It was about this time last year that hackers were tunneling into Target'spoint-of-sale network system. Their prize was more than 40 million consumers' credit and debit card information.
That episode – and those that followed – should remain in consumers' minds as they jump into another holiday shopping season. They are vulnerable both in brick and mortar stores and in the online marketplace when they pay with plastic.
Larry Bridwell is the global security strategist at password management software provider Sticky Password. For more than 18 years he has been intimately involved with electronic security issues, including computer viruses, malware, Internet security threats, network protection, endpoint security, and cybercrime.
These days, he says consumers can face just as big a threat when they used a credit card at the mall as when they shop online.
Targeting retailers' networks
“What we've seen over the last 18 months to 2 years has been the larger loss of personal and financial data hasn't come from the individual being tricked into doing things like clicking on links or providing information like we used to see,” Bridwell told ConsumerAffairs. “It's because there's been a security breach at the point-of-sale services.”
And many of these breaches have occurred in same ways individual consumers were victimized in the past. A hacker was able to penetrate a network and download malware to steal sensitive data.
In some of the earliest breaches, Bridwell says very important security protocols simply fell through the cracks.
Didn't change the password
“You have a network server somewhere for the point-of-sale and what we've seen in some of these attacks is that the retailer still had the administrative password that was in place when the system came in,” he said. “For many network routers that come from the factory the login might be 'admin' and the password might be 1-2-3-4.”
If a simple login-password combination like that were left in place, even a novice hacker could quickly figure it out. Sometimes the retailer might not even manage the point-of-sale network, subbing that out to the vendor that sold them the equipment.
Today nearly all major retailers have taken a lesson from recent breaches and beefed up network security. Just like a burglar who will keep walking past a house with lights on and a barking dog, hackers will keep looking for unprotected networks.
So how can consumers make sure they don't appear as low-hanging fruit in the eyes of a hacker?
“First of all consumers need to make sure that the computers they're using are kept up to date with the latest patches that are available for their operating system and browsers,” Bridwell said. “There has been some testing by Microsoft which shows that machines kept up to date were up to 70% less susceptible to malware.”
It's also important to have a good quality antivirus or antimalware security suite installed on all computers. Having strong passwords is also important, which is the business Bridwell is in – password management.
“We need to have good, unique and secure passwords for each place we go online, especially for credit cards and other financial sites, yet how many of us can remember all those different passwords?” Bridwell asked.
Sticky Password is a system that generates passwords for all of a consumer's accounts. A master password – the only one a consumer needs to remember – is then used to access all accounts.
Beyond that, Bridwell says staying secure during the holiday season and after is often just a matter of common sense.
“Just try to make sure you go to legitimate websites and don't click on links that come to you in an email,” he cautioned. “If it's your bank and there truly is a problem, don't click the link in an email, just log into your bank account they way you normally do so you don't end up on a false location.”
When shopping, it's usually best to use a credit card instead of a debit card, whether in a store or online. If a hacker steals your information, there are more consumer protections with a credit card.
It's also important to check bank and credit card statements carefully. If you spot an unauthorized change, notify the issuer immediately to limit liability.