Want to avoid the next big data breach? Expert says use cash
BY JON SEIDEL Staff Reporter firstname.lastname@example.org October 24, 2012 8:56PM
This Barnes & Noble store at 1130 N. State and seven others had their security breached by hackers. Wednesday. October 24, 2012 | Brian Jackson~Sun-Times
Updated: November 26, 2012 7:13AM
Customers jarred by news that credit and debit card devices at seven Chicago-area Barnes & Noble stores and 63 nationwide have been tampered with have at least one option for defending themselves, an expert said.
“The simple answer is pay cash,” said Jacob Furst, a professor at DePaul University specializing in information security.
Barnes & Noble has warned its customers to check for unauthorized transactions and to change their personal identification numbers, or PINs. It didn’t say how many accounts may have been compromised, but it said only one of the “PIN pad” devices was tampered with in each of the compromised locations.
Those locations include the Chicago stores at 1130 N. State and 1441 W. Webster, and the suburban locations in Crystal Lake, Deer Park, Deerfield, Evanston and West Dundee. Adam Didech dropped in and bought three books Wednesday at the State Street store, where he’s shopped for more than a year. He said he’s pretty protective of his bank and credit card accounts and monitors them regularly.
“I don’t use my credit card for a lot, and so it’s pretty easy for me to get a sense of when something’s gone wrong,” Didech said.
That’s exactly the kind of advice Furst would have for consumers who insist on using plastic to make their purchases. Credit and debit cards are convenient, but he said the trade-off is security. And he said the credit card companies have put pretty sophisticated software in place to help catch fraud.
“Generally, the more convenient something is, the less secure it is,” Furst said.
University of Illinois at Chicago computer science professor Robert Sloan agreed, based on what was known about the Barnes & Noble breach Wednesday morning, that there’s little the retailer’s customers could have done to protect themselves. He compared purchases on the PIN pad devices to handing a credit or debit card over to a waiter in a restaurant — who could take it aside and jot everything down.
“It’s not especially a different risk than the one we take in the old-fashioned physical world,” Sloan said.
John Dudek, head of services for Black Diamond Technologies, said consumers could always run a retailer through a search engine to see if it has ever been compromised.
“You really are taking your information and trusting it with the company that has it,” said Dudek, who was at Roosevelt University for a roundtable discussion planned around October’s Cyber Security Awareness Month label.
While Barnes & Noble became Wednesday’s poster child for cyber security, other major retailers have fallen victim to data breaches. So when faced with the question of what retailers could do to protect the consumers, Sloan pointed to the card readers or PIN pads and said their manufacturers might actually carry some blame in the Barnes & Noble case. They shouldn’t be so easy to tamper with, he said.
He also said cyber security could be bolstered nationally in two ways — improved infrastructure and encryption of customers’ personal information.
“The problem is generally not at the very end point where retailer meets consumer,” Sloan said.
Hillary Lake, the owner of a cleaning service who also ducked into the Barnes & Noble on State Street Wednesday, said she’s heard her customers complain that their credit cards have been compromised at other businesses. She said her credit card processing company just bulked up its security measures and had her do the same. Unfortunately, she acknowledged there’s only so much that can be done.
“This day and age,” Lake said, “it’s something that happens.”