Blog
We are at war, and I'm cashing up!
February 27, 2014 by Richard Buckle — Founder and CEO, Pyalla Technologies, LLC
We are at war and I'm cashing up!
I have been on the road this past month catching up with clients on the West Coast. However, it's been hard to miss the hoopla following the fraudulent attacks on some of our biggest retailers.
At one point in my travels, I had to extend my time away from home, so I stopped by the local Target store to pick up essentials. As I approached the checkout counter, I have to admit, I was of two minds. But I told myself, what the heck, and pulled out my personal debit card and entered my PIN.
Returning to my car, I passed a wall of ATMs and wondered whether I should have pulled cash from one of them and paid for my purchase with fresh, clean bills. After all, banks have been protecting transactions for decades, and despite an attack or two, from my own knowledge of what the big banks have been doing to protect themselves, I feel a little more at ease interacting with their networks.
On Feb. 11, USA Today published the story, "Target breach helps usher in new world of data security — merchants look for new and improved payment technologies." At one point, the article suggested, "Crooks, experts say, focus on retailers over banks and other financial institutions with their own treasure troves of consumer info because traditionally, the latter more aggressively protect that data."
Why is that? "The common mentality (has been) do as little around security as they can in order to just get by," Eric Chiu, president and co-founder of security company, HyTrust, said in the article.
Why? "Profit," Chiu said. "Every company is trying to do more with less."
But turning a wealth of technology at our fingertips into actionable insight isn't about saving money — and security does take money.
"What is somewhat unique about IT security is that a small, very minor mistake can make all the difference for success or failure of your IT security," said comForte CTO, Thomas Burg. "The fact remains that in IT security 'about right' can often mean 'completely wrong.'"
In a January post to the NonStop community blog, I referenced recent comments by HP CEO, Meg Whitman, that sum up our current situation perfectly. When the subject of security was raised, Whitman told webinar participants that we are in an arms race.
As I said in that post, I cannot imagine a better description of what's taking place; you can raise the bar but it simply creates a new objective for the bad guys, and they will eventually find a way over.
The USA Today story quoted Hugh Thompson, senior vice president and chief security strategist at Blue Coat, a security company whose technology is used by 86 percent of Fortune 500 companies.
"It's always been an escalation of arms," he said. "Attackers advance, defenders advance. I think what we're moving to in the security industry is this idea that, yes, we're going to continue to advance around prevention, but we're also going to build a strong competency in being able to recover quickly if an attack does occur."
"What we've seen in the last 10 years is a professionalism increase in the hacker community."
There's much discussion about the need to accelerate our adoption of EMV, for instance. And I am all for that. But it's just a starting point. I support the EMV/PIN approach and the lessening of dependencies on signatures, which is "so 20th century," as I heard one analyst say recently.
Among the payments vendors that are my clients, the sentiments are much the same.
"Like all vendors, we are concerned too about what we read. Fraudulently obtaining cardholder information gets everyone's attention in a hurry," Brian Miller, VP and GM of Lusis Payments Inc., told me in a recent exchange. "And we are no less engaged in working through the issues than anyone else."
OmniPayments Inc. CEO Yash Kapadia said, "While it may be true that security will be a problem for all in IT — vendors and users alike — there are steps that can be taken to make life for the bad guys a lot harder."
The USA Today story introduced Levi Zimmer, 27, an interview subject who wasn't directly affected by the Target data breach, but had family members who were. Since the breach, the article said, "[H]e's started using cash for groceries, restaurants, bars and drugstore purchases — generally for anything that costs less than $200."
Zimmer told USA Today that he probably will continue to carry cash "until that time I get punched and robbed with $200 in my pocket. One way or another, thieves are going to steal."
Like Zimmer, I will also consider carrying more cash. My wife, Margo (formerly, a VP at a security company, and knowledgeable about erecting practical defenses), and I both have debit cards tied to separate checking accounts that never hold more than $500. However, that's brought additional overhead into our lives — I have to be sure to check balances and top them up from my PC even as I think about what next to write.
Thieves are going to steal. Hackers are professionals, albeit on the other side of the table. It's an escalating arms race, so yes, we are at war.
It seems that the lowly ATM has become our best defense in the over-commercialized retail world we live in. Before buying your next pair of socks, emergency or not, take a few extra seconds to scout out the nearest ATM, because more people might be looking at your credit card than you can possibly imagine. As for me I'm going to be as cashed up as I can be!
About Richard Buckle
Richard Buckle is the founder and CEO of Pyalla Technologies, LLC. He has enjoyed a long association with the Information Technology (IT) industry as a user, vendor, and more recently, as an industry commentator, thought leader, columnist and blogger. Richard participates in the HPE VIP Community where he is part of their influencer team.
