We are slightly better off than the States because of our more widespread use of “Chip and PIN” technology.

Some of you may be aware of the data breaches in both the United States and Canada. Big names like Target and Home Depot breaches crossed from the states to our backyard.

Home Depot for the most part is at least working on damage control by offering free credit monitoring for a year.

As a side note, if you did use a credit card or bank card at Home Depot, I would highly recommend you check this out: Home Depot Statement. There is instructions on how to get the free credit monitoring for a year.

Most people that I talk too want to know:

 

How does this happen?

The easy answer is that retailers are a very big and lucrative target. Compromising a system on that level is worth a significant amount to a criminal enterprise. Security is being improved in the retail space to incorporate “Chip” technology. That little gold square on your credit and debit card. In a nutshell that adds “more” protection than the old fashioned magnetic strip on the back.

Magnetic strips carry a significant amount of data, and they are they are processed without any base level encryption. They can be relatively easily copied and cloned often with easy off the shelf parts.

These magnetic non “chip” transactions are being phased out. In Canada we have had the chip called an EMV along with most of Europe for a while. The big issue is that the States has been slow to adopt. Credit card companies and banks are chiming in and are telling retailers that past a certain date, if they don’t convert to the new EMV readers then any fraud is their responsibility.

Soon all readers will be upgraded to read the EMV. (Including my beloved Square).

My advice to small businesses is use chip and EMV transactions whenever possible to protect yourself and your business. Have your credit card processing occur with retail point of sale terminals that are chip enabled. Once Square and the other manufactures offer a chip reader (instead of the current mag strip reader) its highly recommended that you switch over as soon as possible.

For a quick primer on cut over dates set by the card issuers click here.  (It is worth noting that these have been changed a few times already)

How do I protect myself?

There are a few tips you can use to help lower your risk.

1) NEVER give out your pin to anyone, OR write it down

2) When entering your pin, use your other hand to cover it (this defeats skimmers that use a reader to capture the number and a camera to catch the pin you enter)

3) Check your statements! If you notice something you don’t recognize, call the number on the back of the card and ask them. Banks and credit card companies will often catch fraudulent use, but in the end, its your card, check it!

4) If someone ever calls saying they are from your bank, NEVER give them any information. Thank them for alerting you, and tell them you will call the number on the back of your card. If the bank really wants to get a hold if you, your account will be flagged and that number will eventually get you to the security department.

If you ever “need” to share a card, talk to your bank, many banks offer deposit only or limited access accounts for individuals and businesses. They would much rather provide you a solution over you sharing your card and pin. (Plus if they find out that you did share your PIN and card, YOU are often on the hook for any fraudulent use.)

Once everyone switches over to EMV everywhere will I be safe?

Nope, and that is simply the way things work in IT security. Any lock or security measure is only as good as the existing counter measure. Better lock comes first, then a better lock “pick” will show up. This is even more true when you are dealing with computer code that is, at its base level, just two numbers: zero and one.

The best thing is to follow the tips above and when in doubt, call the number on the back of your card if you suspect your credit card or banking info is being used without your permission. Let THEM handle it 🙂

Where can I get a really detailed explanation of how people got into Target and Home Depot?

The inspiration of this article came from customer questions and an article on wired.com which you can find here:   RAM Scrapers