Two years ago, I first told you about the arrest of Russian hacker Roman Seleznev who this week was convicted of hacking into small businesses accross the United States including many pizza parlors, stealing credit card information and selling it on the Dark Web to other cybercriminals. He even had a website in which he instructed would-be cyberciminals about how to use the stolen credit cards. Seleznev has been incarcerated while awaiting trial for two years and faces a sentence of up to forty years in prison.
What does this conviction mean to you and me? It is more of a reminder of how large the problem is. Hacking into retailers at point of sale terminals in stores has become a relatively easy task to accomplish and not only is it easy to accomplish, it does not even have to be done at the store. It can be done totally over the Internet by hackers anywhere in the world. Although the EMV smart card chip technology mandated for retailers and credit card companies in October of 2015 prevents attacks such as those of Seleznev from being effective, many retailers have still chosen not to comply with the regulations which are trade group regulations and not a government mandate. Therefore, the most prudent thing for you to do when shopping at a company that does not use your EMV chip card is to first, refrain from using your debit card for retail purchases so that your bank account is not at risk in a hacking attack It is important to remember that the rules protecting you from liability for fraudulent use of a debit card are not as strong as those that protect you from liability for fraudulent use of your credit card You also should monitor your credit card’s use regularly to discover any fraudulent use as early as possible.
This story is also a good example that the risk of data breaches is a risk to small businesses as well as large businesses. Often small businesses are targeted by hackers as the low hanging fruit because they have not taken proper security steps.