With all of the breaches at major retailers, is it actually safer to shop online these days?
This question was answered on December 3, 2014. Much of the information contained herein may have changed since posting.
It’s not your imagination that large data breaches are being reported by major corporations and retailers on a more frequent basis.
According to the Privacy Rights Clearinghouse, 931,358,613 records have been breached from 4,456 data breaches made public since 2005.
One of the reasons you’re hearing more about retail breaches is because the value of the data compromised at the actual point of sale or cash register is significantly higher than data stolen from an online retailer.
The primary reason is stolen online credit card info can only be used online, while the data stolen at cash registers allows criminals to create counterfeit credit cards that can be used anywhere.
Stolen ‘magstripe’ data (from the magnetic stripe on the back) includes additional security data that isn’t transmitted during an online purchase.
One of the upcoming security measures known as ‘chip and pin’ will likely make point-of-sale attacks less desirable for criminals, but until the entire industry converts, offline retailers will continue to be targeted.
I won’t be surprised if we hear that one or two additional major retailers was breached during this holiday season exposing tens of millions of credit cards.
To address your question about online vs offline purchases, if we look at the press releases from the most recent major retailers after their breach was discovered, most reported that online customers were not affected.
Specific to this recent targeting of point-of-sale devices by large criminal organizations, you can easily make the claim that shopping online (with the hacked retailers) was safer.
In general, I’m personally more comfortable making purchases online because the entire transaction has a structured security process and no other humans are involved.
To be clear, I’m not saying that online retailers are not targeted by hackers and you’re credit card information won’t ever be compromised if you only shop online.
Any large organization that deals with millions of dollars of credit card transactions per day will always be a target and thieves will always explore every possible means to breach whatever security is in place.
But for this holiday shopping season, I’m definitely more comfortable shopping online from a security standpoint.
One of the biggest concerns about all the recent retail store breaches is that they weren’t discovered by the compromised retailers, they were discovered by security experts that monitor underground websites that sell stolen credit cards.
When large volumes of credit cards hit the black market, credit card issuers can analyze the transactional data to see if there are common links to a specific retailer to help uncover the source of the breach.
Target operated for more than two weeks before discovering the breach, while Home Depot went nearly 6 months without knowing that they had be compromised.
Whether you shop online or offline, don’t use a debit card and whenever possible use any of the more secure methods such as Apple Pay, Google Wallet, PayPal or the chip on your credit card (if you have one) instead of the magnetic stripe.
About the author
Posted by Ken Colburn of Data Doctors on December 3, 2014