If you live in the U.S., you've probably heard about the theft of as many as 40 million credit and debit card numbers from Target customers between November 27th and December 15th. As with so many of these thefts, the first public disclosure came not from the merchant or card processor that lost the data, but from a third-party source. In Target's case, it was security researcher Brian Krebs who pieced together the story. Krebs buys credit and debit card numbers and other personal information from "darknet" sources on behalf of banks and other clients, and he noticed that a flood of numbers that apparently came from Target were available for sale. Theft of credit and debit card information has become a common occurrence in the U.S., and some researchers claim that as few as 5% of thefts ever get detected and disclosed publicly.
When I heard about the Target theft, I checked my banking records, and sure enough, I used my debit card there a couple of times during the period in question. So, yesterday, I drove over to my local bank branch, cancelled my debit card and got a new one. That was the third time in a little more than a year, and the second time in two months, that I had to cancel my debit card and get a new one. The first time was a scam at Barnes & Noble stores that involved replacement of point-of-sale credit card terminals in dozens of stores with hacked versions that sent complete transaction information, including PIN numbers, to hackers. The second time was due to the hack of Adobe's transaction processing system earlier this year, and now, it's Target for the trifecta.
Barnes & Noble, Adobe and Target are responsible for their security failures, but banks share some responsibility as well. These kinds of data losses are almost unheard of in Europe, where banks issue smart cards to their customers. Smart cards use two-factor authentication to insure that only the proper owner is using it, and encryption to keep anyone except the bank authorizing payment from either intercepting or saving the account information. Smart cards aren't in wide use in the U.S. because they're significantly more expensive than magnetic stripe cards, but, using me as an example, I have to believe that a single smart card has to be less expensive than six magnetic stripe cards (three temporary and three permanent replacements) plus the time of bank tellers, managers and phone customer service personnel spent processing and issuing those replacements. (Update, 12/22/13: According to Brian Krebs, reissuing a magnetic stripe credit or debit card costs from $3 to $5; Gemalto, one of the biggest smart card vendors, says that the average cost for a smart card with a microprocessor is $3.72. Even if that number is on the low side, it means that banks would be ahead of the game, or would at least break even, with smart cards vs. replacing mag stripe cards.)
Whether it's an encryption-based system or a "one-time pad" approach where the customer gives the merchant an account number issued by their financial institution that's good for only one transaction and is useless if anyone tries to use it again, the U.S. needs to move to a more secure and reliable method for credit and debit card transactions. The system we have now is no more secure than the weakest transaction system used by any merchant--which means that we have almost no security at all.
Showing posts with label Target. Show all posts
Showing posts with label Target. Show all posts
Saturday, December 21, 2013
Thursday, September 20, 2012
Amazon & Apple: Is their proxy war getting hotter?
Earlier today, according to Reuters, Walmart notified its store managers that the company would no longer carry Amazon's Kindle eReaders and tablets once its existing inventory and committed purchases run out. Walmart confirmed its decision with Reuters, but didn't specify the reason(s). In May, Target announced that it would no longer carry Kindles, and like Walmart, it never made an official public statement about the reason. However, CNN noted that Target had just been authorized by Apple to begin selling iPads, and that it planned to add Apple "mini-stores" within 25 of its locations.
There are two reasons being cited by observers as to why Walmart might have decided to drop Kindles:
There are two reasons being cited by observers as to why Walmart might have decided to drop Kindles:
- Amazon may not have offered Walmart a sufficient discount, or
- Walmart may see Amazon as an increasingly large competitor for general merchandise sales, and doesn't want to support a competitor any longer.
Both of these reasons make sense, and either one of them may be true, but let's sideline that discussion for a bit.
At Publishers Lunch Deluxe, Michael Cader reported on Apple's efforts to get evidence from Amazon for its defense in the government's eBook price-fixing case. According to Cader, Apple has been trying to compel the Justice Department to turn over the transcripts of interviews with 14 Amazon managers and executives. Those interviews weren't taken under oath. The Justice Department argued that the interviews are protected work product, and aren't subject to release. However, Justice has given Apple the names of everyone at Amazon who was interviewed, and said that Apple could take depositions directly from those people. In addition, the Justice Department has released all of its email communications with Amazon and all of the documents and data it received from Amazon during its investigation.
At Publishers Lunch Deluxe, Michael Cader reported on Apple's efforts to get evidence from Amazon for its defense in the government's eBook price-fixing case. According to Cader, Apple has been trying to compel the Justice Department to turn over the transcripts of interviews with 14 Amazon managers and executives. Those interviews weren't taken under oath. The Justice Department argued that the interviews are protected work product, and aren't subject to release. However, Justice has given Apple the names of everyone at Amazon who was interviewed, and said that Apple could take depositions directly from those people. In addition, the Justice Department has released all of its email communications with Amazon and all of the documents and data it received from Amazon during its investigation.
Apparently, Apple took up the Justice Department on its idea, and filed subpoenas to force the 14 Amazon employees to give depositions. Then, last Friday, September 14th, Amazon filed a motion in Seattle Federal court to quash the subpoenas, on the grounds that Amazon isn't a party to the litigation. This week, Apple filed a motion with Judge Denise Cote, who's in charge of all of the U.S. cases related to eBook price-fixing, to move Amazon's motion from Seattle to her court. Judge Cote is now considering Apple's motion.
I don't know that much about the law regarding who can and can't be compelled to provide depositions and discovery documents. What I do know is that if Apple does eventually get the right to enforce its subpoenas, Amazon is going to want to put strict limits in place to prevent any confidential information that's not directly related to the price-fixing case from being revealed to Apple.
That brings me back to the title of this post, and to my first point. Clearly, Apple and Amazon are competing in more areas, and in the U.S., Amazon is currently the only serious competitor to Apple in tablets, based on sales. Apple is widely rumored to be planning to announce a smaller iPad next month. Target dropped Amazon shortly after signing a deal to carry Apple's iPads, and now, a month before the smaller iPad's expected release, Walmart has also dropped Amazon's Kindles. Does that mean that Apple might have made Walmart's getting the small iPad conditional on dropping Amazon? It's certainly possible, but rather than getting into legally murky waters, Apple could have required Walmart to give its products a certain amount and type of display space--a very common condition in retail distribution deals. Walmart would have to get that space from somewhere, and "independently decided" (wink, wink, nudge, nudge) to take it from Amazon. Another perfectly legal option would be if Apple offered Walmart co-op funds if it did certain things (for example, PC manufacturers get reimbursed for part of their advertising costs by Intel if they include that four-note musical theme at the end of their commercials.) These payments amount to a discount--and if Target is already getting them, Walmart would be at a competitive disadvantage if it didn't get them as well.
All of this adds up to "shadows on the wall" suggesting a proxy war between Apple and Amazon:
- Amazon is using the Justice Department as a proxy against Apple to get agency terms and Most Favored Nation clauses terminated, and
- Apple is using Target and Walmart as proxies to hinder Amazon's ability to sell Kindles in stores.
If this "proxy war" model is correct, I'd expect Best Buy to be the next retailer to drop Kindles. Apple has dedicated sales space in most Best Buy stores, and a lot of leverage over the retailer. In addition, Amazon is a strong competitor to Best Buy, so there's plenty of reasons for Best Buy to stop selling Kindles.
You may say that this is all paranoia, and you may be right, but I've spent enough time in high tech to know that everything that's happened so far is right out of the Silicon Valley playbook.
Friday, October 15, 2010
Apple's iPad goes mass market
Last week, Bernstein Research announced that the iPad has become the fastest-selling consumer electronics product in history, and an analyst from Ticonderoga Securities who spoke with one of Apple's component suppliers said that the company is gearing up to sell 45 million iPads worldwide next year. Apple's putting in place a distribution channel that will be able to sell that many iPads. By the end of this month, Apple will have at least tripled the number of stores selling the iPad in the U.S. since it was first launched earlier this year, and one of the new distribution deals is a harbinger of much bigger deals to come:
- Starting today, iPads will be on sale at Wal-Mart and its sister warehouse store chain Sam's Club, both in-store and online (although online customers will have to go to their local Wal-Mart or Sam's Club to take delivery)
- Target, Wal-Mart's biggest competitor, started selling iPads earlier this month
- Best Buy, the largest consumer electronics retailer in the U.S., started selling iPads a few months ago
- AT&T will begin selling iPads in its stores by the end of the month, and will offer services to help businesses develop their own iPad apps and integrate iPads into their operations
- Perhaps the most important news is that Verizon will also start selling iPads in its stores by the end of October, but with an interesting twist. Apple doesn't have CDMA-compatible iPads avalable (CDMA is the mobile standard that Verizon and Sprint use), so Verizon will sell WiFi-only iPads in a bundle with its MiFi mobile hotspots, at exactly the same price as the equivalent 3G GSM iPads already on sale. Like AT&T, Verizon will offer the iPad/MiFi bundle contract-free; users can sign up for wireless data service on a month-to-month basis, at rates that are the same or better than AT&T's. The Verizon bundle is even more flexible because the bundled MiFi can be used as a WiFi hotspot for other devices as well.
Subscribe to:
Posts (Atom)