Why Did Target Pass a PCI Inspection Just Before The Breach?


After the notorious data breach in December that compromised 40 million customers’ payment card numbers, Target has announced recently that just 3 months before this occurred; they passed its latest Payment Card Industry (PCI) inspection with flying colors. Clearly, this has come as a shock to many and has sparked many confused questions.

Target, which is based in Minneapolis, has joined the long and ever-growing list of retailers and payment processors that have passed their latest annual PCI inspection, only to report terrible breaches under a year later. The news of their passing of the PCI inspection came on the day when the Senate Judiciary Committee held the second of four Congressional hearings on cyber security and data breaches. John Mulligan, Target’s executive vice president and chief financial officer, said, “As recently as September 2013, our systems were certified as compliant with the Payment Card Industry data-security standards. Although it is often said that PCI inspections are simply snapshots that do not define if a merchant or processor is totally secure, Mulligan added that Target had a sophisticated anti-fraud system. Despite this, hackers still managed to penetrate this system with hard-to-detect malware.

Aside from discussion of the PCI inspection prior to the breach, numerous questions are now being asked about introducing chip cards to replace the vulnerable magnetic-stripe cards that have gone out of date almost everywhere except the US. It is clear that the serious data breaches have sparked a lot more motivation in terms of finally bringing in chip cards to the United States. Mulligan recently spoke to The Hill, a Washington publication that tracks Congress, and said, “Since the breach, we are accelerating our own $100 million investment to put chip-enabled technology in place. Our goal is to implement this technology in our stores and on our proprietary REDcards by early 2015, more than six months ahead of our previous plan.”

It is clear that the controversial data breach in Target’s stores affecting millions of its customers has really kicked everyone in to gear, especially where the situation with chip cards is concerned. Although it seems highly odd that the Minneapolis based company passed a PCI inspection shortly before the breach, at least everything is now being done to ensure as much safety as possible for its customers in the future.


Barclays’ Recent Data Breach Similar to Target Scandal – But is it Worse?


The recent revelation of how Barclays Bank managed to lose a significant amount of personal customer data has shocked the world. According to the Mail on Sunday, 27,000 Barclays customers fell victim to this by “rogue City traders” who somehow got hold of the information. According to the company itself, the data was collected from customers of its Barclays Financial Planning unit, which was closed in 2011. This unit used questionnaires to obtain data such as earnings, medical information, passport numbers and even National Insurance numbers. The real question to ask at this point is, why would so many customers would trust Barclays with this information? Why did they feel it was necessary to throw such personal information away? Of course, the customers are not to blame… but it cannot help to wonder.

Barclays had no choice but to make a statement on this appalling turn of events. They said, “Our initial investigations suggest this is isolated to customers linked to our Barclays Financial Planning business which we ceased operating in 2011. Based on what we have seen, this data appears to be from 2008 or earlier.” The spokesperson for the top financial service company also stated, “We will take all necessary steps to contact and advise those customers as soon as possible, so that they can also ensure the safety of their personal data. Protecting our customers’ data is a top priority and we take this issue extremely seriously. This appears to be criminal action and we will co-operate with the authorities on pursuing the perpetrator.” Clearly, Barclays have their heads screwed on correctly regarding this awful breach of customer data, and wish to keep their customers in the know as to what is going on at all times.

It comes as no surprise that the current situation with Barclays is often being compared to the recent breach of credit & debit card data at many Target stores across the US. The Target affair has resulted in thousands of customers receiving replacement credit cards with new account numbers from their banks, to ensure as much safety as possible. It is likely that all affected customers will be compensated for what happened eventually, which is sure to give them plenty of reassurance. However, the Barclays data breach is different. For those unlucky customers whose medical information has been obtained, stolen and sold – the damage is already done. It is becoming more and more apparent that this scandal is even worse than the terrible occurrences at the many Target stores.

Although Barclays are doing all they can to reassure their customers, it is clear that what’s done is well and truly done. Perhaps if they had known sooner about the theft of their customers’ personal data, things could be different and, maybe, a little bit better for everyone involved.

For High Risk Processing, contact us Today!


Banks to Decide Whether or not to reissue cards after Target Data Breach


Usually when someone’s debit information is stolen, their bank will issue a new debit card. However, since the massive data breach at Target, some banks are hesitant to reissue debit cards to customers. There are some banks that are stating that it can take a long while for new cards to be processed through the system, and since it is the holiday season and the cards will not be ready for usage until the new year. For others, they are not stating the holidays are a reason for a delay; they are just talking the “wait and see” approach.

Larger banks should be an analytical system large enough to detect and deter fraud before it happens. This can help customers, as the quick work by these banks will result in them not having to cancel their debit cards. For smaller banks, customers may have to cancel their cards. It is best for the customer to go ahead and cancel their cards, rather than waiting on the bank to decide for them. Most places that take debit cards will also accept a check, and those that do not will accept cash. Withdrawing cash from your bank should not be a problem, though  J.P. Morgan Chase did have temporary withdrawal and spending limits last week.

Check with your bank before cancelling your card to make sure of the time frame in which a new card will be issued. With the Target breach, there may be a delay in new cards being issues, regardless the size of your bank.

On the Target website, it states that if the breach concerns a Target RedCard (Target’s credit/debit cards), that you are to contact Target and not the bank stated on the card. This only relates to Target RedCards, and not debit cards that you have received directly from your bank.

If there is a positive aspect to the Target data breach, it is that banks, and Target, will reimburse any funds that are stolen from your account. While it may take time for the bank to verify your claim, it is better to get a late reimbursement than to not get anything at all.