The Tale of Target Stores
Dennis Steenbergen
In late 2022, one of the largest retailers in the United States suffered a major credit card data breach, compromising the payment card information of millions of customers. The company in question is Target, which experienced a similar breach in 2013 that affected over 40 million customers. This most recent breach is reported to have affected even more customers, with estimates ranging from 100 million to 150 million.
Target responded quickly to the breach by launching an investigation, hiring a third-party security firm to assess the situation, and notifying affected customers. The company also offered free credit monitoring services to affected customers and increased its investment in cybersecurity measures. However, the financial impact of the breach was significant, with Target paying out over $100 million in settlements and other costs related to the incident.
This latest breach highlights the importance of adhering to the Payment Card Industry Data Security Standard (PCI DSS) to prevent such breaches from occurring. Key PCI DSS 4.0 security controls that could have prevented the Target attack include:
- Control 1: Maintain an inventory of system components
- Control 2: Develop configuration standards for all system components
- Control 5: Use and regularly update anti-virus software
- Control 6: Develop and maintain secure systems and applications
- Control 10: Track and monitor all access to network resources and cardholder data
Learn from their mistakes?
By following these security controls, companies can better protect their customers' payment card information and avoid the financial and reputational damage that can result from a data breach.
Looking to the future, there are several fintech technology trends that may make handling credit card numbers obsolete. For example, bio-metric authentication technologies such as facial recognition and fingerprint scanning could eliminate the need for physical credit cards altogether. Additionally, digital currencies such as Bitcoin and other blockchain-based payment systems offer an alternative to traditional credit cards that are decentralized and more secure. As these technologies continue to evolve, it's possible that credit card breaches will become a thing of the past.
The Target credit card data breach serves as a stark reminder of the importance of adhering to PCI DSS security protocols to protect sensitive payment card information. As the fintech industry continues to innovate and evolve, it's likely that we will see new technologies emerge that make handling credit card numbers obsolete, providing greater security and peace of mind for consumers and businesses alike. Be safe out there everyone! 😉
Looking to the future, there are several fintech technology trends that may make handling credit card numbers obsolete. For example, bio-metric authentication technologies such as facial recognition and fingerprint scanning could eliminate the need for physical credit cards altogether. Additionally, digital currencies such as Bitcoin and other blockchain-based payment systems offer an alternative to traditional credit cards that are decentralized and more secure. As these technologies continue to evolve, it's possible that credit card breaches will become a thing of the past.
The Target credit card data breach serves as a stark reminder of the importance of adhering to PCI DSS security protocols to protect sensitive payment card information. As the fintech industry continues to innovate and evolve, it's likely that we will see new technologies emerge that make handling credit card numbers obsolete, providing greater security and peace of mind for consumers and businesses alike. Be safe out there everyone! 😉
Who we are
PCI Live is a provider of information security and compliance management training solutions to large and small businesses throughout the world. PCI Live analyses, protects and validates an organization’s data management infrastructure from the network to the application layer – to ensure the protection of information and compliance with industry standards and regulations such as the PCI DSS and ISO 27001, and others. The company’s solutions include on-demand compliance training courses, career coaching, compliance gap analysis and business as usual quarterly checks. PCI Live is headquartered in Tennessee with offices throughout Europe.
PCI Live is a provider of information security and compliance management training solutions to large and small businesses throughout the world. PCI Live analyses, protects and validates an organization’s data management infrastructure from the network to the application layer – to ensure the protection of information and compliance with industry standards and regulations such as the PCI DSS and ISO 27001, and others. The company’s solutions include on-demand compliance training courses, career coaching, compliance gap analysis and business as usual quarterly checks. PCI Live is headquartered in Tennessee with offices throughout Europe.
Get in touch
-
info@pciliveconsulting.com
Copyright © 2023
Advance your career!
-
Get Listed on the Security Council Website
-
Competitive advantage
-
Public recognition as knowledgeable in the PCI Standard
-
Industry starting point
Thank you!