The 5 Biggest Payment Breaches & How They Could Have Been Prevented

Payment fraud is at an all-time high, there is no question about it.  Investopedia put together a list of the five biggest payment data breaches of all time. The news is always quick to talk about the stories and ramifications, but few discuss solutions. We have analyzed the five cases and come up with the core problems and solutions. Any business can implement these simple security measures to prevent the catastrophic circumstances that led to data breaches such as these:

TRW/Sears (1984)
Breach Scope: 90 million cards

The first massive credit card breach occurred nearly thirty-three years ago to TRW, a leading credit union. The attack happened because a hacker was able to steal a password from a Sears store that unlocked personal information of customers that could lead to obtaining credit card data.  For this reason, retailers should opt for an out-of-scope payment solution which ensures that credit card data is not stored on site but outsourced to a secure payment provider which has the necessary security requirements to prevent such an attack.

TJX Companies (2006)
Breach Scope: 94 million cards

TJMaxx and Marshalls were hit by a cyber attack that stole their customers’ saved credit card data. The attack was catastrophic for consumer trust but also cost the company many millions in a consumer protection settlement. If TJX has stored tokens instead of the actual customer credit card numbers, this attack would have prevented (read more about tokenization here).

Heartland Payment Systems (2009)
Breach Scope: 130 million cards

In this case, hackers sought companies that received and transmitted financial data and used that information for profit. At the time, it was considered cutting-edge crime and one that many businesses did not have the internal defenses that would have prevented it. Nowadays, hacks of this kind are commonplace, which is why businesses should never have access to actual credit card data but ensure that data is encrypted and that recurring cards are tokenized.

Target (2013)
Breach Scope: 40 million cards

Target was hit by a tremendous data breach on Black Friday weekend, resulting in 110 million consumers’ theft of personal information. Regarding payment data theft, this issue was that when Target processed credit cards, the cards were swiped which gave the company’s network direct access to payment information. Had the company adopted EMV, the hackers would not have access to useful payment information, and consumers would have been spared. EMV is essential to consumers’ payment security.

Home Depot (2014)
Breach Scope: 56 million cards

This same problem manifested itself in Home Depot’s recent breach, where malware was implanted in their self-checkout terminals. Had consumers inserted their cards instead of swiping, the attackers would not have had access to their payment information, and the entire fallout would have been prevented.

A payment data breach can happen to any business, especially nowadays with the vast knowledge and expertise that hackers have gained. It is essential that every company, regardless of size, speak to a trusted payment provider about solutions to prevent fraud and stolen data.  Fidelity’s 21 years of industry expertise has given them a distinct advantage in payment data security. We have crafted simple and easy-to-implement security solutions for businesses of any industry or vertical. Speak to a representative today about what security solutions can be adopted at your business.