10:33 AM
No One Solution in the Cybersecurity War
In the fallout of the data breach that affected Target, Neiman Marcus, and other major retailers, many solutions have been proposed to ensure similar incidents don't happen in the future.
Many have claimed that a switch to EMV cards in the U.S. market would hinder future attacks such as these. In fact, Target CEO Gregg Steinhafel is one such advocate. In a CNBC interview shortly after the breach was made public he used the opportunity to push for EMV adoption in the U.S. Additionally, Target CFO John Mulligan told the Senate Judiciary Committee recently that the company is speeding up the process of implementing EMV-enabled POS terminals at its stores. He said the company's own credit cards would be EMV-enabled by the end of 2014, and all Target stores would be ready to accept EMV cards of any kind by January 2015.
But some warn that migrating to EMV cards won't be a catch-all solution to prevent all card fraud in the future. According to Dan Ingevaldson, CTO of security solutions provider Easy Solutions, EMV technology would not have prevented the Target fraud from happening. He says that the malware that affected Target was looking for account information in the memory inside point-of-sale (POS) devices, where it's unencrypted. Therefore, Ingelvadson says, the criminals would have been able to obtain this information even if it came from chip and PIN cards, since the stolen information was not directly taken off the cards themselves.
Further, he says that while EMV technology makes it harder for criminals to clone cards, and is generally more secure at the POS terminal than regular magnetic stripe cards, they still don't protect against card-not-present fraud. Further, he notes that retailers have to actually accept EMV cards for it to be effective. Ingevaldson says in Columbia, where EMV cards were meant to be mandatory in 2013, many merchants still simply swipe the magnetic stripe of the card when processing a transaction instead of using EMV-compliant technology to do it.
Meanwhile DDoS attacks continue to be on the rise as well. Security vendor Prolexic reports that mobile applications are increasingly being used in DDoS attacks against enterprise customers. The company said financial services firms continue to be a prime target of such attacks.
[See Related: Mobile Commerce: The Next Fraud Frontier]
“The prevalence of mobile devices and the widespread availability of downloadable apps that can be used for DDoS is a game changer,” says Stuart Scholly, president of Prolexic. “Malicious actors now carry a powerful attack tool in the palm of their hands, which requires minimal skill to use. Because it is so easy for mobile device users to opt-in to DDoS attack campaigns, we expect to see a considerable increase in the use of these attack tools in 2014.”
With the ever-changing fraud and security landscape, banks simply must be more vigilant than ever before, notes Colin Eccles, CIO of Webster Bank. He says information security is top of mind at Webster, and the bank works very closely with third parties regarding data security as well.
"In the past banks only had to rely on protecting themselves," he says. "Now you have to be vigilant with every third-party you work with. You can never be content"
Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio