Various investigations into the Target credit card fiasco continue, and the public is still lacking solid answers. While some facts about the breach are known, other fundamental details have yet to be determined. However, some information is being leaked to the media, and some believe the primary cause of the attack was a phishing attack perpetrated on the supplier of Target’s terminals.
Fazio Mechanical Systems, which manufactures refrigeration units and HVAC systems, was reportedly the target of a phishing attack two months prior to the attack. Their systems are linked with individual Target stores’ networks, which gives attackers a vector to install the software that captured credit card information. Should these reports turn out to be true, basic networking mistakes may ultimately prove to be the primary cause of problems.
While phishing attacks generally target consumers in an effort to gain their credit card information, they can also be used to attack manufacturers and others who work in commercial fields. If reports are true, this breach may prove to be the most profitable phishing attack ever launched.
However, it also demonstrates problems with current payment terminals. While they were on the cutting edge when they first came out, many now believe them to be outdated and are pushing for replacements. Virtual terminal payment systems provide a means of keeping the experience the same while allowing better network isolation; instead of relying on a vulnerable operating system, virtual terminals can run in self-contained sandboxes.
Android and iPhone processing can provide relief as well. Because of their popularity, security issues on these devices are quickly patched, and they are not as vulnerable to problems as Windows-based terminals, which are still dominant. They are also cheaper than traditional terminals and are easier to replace. While mobile terminals may not be conducive for massive companies such as Target, small businesses and those on-the-go benefit from such technologies. Companies may wish to consider some of the many mobile credit card processing systems currently available for both Android and iOS.
Because accepting credit cards is so important for even the smallest businesses, small business merchant account providers are offering creative solutions that promise to provide better security. A credit card payment solutions provider needs to stand out in order to attract new business, and innovation is key for attracting the interest needed to remain viable. Virtual systems and mobile payment solutions promise to deliver better results.
Other companies are looking to make a name in the payment processing space. PayPal, for example, is partnering with various companies to allow in-store payments using the customers’ mobile devices. These payments rely on secure Internet connections, and credit card information is not sent over any internal networks. By acting as a middleman, PayPal is able to prevent information from leaking out due to poor network configuration. Combined with Paypal’s burgeoning popularity, their system may gain traction in the coming years.
Ultimately, however, Target’s data breach shows that even some of the biggest companies can be vulnerable to simple attacks. Few would have guessed than an HVAC system could be to blame from one of the largest data breaches in history. In addition, it shows that no company is too large to implement poor networking infrastructure. Having an HVAC system that taps into stores’ networks is a clear violation of standard networking procedures, and Target’s negligence demonstrates that size doesn’t lead to better security.
Whether this breach will lead to better security has yet to be seen, but there are alternative payment systems available to can prevent similar attacks in the future. Only time will tell if this attack is a turning point or if other similar attacks are necessary to prove a need for better payment processing systems.
Author: Spencer Frandsen is the expert in online marketing, with years of experience working with companies like payment processor Vision Payment Solutions, directing and implementing more than 500 digital marketing campaigns. He is fluent in HTML, CSS, PHP, and Russian and is pursuing his economics degree at the University of Utah.