Merchant data security breaches–their effects on consumers and the reactions of retailers–were highlighted on a recent segment of NPR ‘s “All Things Considered.”

Reporter Aarti Shahani followed a security expert who was able to point out how easily a hacker could infiltrate a retailer’s point-of-sale network. EMC’s Davi Ottenheimer noted a card reader–similar to ones he had at home–connected to a tablet left unattended in a high-end retail store. At another large retailer, no one noticed that he was paying more attention to a computer plugged into the network than to the merchandise.

“A lot of times, a lazy approach to security is just to make information difficult to get,” Symantec security expert Orla Cox told NPR . “Just because you’re not talking about it isn’t actually making you any more protected.”

The incentives are small for retailers to take on more responsibility. They want to keep information technology budgets down, and they don’t have to pay, even if they are at fault. Financial institutions pick up the bill, Shahani said.

The Credit Union National Association, NPR noted, “is asking lawmakers to intervene, so that retailers are held to stricter security and disclosure rules.”

continue reading »