Every fire needs fuel, and Provo-based Qualtrics just stockpiled enough fu...Read More
Leap of Faith
Power from Above
On the Fast Track
A Generation on the Move
Buy it Back
A More Perfect Union
Around Utah October
A Tale of Two Regions
Human Resources Roundtable
Scrud’s Gourmet Grub: Innovation on a Bun
America First Credit Union
Paying Tribute to Unsung Heroes
Around Utah October Facts
Retail Data Breaches Leave Consumers Feeling Insecure
By Spencer Sutherland | Illustration by Bryan Beach
October 7, 2014
It’s hard to remember a time when the internet wasn’t everywhere—on our phones, our TVs, our cameras; in trains, restaurants and car repair shops. Back in the “old days” of the internet—think the early ‘90s—the web was just a novelty to many, while others believed it was a passing fad. Sure, it was great for sending emails or chatting with far away friends and family, but it wasn’t used for anything too serious. Making a purchase on a website seemed risky, and online banking—where you trusted all of your financial information to be safe on a computer—was virtually unheard of.
Obviously, times have changed. In 2013, more than 190 million Americans made a purchase on the internet. Many consumers have decided online shopping is much easier and far less time consuming than driving to a store, finding the product they want and waiting in line to pay for it. And with the recent outbreak of data breaches at physical retailers ranging from Target to The UPS Store, it seems like online shopping might be safer, too.
But before you trade in your grocery store rewards card for an Amazon gift certificate, it’s important to understand that personal data can be compromised no matter where you shop, which is why it’s important to always take proper safety measures. So far in 2014, the United States has seen 505 data breaches that have affected more than 17 million people, according to the Identity Theft Resource Center.
To Swipe or Not to Swipe?
Though physical retailers are taking much of the media scrutiny for security breaches (not to mention facing the financial consequences—Target’s data breach cost the company an estimated $148 million in profits), the data wasn’t really compromised in the store.
“Once you swipe your card, your information gets transmitted—but it also gets stored,” says Matt Might, associate professor at University of Utah’s School of Computing. “Once it gets in a database somewhere, if someone can gain unauthorized access to the database, they can steal the contents, including credit card numbers and personal information.”
In Target’s case, an HVAC company was given access to the retail chain’s database so it could remotely log in and perform efficiency updates to the store’s cooling system. After stealing an HVAC worker’s credentials, hackers were able to get into the database, install malware, and compromise the data of more than 70 million Americans.
When you swipe your credit or debit card at the register, it’s impossible to know how serious the retailer is about protecting your data. However, companies are regularly reminded through the failures of others that if they want to keep customers, they need to keep personal information safe.
“There is no question the recent high-profile breaches have caused us to re-emphasize our efforts around protecting our customer’s data,” says Wade Judd, vice president of information technology at Associated Food Stores. “It has also helped customers to be more aware of the need on their part to be more careful with their information.”
To live up to the increased scrutiny, Judd says his company is taking added precautions throughout its stores. In addition to training its frontline employees to protect card information and to be aware of anything that seems out of place or unusual, Associated Foods has implemented end-to-end encryption to minimize any vulnerabilities and does not store any card data, Judd says. The company also works with a third-party data security and compliance vendor to consistently test and eliminate potential vulnerability risks.
Even with all of these precautions, Associated Foods also makes sure to prepare for the worst. “We have also implemented plans on how to respond to and communicate with those affected in the case of a breach at one of our locations,” Judd says.
Mobile Users Beware
Not all credit card fraud happens on the same large scale, but for the victim, the outcome is just as damaging. Rather than waiting for personal data to make its way into a database, some hackers prefer to steal it in transit. “A more lo-fi way is hanging out in a coffee shop and watching for unencrypted transactions, or easily crackable transactions, going over a wireless network,” Might says.
One of the perks of a wireless world is the ability to do work whenever you’re connected to the internet. Unfortunately, the convenience of free public Wi-Fi at coffee shops, airports and fast food joints comes with added security risks—primarily the lack of encryption.
Though your neighbors can see the name of your personal Wi-Fi network when they drive past your house, the network’s encryption keeps them from spying on your internet activity. When using a public network, digital snoopers can see the unencrypted pages you’re viewing and what personal information you’re typing into unencrypted web forms.