Arts and Crafts store Michaels recently issued a new report telling us all what we already knew, which was that between May 8, 2013 and February 27, 2014, Michaels and a subsidiary named Aaron Brothers were hacked by cybercriminals who stole credit and debit card information of 3 million of their customers. At the end of 2013 and the beginning of 2014 we became aware of similar data breaches at Target and Neiman Marcus as well. Although these are the large data breaches that made the news, the FBI has indicated that more than twenty retailers were hacked and there may be more that we have not even discovered yet. In fact, many hackers now are focusing their attentions on smaller retailers whose security may not be as good as larger retailers. In the data breaches of Michaels, Target and Neiman Marcus the malware used is called POSRAM Trojan which is a memory scraper that steals the information from the magnetic strips of credit cards and debit cards when it is swiped through the terminal before it is encrypted for transfer. In the Target breach and many others, investigators are finding that the malware is put into the victim’s computer systems through initially hacking into the computers of third party vendors that have access to the computer systems of the larger stores. In the case of Target, it was their heating and air conditioning company that was the victim of the initial hacking that enabled the hackers to, in turn, get access to Target.
So what can you do? How do you defend yourself?
The first thing to remember is to limit your use of debit cards to ATM machines. Debit cards do not provide the same consumer protection from liability that credit cards do and even when they do, it is more time consuming and inconvenient to straighten out your debit card account when you are the victim of a hacking. When retailers finally get around to implementing the EMV chip technology used everywhere else around the world, the type of hacking we saw used against Target, Michaels and Neiman Marcus will no longer be effective, but until then, you have to recognize that regardless of how careful you are when you use your credit card, you are in danger of identity theft. Make sure that you check your credit card balance often to recognize early on if you have become a victim. Meanwhile, retailers have got to start doing a better job of isolating the parts of their computer systems that deal with processing credit and debit cards. Presently they are just too easy to hack. Finally, retailers have got to get better at educating their employees about clicking on links and downloading attachments in emails that promise games, videos, music and pornography that entice employees to download the malware used to effectuate these hacks.