Another American Retailer Data Breach That Could Have Been Prevented by HomeATM

And yet again, an American retailer and its customers go down the road of data theft. In this case, the retailer is Advance Auto Parts and the most recent hack affected 56,000 of its shoppers in eight states - Georgia, Indiana, Louisiana, Mississippi, New York, Ohio, Tennessee and Virginia. Luckily, the customers from the stores in question represent a small portion of the total shoppers that frequent the chain's 3,261 stores across the country.

The discovery of the breach, as with those at other retailers, has prompted Advance to reassess its security measures. Others, at the same time, are once again questioning if Payment Card Industry (PCI) compliance standards are either fair or effective.

In a recent interview with RIS News, Dave Hogan, senior vice president and chief information officer with the National Retail Federation (NRF), expressed the view that more secure forms of payment such as "Chip & Pin" were available and proven in reducing fraud. He suggested that card associations should "provide (at no cost to the merchant) card readers that can accept these new types of cards."

Branden Williams, director of PCI practice for VeriSign Global Security Consulting, took issue with Mr. Hogan's position. Regarding "Chip & Pin," Mr. Williams told RIS News it “slows down the bad guys, but does not stop them. Besides, there is an issue with Chip & Pin in the United States - acceptance! What good is a reader if no one carries the card to use them?

He goes on to say that heI seriously doubt that the card associations would pay for the terminals. Even if they did, retailers will likely have to do major alterations to their software to be able to handle both types of transactions in parallel. However, this is simply not true. There are no major software alterations needed with HomeATM's PIN Entry Device (PED) It's simply plug and play. And at a cost of around $5, it would make sense for Internet Retailers to provide them to their customers, because they would save about 100 basis points off Interchange Fees with a PIN based transaction. Therefore the ROI is not only almost immediate, but the more secure PIN Debit transaction eliminates chargebacks and the reserves required.

Mr. Hogan also took issue with the amount of data that merchants are required to keep by banks. He called on financial institutions to "state that 'Retailers have the option to no longer store credit card data and they will not be penalized for not keeping credit card data.'"