Somebody just hacked into the computer systems of a major US retail firm and copied/swiped/viewed the VISA credit card numbers and purchasing information of approximately two million Canadians.
Um. So what?
OK, first, let’s review. Last week, it surfaced that hackers stole customer information from computer systems of TJX Cos., the U.S. parent firm of Canadian retailers Winners and HomeSense. Reports say as many as two million Canadian Visa card accounts were affected. The hack was discovered in mid-December and included transactions between 2003 and part of 2006.
There’s more. Another Canadian news item come to light last week when CIBC Asset Management said a backup computer file containing information about almost half a million of its Talvest Mutual Funds clients disappeared during an internal office move. CIBC said it appeared that none of the information was inappropriately accessed, but it was taking precautions to ensure its customers that their accounts would remain safe.
The actual theft or compromise of these systems isn’t news. It seems to happen a lot and makes for great headlines on slow days with non-technical reporters of the daily newspapers.
What IS news is when somebody actually uses your credit card and gets away with making a major transaction that YOU have to pay for. So far, I haven’t seen a single reported incident of where a regular, normal day-to-day Winners-VISA credit card carrier has been forced to pay for something that was purchased by the credit card hacking thief.
Not one.
However, let’s say somebody DID make a $700 purchase on your VISA card after obtaining the number illegally and the amount showed up on your next statement. Do you think you will pay it? Not a chance. You will call your MLA, MP, local mayor and hire Johnny Cochrane (well, maybe not THAT Johnny Cochrane) before you write the check for that; especially if you can easily demonstrate you didn’t make the purchase. Remember that any online purchase using a credit card contains the date, time and IP address of the purchaser. (And to coin a great Microsoft line: It’s not a bug! It’s a feature!)
Let’s take another example. How many of you have handed your credit card to a dozy, sinister looking waiter in a sleazy restaurant in Mexico or a dumpy bistro in Greece simply because the American Express logo was on the door? What is stopping that person from writing down your credit card number, expiry date and security code on the back or even photocopying your signature? Nothing.
Now, here’s the best part: Do you know why the thieves don’t use the credit card information? Answer: It is too hard to use, there is too much security and above all, it is way too easy for the enforcement agencies to catch the bad guys!
Having a list of stolen credit card numbers is the electronic equivalent of a regular bank robber who gets $10,000 in cash from an armed robbery. Generally the cash is stained with that secret dye the banks use for just such an occasion.
In other words, stealing data may be easy but using the data for profit is a different story. Rarely are they able to pull this off and even then it is insured; meaning the end users almost never gets hurt.
There’s a second aspect to all this; relating mostly to customer information and the security of such. Call me crazy but most run of the mill e-crooks find the buying habits of people quite boring. In fact, most of the time a system is hacked; it is by one company looking to gain an advantage over their competitor. In that case, you almost never hear of the hack.
Years ago, Sun Microsystems CEO Scott McNealy said “You have no privacy. Get over it.”
McNealy, no stranger to strong-but-true statements was absolutely correct then and maybe now, people will understand what he meant. He also should have said: “Get over it because nobody really cares about your data because they can’t do anything with it.”
Gregory B. Michetti of the Alberta-based systems integration firm Michetti Information Solutions, Inc. can be reached via www.michetti.com.
No comments:
Post a Comment