When Target’s point-of-sale system was hacked during the winter holidays last year, resulting in approximately 40 million customer credit card and debit card numbers being compromised, the chain store suffered from scathing articles and customer feedback reports for months. Consumers were furious that the store could allow such a huge security breach to occur, and that company executives could let so much time pass between the initial breach and their official confirmation of the breach, thereby allowing the hackers more time to use the stolen information.
The backlash from Target’s POS security woes was sure to make national retailers re-examine their own security measures, American consumers had assumed.
But chain stores continue to fall victim to dedicated hackers, and The Home Depot appears to be the latest high-profile case — and its security breach is now confirmed to be bigger than what Target experienced.
In an official statement released by The Home Depot on September 18th, the company confirmed that malware had been installed in POS systems used by stores throughout the U.S. and Canada, and that an estimated 56 million card numbers were stolen. The company states that the malware is believed to have corrupted store POS systems between April and September 2014, but that cards used in online transactions do not appear to have been stolen. Additional information, such as PIN numbers and account numbers, seems to be safe as well.
The most interesting, albeit slightly frightening, part about this breach is the fact that the malware used seems to have been completely custom-made. The Home Depot has been working with the U.S. Secret Service to investigate the incident, and investigators are reporting that the malware used in this breach is unlike that used in any previous retail store hack.
Along with removing the malware from its POS systems, The Home Depot has vowed to install new encryption software on its registers in order to protect customers, and the company is offering to pay for identity protection services for any customer who thinks that they may be at risk from this particular incident.
In addition to the new encryption software, the company’s statement notes that The Home Depot has been participating in research for high-tech “chip and PIN” technology, which offers another layer of protection for card users by completing transactions via microprocessor chips, rather than with magnetic strips. This technology is already used in many European stores, and Home Depot stores in Canada have begun incorporating systems that work with the three participating credit card companies (EuroPay, MasterCard, and Visa).
Although it’s important to note that a particularly talented cyberhacker could potentially still break into new software, POS developers and security analysts both agree that newer POS systems and software updates possess more security features to protect customers.
“Credit card security is a constantly ongoing game of cat and mouse, where the retailer and POS solution providers need to stay one step ahead of the game,” says Mike Gross of Retail Management Solutions. “Yes, the new chip-and-pin credit card technology will help, but that will only diminish counterfeit credit cards. To reduce fraud at the POS register, solutions such as our End-to-End encryption technology, which encrypts the customer’s credit card from the point it’s swiped to the point it is processed for approval, will go much further to reduce attacks on retailers.”