In what’s yet another reason to make you want to cut your credit cards into a thousand pieces and toss them in the air like a financially frazzled version of Mary Tyler Moore, it seems that the security breach that’s affected Neiman Marcus may be more serious than everyone thought.
We’re sure you’ve heard that—earlier this month—it was reported that Neiman Marcus had fallen victim to a data breach, though the number of shoppers affected was unclear. We noticed today that the department store posted a small banner on its website above the scrolling main image, as you can see below.
Once you click into the alert, you’re taken to a post that details how some customers’ payment cards were used fraudulently, and that malware was “clandestinely” installed on the store’s system that actively attempted to collect or “scrape” payment card data from July 16, 2013 to October 30, 2013.
The site also wrote that during those three months, roughly 1,100,000 customer cards were potentially visible to the malware. To date, Visa, MasterCard and Discover notified Neiman Marcus that approximately 2,400 customer payment cards used at both Neiman Marcus and Last Call stores were subsequently used fraudulently.
Didn’t shop at Neiman during that time period? You still might get an alert from the retailer, as it’s planning to notify all customers who shopped at the department store between January 2013 and January 2014 (if they have your email and address on file.)
This development comes after Target, another major retailer, announced that its security system had been massively compromised, and that the hackers who stole credit and debit card information during the holidays also lifted names, addresses and phone numbers of 70 million customers—key information that could put shoppers at risk for identity theft.
So, why is this happening on such a massive scale? Some experts say it’s because the U.S. hasn’t adopted the widespread use of more secure credit card technology in the form of chip-based “smart cards” on which account information is encrypted and stored in an embedded microchip, as opposed to a standard (and way less secure) credit card magnetic strip. As Today.com pointed out, most point-of-sale transactions with smart cards can’t be authorized without a PIN code, which is why it’s called “PIN and Chip” technology.
According to Today, Matthew Shay, president and CEO of the National Retail Federation sent a letter to the leaders of Congress, calling on the banking industry to switch from easy-to-hack credit card to the more secure PIN and Chip system, which is used throughout Europe.
“As long as bank cards continue to be issued with outdated and fraud-prone magnetic stripe (and signature) security, it is clear American card holders will remain largely unprotected,” he wrote.
While there have been some compelling arguments detailing why smart cards probably wouldn’t have stopped the Target breach, it seems every finance expert is in agreement that they still need to be implemented.
As for why the United States hasn’t jumped aboard the smart card train, it’s likely because retailers and card issuers have been worried that the cost of adopting the technology— estimated around $15 billion to $30 billion—would be more than the cost of the fraud it actually prevented, reported the New York Times.
Although, that was before all these mega-breaches started happening, so it’ll be interesting to see how fast we adopt the safer technology.
Since this is an arena that’s downright packed with facts and figures, we suggest you head over to Smart Card Alliance, an excellent hub for information about the technology.