“The new details that Home Depot revealed Thursday about its data breach tell us a lot. We have come to a very real crossroads. Retailers have no choice. They must assume the perimeters of their computer networks WILL be breached,” Paula Rosenblum writes for Forbes. “Hackers continue to run one step ahead of retailers and their security experts and standards.”
“Home Depot, like Target before it, was compliant with industry standards, called PCI-DSS (Payment Card Industry Data Security Standard). In both cases, the bad guys entered the network perimeter by using a vendor’s login credentials,” Rosenblum writes. “Allowing vendors to access retailer networks is not a bad thing in and of itself. It has become more and more common for retailers to implement these ‘Vendor Portals.’ It saves both retailers and suppliers time and money on billing, information sharing and standards reviews. PCI-DSS does indeed specify that vendor portals must be separated from internal networks. And Home Depot had done so. But in this case, the bad guys exploited a hole in the Microsoft MSFT +1.71% Windows Operating System (most likely on a server) to “hop” across networks. Microsoft later patched that hole, but for Home Depot (and who knows who else!) the damage was done.”
MacDailyNews Take: Microsoft Windows. The gift that keeps on giving. Like dysentery.
“What should consumers do?” Rosenblum writes. “Don’t expose your credit card information to retailers at all. Yes, that means using Apple Pay…”
Read more in the full article here.
MacDailyNews Take: CVS, Rite-Aid and any other retailers that have blocked Apple Pay are playing with fire. Lawsuits will flow forth against them should they become the next Target or Home Depot. Sleep tight, CVS et al.
Related articles:
Class action lawsuit brewing against retailers who block Apple Pay – November 6, 2014
What Apple Pay means to Bank of America: Security – November 6, 2014
Apple Pay is nirvana for (smart) retailers – November 6, 2014
Entrepreneur warns retailers, restaurants, bars: Do not wait, jump on the Apple Pay bandwagon ASAP – November 5, 2014
Apple Pay fuels usage of long-moribund Google Wallet – November 5, 2014
After CVS and Rite Aid blocked Apple Pay, Schubert law firm launches antitrust investigation – November 4, 2014
Sorry, Walmart, CVS, Rite-Aid et al. — Apple Pay and NFC have already won – November 4, 2014
