Jan 14, 2014|
Are you worried about the security breach at the big retailer, Target? A security breach at Target is worse than originally reported. Instead of 40 million people whose credit/debit cards were compromised now they're saying it was 70 million. The first breach was not on-line...this was in store at the registers during the busiest retail time of the year…between Black Friday and December 15th. Angela speaks with tech experts on how you can help avoid this in the future. Our Guests: Mark Lewis, Principle at Simmons and White, Bill Hardekopf, CEO of LowCards.com and Wes Withrow, Chief Information Security Officer at R2 Cybersecurity.
We're discussing the hot topics of the day with co-host of First Take, Todd Menesses.
Angela discusses the shooting in Lafayette and says farewell to WWL as she hands her timeslot off to Scoot.
What's trending in sports, news, and entertainment?
Angela talks with WWL-TV investigative reporter Katie Moore and Tulane law professor Tania Tetlow about the city's backlog of uninvestigated rape cases.
Automatically Generated Transcript (may not be 100% accurate)
Although security breach at target stores has been called a watershed event to buy those in the fraud fighting industry. Now we know there's been a breach at Neiman Marcus and Reuters reports that several other US department stores have been hit. What does this do to our confidence as we without our credit or debit cards. And more importantly what can we do to protect ourselves from these cyber thieves. Have you ever been ripped off in this manner are you even thinking about going all cash. These are important questions that we have three great people who -- gonna -- bill particle CEO. Of low cards dot com. Along with Mark Lewis principal at Simmons and white and the former president of the Louisiana technology council. And west with -- chief information security officer at -- two cyber security. I want to thank all of you for joining us I think this hit people like a brick. First the ball huge store like target. First it was forty million now at seventy million and it just says only gosh. I'm in the store and they can steal from I think. We often think on line -- a little more vulnerable this was oh my gosh. Before we get into some preventative things I'd like to talk to all of you about. Who's doing this. -- -- So. What you've seen over the course of probably the last ten years and he's seen it actually change try to used to be someone he's been kind of sitting in their their parents' basement he -- got really lucky and kind of was able to get access to someone's credit card or even generate fake credit card numbers but now what you're seeing a really sophisticated attacks. Attacks that are really coordinated from a lot of the countries where we don't have a lot of extradition loss right. So it's it's not uncommon for a -- look a lot of the old Soviet satellite countries right -- You have kind of broken away from that give them. Is that's where a lot of this is going they are actually -- or local organizations and New Orleans -- financial transactions actually been rerouted. To some of those locations as well to. But if we were to say where exactly does this count and it just goes all over the place to be quite honest with you. -- It you know and so it's actually getting a lot more sophisticated when you think about. There -- a lot of programs are being developed over and over again and to. Prevent these attacks but then the attackers becomes more sophisticated in terms of what they're doing and what people really need to realize is that you have to have a constant. Awareness of security and make it should be doing all the right things from a business perspective but also an individual perspective. To prevent. Someone from attacking you and what. The attack is typically go after those easy targets of most people were small businesses don't think he'll be attacked because they're always going after the government or the high. High value banks so. It's the small to medium size businesses that have to be a lot more aware because the sophisticated organizations like the federal government and banks are -- the -- us high and securities and now we need to go Packers thinking used to go to easier targets. Very. -- like terrorism. Once we get one -- the once we get attacked it's one area we sure that and the terrorists go to another area. And attack -- and a different way. So there always one step ahead of the preventative measures. You had mentioned that you know used to be the guy innocent parents. Basement are these guys in these countries is -- in the big room I mean is -- that formal. And organized or is that some guy in the basement. So to -- typically. It's it's a very informal alliance where you have a group of people coming SA group of people it might be five to ten people come together design an attack like this. -- -- the attack. And then knowing what the typical response will be from whoever the steal from. They wolf. You make as much money as quickly as -- possible off the information that they have. And then there -- alliance would just disintegrate so there's not a whole lot of loyalty and a lot of these financial tax. Now when it comes to what's called a state sponsored attack where it is -- foreign government. Right then it's it's very very well -- typically right now it's such suit targets are so easy to get to. But you just get a few people together and actually execute it. Are you seeing more. On line. Cyber thievery a college or isn't and again it was startling to me to think that I can go in any store they use my card. And but the massive amount. How did they do it. So what -- what typically happens is is in a situation like this you do what's called a incident response plan right and that incident response plans this coordinated. Kind of plan where you come together and you have your PR department to gather in the and you -- kind of stage the way you respond to thanks to help control information. Peter when that's the target breach happened. You know my mother was one of the people who are impacted by and has worked in seventy million people but at the time right. Which you heard was -- -- -- account of this campaign of information at -- week we think it happened on this day and we think it was about forty million cards. Right and then you heard okay it happens you'll start to hear -- specific information and start to your larger numbers that are even scarier I didn't didn't work. Originally came out. What. What. -- -- -- -- If somebody get your mother's credit card information they're getting her credit card number are they getting her home address and phone number and email address absolutely. They're getting all about it. Yeah they're getting everything and if you can't get. So if you get the credit card information right it's a very very easy to get all of the other information rights -- typically. Right when you go and look at someone you're going to you know. Cyber attack. You already have a lot of the reconnaissance work done so he'll say I know that okay these people right to live in this area a shop at this place. Right I'm gonna be up because all their information from another -- horse right. And so that's what you typically did so for example I might say you know what my mother's car and I know is going to be a tough thing to get from target. Why don't I get all the information that surrounds her first from other people like small medium sized businesses that she might work with bright or she might publish on FaceBook. And then once I'm able to get that last piece of information. That I have everything I need to complete the entire cycle faction extracting money. He is a list of -- cushion Wes is simply still wanted to attack like that. There should be identifiers as to where that attack is coming from I mean every address like every moment. Location as an at risk every computer and unit hasn't Andrus. Can't we were retracing go back and find out where those with Netflix coming from an attempt by those people. You you can't to a certain extent right because what you do is you typically in fact. Tons of computers across the world I'm not drastic times I mean millions of computers right. And when you actually go make an attack you don't use your own computer right. He just starts sending requests for multiple locations you know that's millions of location so what you do as you. Make it so tough and so expensive to reconstruct the actual issue. Right. But it can be done excellently done when you you never delete right information from computer is just difficult to get Brian what is the goal I mean. Is it because now I have all these credit card numbers and I'm gonna start buying things with them until it comes up that that they're not the person's. Is that in and the -- used merchandise to sell the merchandise. Well you do what you do is you you typically will take that information and you'll resell it on and on another market right. Media house talking with mark about this previously thought you know it's maybe 45 years -- -- a presentation that to us -- with the FBI. You know you could get a it was sliding scale sister really where you can actually purchase someone's your Social Security number their name their drafts. Everything if they had a really good credit score to it would cost you twenty dollars for block -- a few hundred -- -- if they have to really bats credit score right he could get it for a little bit cheaper. Write -- but what were people will do is able. Get the information in the start probing making small transactions to see if you actually respond right terrify. Know you have good credit score and then I start using your card on my -- at ten dollars item at twenty dollar item that might historic. Here's a 50000 dollar bribe and then I'll have it shipped to wherever need be shipped. And then you know what happened is you eventually run out of -- because someone one identify and turn it off but by that time you've already. In that we're ready to fix itself for being right is they have to. They have to honor that fraud and therefore they get charged back and salute to their credit card holders in charge for it to the banks really. At risk when all this happened and I enjoy tremendous cost. Sorry that's quite so report for us as consumers. To check our statement. It did not just the big transactions on those statements. But like was said earlier he got to check this small transactions because that these will we usually put those small ones. Through to see it it's still good card and it has been shut off. If it hasn't been the big transactions come through. The with few have been affected by this. Or if you've ever lost your credit card and somebody has ripped you off let us know give us a call 260. 187 day if you have had an experience -- you want to ask any questions we have three. Wonderful experts with us. Bill -- -- -- CEO of low cards dot com. Mark Lewis the principal Simmons and widen the former president of Louisiana technology council. And west with -- chief information security officer at -- to cyber security. Bill I know let's we have a caller let's go to him first David in Gramercy David. Yes. -- thank you. You had a question. Now ordering a change our -- much -- Derek -- -- Number and -- -- are still. In art because you can use your debit card at a credit card. As well -- just get all call. Yes she should go ahead and get a whole new card. What happens is with a pen. The it depends are typically Ford numbers right and if you actually tried to use you can. Very very easily get software off the Internet that will actually run and test all those pins. So the best thing I mean you did the right thing the very first thing by actually changing the pin but it I would go ahead and actually get a new card that's what I've recommended to anybody that I've spoken to so far. That's it simplifies everything for even your own mother. Even their -- right here. Well look but what about. My bank debit card because that's -- Derek are in debit card -- -- much. So wind so when you get the new target card right it will -- you obviously have to link it back up. I would actually just continue to monitor your bank card. And I wouldn't get a new and yet I'm that I would just keep a close eye on it and you'll be fine for the -- -- Don't think Q and again if anybody else would like to talk to our experts give us call 260187. Day. Bill particle -- CEO of low cards dot com. Your thoughts on. Let's just talk talking about exactly what we can do to help prevent this from affecting us. Well I think the first thing we have to do as we -- check our bank's statement from our credit cap credit card accounts regularly. I don't mean just at the end of the month -- spike in online account and take a look. But those accounts just to make sure no funny looking transactions. Goes through as we talked about earlier. You know look for the small ones as well so large ones. I also changes is that we -- since. Change the pin number on your debit card. Even though there is software out there I would. That is is very good checkpoint. And I think is one of the other things that the target. -- it was the second target braids too that affected seventeen million people and they got that email addresses. So many people as well as and names and home addresses and what that means is that. We might all be subject of those seventy million people might be subjected to. Phishing scam. What you might get an email sent to use it looks exactly like. Particular web site legitimate. Web site. These these these make it look so good and they might be able to personalize it with your name and address on the -- to make it look very legitimate. We have to be very careful. Not picky about Patrick click on any emails that we get and what were the ones that initiate that or about our. Personal information over the phone and that's worth -- one. That initiate the call. You know I -- only sound like a complete dinosaur. But I don't do online banking and probably the only person in America who doesn't and I don't do when he my credit cards online because I'm afraid. Of them getting it online. So understand what you're saying chicken before the bill arrives at the end of the month but. That means it just one more layer of susceptibility. Well. I understand that your concern. I think the the other legitimate concern though is that. You are going to have thirty days. At a time when you're not checking your account. And you know he can hit as any kind of teach second with a secure. Server I think you're going to be in the secure computer I think you're going to be fine. Yeah and he's right about that now he was talking about what some of the things CE you have to react to because of what -- it did it. And in and the but the access to the seventy -- security cars but. There are a lot of things of people continue to try to prevent that information. Like there's -- list. Certain things you can do to protect -- computer obviously everybody should have some security software on it. That's important to make sure that's updated regularly maintain your current soft furniture have you you updates on that. Like you said go back and make sure generate a -- The -- counts in good working order. And passwords is a big thing to you should change your password on. On your computer. Or access to -- really bank account to credit card accounts and a regular basis. And that's so heartening realistically that is hard. Because were overwhelmed with the number of passports and -- don't I know you don't use the same password for everything -- but to keep changing and changing. There's no doubt. The the consequences -- not doing that and getting out hacked into could be much more severe than going through the aggravation again. The hackers out there are doing this for one purpose does that make life hell for a lot of people uniter understand why they're doing it. But they just it's it's it's an addiction that they just for some reason wanna do that you would think that. You know they do that for trying to access -- and make it financially rewarding but sometime you'll do it just because of the thrill of. And you just want to -- to these people get a life cannot mind. Except for her yet we're talking about cyber thieves were talking about protecting ourselves were talking about what happened to target. With bill -- a cough. Mark Lewis and west Withrow. What is the this idea that's coming up the pike is going to be the credit card with a chip and that might make it more difficult for these guys to justice. What that is very prevalent. Over in Europe it's called a chip and -- technology. And some other studies that have been done over there shows that. Fraud has been decreased. Almost up to 13. When people went. Cultures used that to -- technology. Rather than a magnetic strip which is so prevalent here in America. Do you all know about this -- how is that different just out of curiosity what's the difference contain the strike the strip in the chip. Well let's throw it second layer that I. Security there is there is -- -- Is indeed. Credit card and then you have and her a hand. Number. And apparently that the ship is more secure than magnetic strip. I understand that this is something that's going to be changing but it's gonna take time in America. They're talking about 2015. Before -- really see it. Well one of the big issues is bad. Issuers could move to that but if retailers don't have. The processors in there you know on their calendars. What you make a transaction it's not gonna do much good at that car. So one of the big drawback is that it cost. Up approximately. A couple hundred dollars for a retailer. To have each to install each of those processors. That takes the tip of opinions so that's kind of one of the big hurdles that have to be. Crossed before we'll we moved to that. In a prevalent way here in America. And -- who is going to pay for all of this. You know -- 1% of those seventy million people whose cards were ripped off. Are used. And it's that's got to be in the millions and millions and millions of dollars who's gonna pay for that. Not the consumer. Right typically what shall see right now as the banks are the one who are absorbing those costs bright and consumers are also actually costing the banks more on top of the years so you have to think that actions to absorb the cost so if someone spends 500 dollars the bank it's going to cover that forty. But in the consumer is also going to get upset with the bank's thinking it was the bank's actual fault swelled to sit there going to. Request new cars are going to commit to request conversations they actually doubling the cost. Right so which are looking at is that potential losing clients right which is a cost that is it's tough to quantify. Right now -- as you're dealing with the severe beginning the cost that the -- just paying back to the. Yeah. You know eventually it's going to be the consumer's gonna bear the cost it always is so. The bank shall bear that cost for -- all these cars but their cost goes up and so -- profit margins it's not going to be passed down substantially. It's always the consumer that UK. In the long run. Always the consumer -- -- has always been. -- look let's talk about time. I wish you were talking about protections for small businesses. So what what happened to businesses typically small and medium sized businesses don't believe that their heart. And that's kind of a false sense security that's there and what -- have and the few things that I recommend to business is first and foremost. Is you can have a HIT security consultant coming in doing -- risk assessed with. And that helped that well actually give you an idea and give your roadmap of where your phone purple. Kind of what you need to do to plug those vulnerabilities and what options you have as well to right because it has to fit within some reasonable budget right. The second thing is it is it you'll see are a huge ramp up in 2014 on this at least 50%. Of businesses are going to actually start buying more cyber liability insurance rights' have for example. You can offset a lot of your risk right. Let's say OK well if someone breaks into my network and I have to notify 5000 people while I have to hire. He and organization to do that for I don't have the money to do that but if I have cyber liability insurance. That would help offset a lot of the risk and so that's one of the very easy and quick ways to actually at least offset some of your risk in the third is to. It's user awareness you know a lot of times when you think of cyber security and technology you're thinking. -- firewalls and buying these gadgets and everything that you know that is the technical side and and still people are always going to be the weakest link to. And the best thing that you can do any organization can do is having formalize user awareness programs which -- actually explaining to people. What's via what I -- security -- what to look for. Because nine times out of ten. It's usually there's some. Personally there's a person involved it's not the technology that fails. I mean it's never really the person in the company you're trying to person in the company. It's it's and it's never -- apps it's not it's never it's. So a lot of time just not intentional brightest he sometimes. You get an email on the atmosphere here if they need now that looks legitimate you're gonna click on it right you're going to do the things that he most suggest and then. Next thing you know you're gonna have. -- -- should have done that yes you know I think. What the US is talking about it is just like companies put together strategic plans for sales and marketing for operations. Just like what simmons' wife does for companies to help them grow on the profitable. Companies really need to put processes in place a strategic plans when it comes to security because. As we go down the road securities can be common and it just being in a more important factors -- as we all know. And so companies need to really put those plans and monitor those plans and a regular basis because you just can't maintains that he can't be static you gotta go forward. And keep. Updating your security software. Keep looking at potential holes that could -- -- the business and just be -- Diligent about how you can proceed to protect you companies just like you wouldn't implementing strategic sales plan -- business development plan or processes within company. You know I'll take this a long time ago my purse stolen my long time ago a couple of years ago at a grocery store. And the thieves took my credit card and immediately did exactly what you talked about earlier when he and went to Baskin Robbins and got two dollars worth of something. And then went to fast food place and did five dollars for that something and then went to a store and spent 250. They just kept waiting. Such a pain wise to go through. Get the new life and go. But we're talking about here is not just the wall being ripped off for talking about your whole world. Your identity is being open that is right. And it is a very important things that most of us who have -- busy lives just wanted to go away and it's not. And you all are clearly saying it is up to us to be more responsible on a daily basis. That our security is up to us. And I think most people have this false sense security that is not gonna happen to me and in May be for the majority of people won't. But that risk that it does as a major impact on your life in terms of time in terms of dollars in terms of -- -- your own personal identity. People have to have this sense of awareness and BT deal and have their due diligence to make sure. That their information is protected and do those kind of things that protects the rounds now in some situations with target you do all the right things but. You know target messes up for the -- sophisticated people going -- now. And I cannot suggest anybody do this but. Why wouldn't the banks be really mad at target because they had a preacher now they have all these external costs of gonna pay for all that. That's a big deal you know. I don't envision some lawyers gonna comments to target company half of the banks because they had a preacher and all these numbers are outstanding and all these costs. You know that's where society is gone and it's certainly hope that doesn't happen but. You know who's gonna pay for it. That's when it. I don't Carville. I was gonna say that I think we need to realize that. This will not be the last -- This is going to be something that culturally. We are going to see because. That cyber thieves are very sharp and very intelligent. And probably very lucky too but they are going to continue to do this so this is something that we are going to face. For years to come. You know built a team several interviews now national interviews were -- consumers and said I'm just going to cash. What what kind of impact with that people not using credit cards. Well there are studies out there that show people spent last liberties cast so it was. It was definitely probably have an effect on the economy and the economy's growth. There are a lot of people there about 25% of the public that does not have a credit card or use a credit card right now. So -- not out of the realm of possibility that that happens in one of -- one import people right now but I. I can't take credit or debit. Are that get credit card how's that been trending over the years. I hit that very constant and matter of fact it is it is surprising to me -- just about everybody at a credit card but. But they go to about one in -- I wonder how many of those he gave up -- credit card of the words had one. -- never have -- one. I've never seen any statistics on now. Outside I I would even hazard a guess -- -- I'm just thinking you know the the the crash of 0809. And the impact it had on people in a kind of woke us up about our spending and also our need to save -- I think you know people did come up some credit cards. Well I think one of the things that we all need to realize is that credit cards are very secure form of payment and in terms of the consumer. Is it your credit card is ripped off here. Liability is. Usually a maximum of fifty dollars and others. In a number of cases there is no liability to the consumers so there are a lot of protections. He using a credit card as well as perks such as. Aspect of mild -- hotel points. So that there are a lot of it in the an accounting system of where you've spent your money there a lot of water. Protections like price protections. Rented car insurance that you -- so there are a lot of benefits to a credit card. That I think a lot of people realizes that's -- it's a very attractive form of payment. I wanna thank the people who have been here and I. I would like bill part of -- CEO of low cart dot com to very briefly tell me what is look look hard shot come. All the credit card industry has been very complex thing to understand -- -- cart dot com does is that it analyzes all thousand credit cards that are out there in the United States has. Gives you all sorts of tips about what to look forward credit cards is how to navigate that. Complex industry. Well I wanna thank you very much for joining us and west went throw what is your new company so. Our name -- are to cyber security and that we are New Orleans based IT security consulting services firm that focuses on one. Really helping small and medium size businesses navigate the complexity of cyber secure. And that is an ever growing businesses have we learned today. Thank you very much and of course. Mark periods at -- Well thanks for Panasonic Angela -- and it's great to work with western help and businesses grow from a profitability standpoint that they too that we do we help companies with extraordinary business challenges. And we're happy to help last in the growth it has been so -- well I think all three of you for helping all of us.