Like millions of other fellow Target shoppers, my wife and I learned that our credit card information was breached via purchases made in stores over a period of a few weeks. Thankfully, we have not yet experienced any fraudulent activity. However, this breach certainly has caused a lot of people to rethink how they shop, mainly since it reinforces that protecting your identify and personal information is as vital with in-store purchases as it is with online purchases. That may seem to be a bit of a shock to many people as they may think they are more at risk via an online versus an in-store purchase! However, we can see this is not the case given this recent example.
This breach also got me thinking that protecting your identity and personal data should not be viewed solely as an online activity – it should also include in-person transactions since those occur far more frequently, and by using electronic methods of payment. For example, many people use mobile apps to pay for items such as a gasoline, coffee, etc. or they surf the web via freely offered, yet unsecured, WiFi. Using unsecured WiFi is not recommended for such purchases given that publicly available, i.e. unsecured WiFi, is not encrypted. This means that anyone with the right tools and motivation can freely view all transaction activity over the WiFi network, thereby potentially comprising your identity. A fact that I recently learned was that all Linux distributions store WiFi passwords in plain text, if you don’t use encryption. This is a stunning point which you can learn more about by reading this post.
Additionally, another in-person transaction that can compromise your personal data is not locking down Radio Frequency Identification (RFID)-enabled payment devices such as RFID- enabled credit cards. Since these items can be read by any RFID reader, a criminal can simply walk through a crowded area, such as a shopping mall, and obtain hundreds of credit card numbers without the card holders’ knowledge. This payment information can then be used for purchases within the mall even before you leave the mall, so it is highly recommended that you carry any RFID enabled devices within shield carry cases to ensure that no one can access this information.
Unfortunately, most will agree that the Target breach won’t be the last. Consequently, I highly recommend that you don’t forgot to protect your in-person payment transactions the way you would your online activity since the potential for unauthorized use is just as impactful.
AVP / Security, Compliance and Product Practice Head, Zensar Technologies