to lose a credit card to somebody in a store or parking lot, who steals the number; it is something else again to have someone steal 60 million of them. We can't do anything about that.
If we look to history, Marshalls et al, should have been enough to convince us that mass theft of credit cards were real threat that had to be dealt with. Somehow, we have managed to blame the stores for this, when the credit card industry is the one to blame. They have known for years what was happening. They saw Europe change, and did nothing. They saw the massive theft of card numbers in the U.S. and made promises about what they would do - in 2015. Well, 2015 is finally here. Think they will get it done now?
If your credit card number is stolen, write your Congressperson and demand they do something. I know it sounds hard to believe, to some, but the reason the industry has been allowed to wait, is legislative, not technological. They know what to do; they just wanted to wait until 2015, and they got their wish. In the meantime, how many billions of dollars were taken from the industries that were affected - 2 since the Home Depot incident started - and how many total since the first ones? "The consumer is not losing any money" they have said. Somebody is, and the consumer is the one paying for it in higher fees. The country is because computer crime has become so big and well organized that it is a threat to our national security. This is not a political issue as much as a consumer protection alert. Somebody needs to act, and it sure hasn't been the credit industry.
No comments:
Post a Comment