= Subscriber content; or subscribe now to access all American Banker content.

Target Security Staff Raised Alarm Before Data Breach: WSJ

Target's cybersecurity staff urged the retailer to review the security of its payments system at least two months before hackers compromised its network, according to a report in the Wall Street Journal.

At least one Target intelligence analyst recommended that the store conduct an in-depth review of its payment systems' vulnerability to malware, a former employee told the Journal. But Target initially postponed the review, leaving it exposed to the attack that compromised 40 million cardholders' credit and debit card numbers and 70 million customers' phone numbers and email addresses. 

Target was updating its payment terminals at the time of the warning, "a process that can open security risks because analysts would have had less time to find holes in the system," according to the Journal. The retailer was also preparing for the holiday rush season.

Target did not immediately respond to a request for comment or confirmation.

The hackers behind the data breach appear to have plotted the attack for months in advance, according to an article published this week by security expert Brian Krebs, who first broke the news of the Target data breach. The fraudsters used the password of a heating, ventilation and air conditioning vendor, Fazio Mechanical Services, to penetrate Target's network, according to Krebs.


(2) Comments



Comments (2)
It is the banks that end up paying. Merchant doesn't pay for accepting a counterfeit card, of course Visa/MC doesn't pay, and the customers doesn't pay, so the bank ends up paying. Then the changes that Visa and MC made last year taking away the bank's chargeback rights if there was a card present, whether it is a legit stolen card or a manufactured counterfeit card. Things are stacked against the bank, so they are left having to do whatever they can to catch and prevent fraud which ends up sometimes inconveniencing the customer.

Start sharing those losses between the merchant, Visa/MC, and the bank, and you will start to see some real actions that reduces fraud throughout the whole channel.

Yeah, yeah, EMV cards in Oct 2015. I'll believe that when I see the exclusive or a majority use of EMV cards. But then the fraud will probably switch to online transactions.
Posted by Mark K | Tuesday, February 18 2014 at 11:21PM ET
Target should be responsible for the costs their lax managment has caused the banking industry. It is interesting to note that most all of the breaches of card information is coming from merchants not the banks. Yet, it is the banking industry that pays for the loses in two ways, first in cost of reissuing cards and second in paying the card holder for loses incurred on the card. The merchant keeps their money and Visa, Mastercard etc. retain their processing fees. The banks that issue the cards are stuck. Visa, Mastercard etc. should have to be responsible for the loses and they would change their rules right away.
Posted by Alfred Kreps | Tuesday, February 18 2014 at 2:59PM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.