[WG-IDAssurance] FYI - Target finds recent data breach, advises customers to check card statements

Calatayud, Paul Paul.Calatayud at surescripts.com
Thu Dec 19 13:32:04 CST 2013

I used to head up PCI-DSS for Best Buy, and still know the key leaders within Target. Just had lunch with one of them today.
In the end, the banks need to update their systems to accept PLI, or encryption instead, merchants have to encrypt and follow PCI, but at the end of the day, send clear-text data to financial institutions. So I put the pressure on the banks and suspect they are partially the reason these issues will always be a problem.

Paul Calatayud | Chief Information Security Officer | Surescripts LLC |
O: 612.285.3612 | C: 503.575.6156 | paul.calatayud at surescripts.com<mailto:paul.calatayud at surescripts.com>

This E-mail and any files transmitted with it are confidential, may contain sensitive information, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error, please notify the sender by reply E-mail immediately and destroy all copies of the E-mail and any attachments.

From: wg-idassurance-bounces at kantarainitiative.org [mailto:wg-idassurance-bounces at kantarainitiative.org] On Behalf Of Bob Pinheiro
Sent: Thursday, December 19, 2013 10:33 AM
To: wg-idassurance at kantarainitiative.org
Subject: Re: [WG-IDAssurance] FYI - Target finds recent data breach, advises customers to check card statements

"Company spokeswoman Molly Snyder said customers who shopped at Target's U.S. stores during the should "keep an eye on their credit card accounts for any potentially fraudlent activity.""

"We take this matter very seriously and are working with law enforcement to bring those responsible to justice."

Please.  There will always be bad guys who take advantage of weaknesses in the system.  If US merchants and banks truly took these kinds of breaches "seriously" they would be moving more aggressively to replace outdated magnetic stripe credit/debit cards, which contains unencrypted information that can be easily stolen,  with chip and pin technology.    Instead of putting the onus on customers to monitor their accounts for fraudulent activity, merchants and banks need to get in synch with the rest of the world and move to chip and pin.    Even if consumers don't ultimately pay for funds stolen from their accounts, we're all subsidizing the criminals when this kind of thing is treated as part of the "cost of doing business."

On 12/19/2013 10:58 AM, Ken Dagg wrote:


WG-IDAssurance mailing list

WG-IDAssurance at kantarainitiative.org<mailto:WG-IDAssurance at kantarainitiative.org>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-idassurance/attachments/20131219/3b2ac5b6/attachment.html>

More information about the WG-IDAssurance mailing list