202.5

Column: Is it safer to shop online than in-store?

By Ken Colburn, Data Doctors

PHOENIX — Q: With all of the breaches at major retailers, is it actually
safer to shop online these days?

A: According to the
Privacy Rights Clearinghouse
, 931,358,613 records have been breached from
4,456 data breaches made public since 2005.

It’s not your imagination that large data breaches are being reported by major
corporations and retailers much more frequently.

One of the reasons you’re hearing more about retail breaches is because the
value of the data compromised at the actual point of sale, or cash register, is
significantly higher than data stolen from an online retailer. Stolen online credit card info can only be used online,
while the data stolen at cash registers allows criminals to create counterfeit
credit cards that can be used anywhere.

Stolen “magstripe data,” from the magnetic stripe on the back of a card, includes
additional security data that isn’t transmitted during an online purchase.

One of the upcoming security measures known as “chip and pin” aims to make point-of-sale attacks less desirable for criminals, but until the entire
industry converts, offline retailers will continue to be targeted.

I won’t be surprised to hear of one or two additional major retailers being breached during this holiday season, exposing tens of millions of credit cards.

To address your question: If we look at
the press releases from the most recent major retailers after their breach was
discovered, most reported that online customers were not affected.

So, looking at this recent targeting of point-of-sale devices, you can easily make the claim that shopping online, with the
hacked retailers, was safer.

In general, I’m personally more comfortable making purchases online, because
the entire transaction has a structured security process and no other humans
are involved.

I’m not saying that online retailers are not targeted by hackers
or that your credit card information won’t ever be compromised if you only shop
online. Any large organization that deals with millions of dollars of credit card
transactions per day will always be a target, and thieves will always explore
every possible means to breach whatever security is in place.

But for this holiday shopping season, I’m definitely more comfortable shopping
online. One of the biggest concerns about the recent store breaches is that
they weren’t discovered by the compromised retailers — they were discovered
by security experts that monitor underground websites that sell stolen credit
cards.

When large volumes of credit cards hit the black market, credit card issuers
can analyze the transactional data to see whether there are common links to a
specific retailer to help uncover the source of the breach.

Target operated for more than two weeks before discovering the breach, while
Home Depot went nearly six months without knowing it had been compromised.

Whether you shop online or offline, don’t use a debit card. And whenever
possible, use any of the more secure methods, such as Apple Pay, Google Wallet,
PayPal or the chip on your credit card — if you have one — instead of the
magnetic stripe.

Follow @WTOP and @WTOPtech on Twitter, and on the



Advertiser Content