First it was Target and the world was shocked at how easy it was for a massive number of cards to be stolen.  Then there was Michaels, P.F Chang’s, Home Depot and Staples (among many others) and 2014 is the year of the data breach, and no one is surprised to see their card get stolen from a POS and shared on the internet.

“It’s easy for hackers to get access to consumer credit card information – they are all trying to plug those holes but there are antiquated systems with open ports and can download clear text consumer information,” Tokenex founder Alex Pezold told PYMNTS Retail Reinvention week’s panel on DATA Security.  Pezold was joined by Shopkeep co-CEO Norm Merritt and Brighterion’s Dr. Thomas Rand-Nash.

The fear of antiquated technology was a common theme on the panel.

“The mentality has been not to mess with it if it’s not broken.  But now it’s broken,” Dr. Rand-Nash observed.

Yet fixing what is broken is often easier said than done.  EMV is an example the panel alluded to.  EMV could help with card present fraud, but the panelists pointed out that this will only give cybercriminals a reason to take their act on the road, so to speak, and move on to the world of card-not-present fraud as that will present the easier target.  Moreover, Pezold noted, while EMV adds one more reason for merchants to “bite the bullet and make upgrades to their security systems,” those upgrades are not cheap, and must might not pencil out as worth it for small retailers, even with the liability shift coming in about a year.

“You don’t want to spend a million dollars to protect a penny.”

continue reading »