In what is being called possibly “the largest federal hacking and identity theft case ever,” United States authorities recently charged 11 people with stealing more than 41m credit and debit card numbers from popular retailers such as Barnes & Noble, TJMax, OfficeMax and Boston Market.
The exact amount of potential damages caused by the thefts is unknown but is certainly in the billions of dollars, if not tens of billions of dollars.
While this story is notable for the sheer volume of credit and debit card numbers stolen, it is perhaps even more notable because of the simple technique that the “crime ring” behind the thefts used to acquire them.
To gain access to customer information, including the credit and debit card numbers, the thieves allegedly engaged in nothing more than “war driving.”
They targeted specific retail outlets and when in the vicinity of those outlets, looked for vulnerable wireless networks that the retailers had set up.
Once found, the thieves set up packet sniffer applications that enabled them to record the data accessible over the retailer’s network – including credit and debit card information.
While authorities will certainly blame the massive heist on Albert “Segvec” Gonzalez, the alleged ringleader (who ironically was a Secret Service informant at the same time he was engaging in the thefts), and his multinational associates, consumers should really lay the blame on wireless technology, the incompetent users of it and themselves.
The truth is that the victimized retailers never should have been handling the transfer of sensitive data over wireless networks or storing such data on computers connected to wireless networks in the first place – let alone insecure wireless networks.
Some of them probably had no real need to operate wireless networks in the first place. And those that have a legitimate reason to offer wireless networks to their consumers, like Barnes & Noble, should have insulated their wireless connectivity from their “corporate” connectivity.
Frankly, in my opinion, it is the retailers who should bear the greatest liability for this crime and credit card companies like Visa and MasterCard clearly need to implement and enforce more sensible data security requirements for merchants.
This applies to both offline retailers and online retailers because as this situation demonstrates, there really is no such thing as an “offline retailer” anymore.
Unfortunately, for obvious reasons, neither of these things is likely to happen. Consumers will probably be the ones who bear the greatest costs.
And to a certain extent, consumers deserve it.
After all, our perceived need to be “connected” everywhere we go (and for many businesses to offer us the ability to “stay connected” when we’re at their places of business) has created a “networked world” in which a massive heist like the one uncovered was not merely a risk but a certainty
Yet again, the ugly side of technology has reared its head, reminding us that the conveniences it creates are a double-edged sword.
No matter how hard technologists try to gloss over technology’s many ill effects, the vulnerabilities technology has opened up consumers to and the incredible opportunities it has created for criminals have become a fact of life.
Unfortunately, there is little that consumers can do. Our wireless world isn’t going away, nor is gross incompetence.
And given the rewards that await today’s most successful “cyber criminals,” it’s a safe bet that the financial incentives that exist for criminals to exploit technology will always exceed the resources that are available to defend against that criminal activity.
Ironically, the better we become at defending against it, the higher the incentives for criminals.
Given all this, my suggestion to consumers is simple: pay for most purchases with cash.
After all, you (hopefully) don’t need to put a $4.95 magazine purchase at Barnes & Noble on your Platinum Visa or to use your American Express Centurion Card to pay for a 99 cent pack of Tic Tacs at Boston Market.
At the end of the day, the reality of our brave new world is that convenience and connection have a price. As tens of millions of credit and debit card holders in the United States could potentially learn, sometimes that price is quite high.