tv Inside Story Al Jazeera December 23, 2013 5:00pm-5:31pm EST
>> this is al jazeera america. live from new york city. i'm richelle carey with a look at today's top stories. we have just a few hours left to enroll in a health plan if you want your coverage to start january 1st. but if you run into a technical snag enrollies will have an one-day grace period. a meeting at the united nations security council is underway right now to look at the situation in south sudan. more than a thousand people have died i in a little more of a wek of violence. and central african republic, u.n. peace keepers fired on a group of demonstrators in
bangui, one person was reporte reportedly killed. same sex marriages will continue in utah. a federal judge denied the request to block his ruling. and two members of the controversial punk band pussy radiosout was released. i'm richelle carey. those are your top stories around the world. for more information on those stories go to www.aljazeera.com. thank you for your time. >> your data, your rights, and your protections are the inside story.
>> hello, i'm ray suarez. woe to the unknowing consumer who wants to wrap up holiday shopping at the big box target target this season. perhaps many of us doing what we do every day have come under threat from a growing crime. account data theft. the sophistication of the criminals far out ways the built in protections from the retailers and creditors who lend us money. one bank's reaction appears nor self-serving than the good of customers, what are you going to do, unless your sure your account information is safe? is cash king after all? we'll talk about all this. but first some background.
>> reporter: on the backside of your credit or debit cart i cara black magnetic strip why all your information is stored. the strip is the target of hawkers. security as many as from retailers, banks and credit card companies so consumers have in a sense lots of reasons to trust that their transactions are safe. still the point of sales systems are outdated tired to would-be thieves, and it is expensive for companies to update their systems. and there was a data breach during the heart of the holiday shopping someone. the secret service and others are investigating the data
theft. in response jp morgan and chase decided to limit the amount people could use your cards. atm withdraws are set to $100 a day and inperson purchases to $300. neilsen, a global payment tracking firm reports that credit and debit card fraud is on the rise. last year over $11 billion were stolen from credit card users worldwide, up 11% from the previous years. despite this growing number. credit card fraud makes up less than 6% of all fraud crime annually. attorneys general from four states, connecticut, massachusetts, new york, and south dakota, are beginning investigations into the target credit card breach. with more than 1700 stores nationwide, the big box retailer
saw a backlash during the final days of the busiest shopping season of the year. this weekend target experienced 3% drop in sales compared to this time last year despite the 10% discount offered to all because of the breach. target has said concerned customers can get free credit monitoring assistance from the company. in 2007 the retail giant tj max was hit, and user accounts were compromised. in the end it cost the company $256 million in lawsuit, investigations, and security upgrades. we approached target and jp morgan chase with invitations to appear on this program. they declined. we turn now to connecticut's attorney general george jepson joining us from hartford. you asked with there other
states for corporation. what does the state of connecticut want from this big national retailer? >> under our connecticut state law they're obligated to provide us with information about how a breach occurred, the risk that was compromised, what they're doing to fix the problem, and so it's a pretty thorough investigation that we use. i respect the fact that there is some information they cannot provide because there is a federal investigation under way. but we want to get to the bottom of this. >> so far is target complying, cooperating with your requests? >> our attorneys have been in conversations with target. it's still very early in the process. i couldn't characterize them as being uncooperative. >> is it hard inside connecticut to protect your own consumers when so much activity around
charging and purchasing goods involves other states. >> in all likelihood this attack was from outside of this country, eastern europe, russia, who knows. we work close with our counterparts. we have cooperative relationship. the state attorneys general work to solve these issues, but this is a big one. >> state law is governing in the case of terms of credit card arrangements the kind of contracts that you sign with that tiny type on the back. what does connecticut ask of people who issue credit cards to its citizens? >> well, if there is a breach they are required to inform my office. we then have a standard follow up protocol that shows how that breach occurred, what steps are
being taken to solve the issue, and it's thorough, and this one is very big, and it's just under way. >> if a consumer in bridge fort, hard forhartford or new haven wo sign up to monitor their account, should target be asked to pay for that? >> yes, on a consistent basis we think if there is any risk for loss of information we ask that the target, and in this case target, for two years of monitoring. they have provided monitoring, but the length of time has not been stated. if you can change the pin number, change the pin number and to look very closely at your bank statements and at your credit card statements or debit card statements to detect if there are any unauthorized purchases. >> what is the latest breach of
this size. there have been several big ones involving national retailers it is your impression that companies are learning anything by playing defense or are the same mistakes going to be made over again. >> this is a growing issue and growing problem. whatever the companies are doing are not keeping up with what the hawkers are able to do. as you pointed out in the intro, the sophistication of the hawkers seems to exceed what defensive measures are being put up there. there is a need for federal involvement. we're essentially using 20th century technology, which is magnetic strips when there is more sophisticated technologies embed chips which creates a new unique pattern. there are steps that need to be taken, but the federal government is in position to push the credit card companies, and to do what is necessary. >> attorney general george j
jepson thanks for joining us on inside story. >> thank you. >> when we come back we'll broaden this discussion with security expert and electronics payments industry representative. stay with us. this is inside story. >> we find the fault lines that run through communities. >> the shooting happened about 30 minutes ago. >> companies... >> the remains of the fire are still everywhere here. >> the powers that be at home and around the world... >> not only do they not get compensation but you don't even have to explain why? >> well thats exactly what i said. >> we question authority. >> so you said we could get access... >> that's enough! >> ... and those affected. >> investigative journalism at it's toughest. here is more. >> beneath the fluorescentsun in a former meat packing plant is the latest trim in farming. they call it "vertical farming." these fields grow on floors on
at industrial park and farmer john adel and his staff agrees user. >> my shipping proceed did you say 1500, 2,000 miles to get are. >> the plant of the indoor -- as the indoor formers call it doesn't grow corn or soybeans but mustard, high end micro greens on the plates of white-napkin restaurants. these fish supply the vert liser that number issues the
>> welcome back to "inside story." i'm ray suarez. we're talking about the massive data breach of debit and credit card and retailer target. we welcome our guests. sally greenberg let me pick up with you where i left it with the attorney general, is there a learning curve here? are the companies that are involved all along the chain that starts when you swipe that card becoming harder targets? well, it seems like this happens over and over and over again. we hear about the big cases, target last week, tj max.
it seems that there is no change on the part of the retailers, the banks that back up the credit cards and consumers end up holding the bag. by that i mean consumers, it's on them to check their accounts. now we're seeing millions of consumers being forced on the limitations that they can take out of their own account, the amount of money that they can spend when shopping. we're very sorry that this happened. these are all the 20 things that you as a consumer have to do. consumers are fed up. they're tired of being at the raw end of the stick on this type of data breach that happens over and over again. i think we need a national solution. >> jason, you heard sally greenberg, you heard the attorney general, and it's true. when this first happened a lot of advice went out to consumers.
maybe consumers were doing those things, what were the companies doing? what gets set off when there is a breach like this? >> i think its important to note that the system is designed to insulate consumers from any responsibility for fraudulent activity on their accounts. this was a significant criminal enterprise, no question about it. target was the victim of a very serious crime possibly of global significance. but at the same time the credit card networks are designed to insure that consumers have zero liability for any fraud that occurs on their accounts. that's the way the system is built. it's important to know that this is not only a rare occurrence, you noted at the outset, $11 billion on global fraud on top of $4.6 trillion in credit card and debit card usage in the u.s. alone in a year, so it's a fraction of a percentage. it's less than a tenth percent
of over all network usage. it's important to note that consumers are protected. the second thing that is important to remember this was a criminal activity, and these stolen account numbers were stolen by criminals who will attempt to put them to use but the network is set up to make sure that consumers don't suffer. >> and by all accounts they have already been put into use, but let's get back to my question when a breach of this magnitude is discovered what do companies do on the back end do, what do the banks do, the electronic systems that is sending the information back and forth between all the parties. you realize there is a leak. you realize someone has gotten in the file cabinet. what do you do? >> this is a law enforcement investigation. part of the equation, the secret service has jurisdiction on
behalf of the federal government to investigate this type of fraudulent activity by international or criminal enterprises. it is a cooperative effort, and law enforcement to find that point of vulnerability. you described it exactly right. the networks are secured, but there has to be a point of entry into those networks. the question is where is that point of vulnerability. the last time this happened in this significant way was more than five years ago. they have done a lot to shore up the systems but in this case criminals have gotten smart, and as part of this law enforcement investigation how do we prevent it from happening again. >> chris, do you agree the industry has been doing a pretty good job policing its breaches,
and hardening its systems? >> well definitely apairness has increaseds quite a bit throughout, regardless of the size of the organization. it's important when you have internet facing systems you have commensurate risk with that. what's going on right now in a situation like target, there is an activity intensive forensic investigation going on, and every aspect that could be a vulnerability is being looked at, and we've seen an increase without knowing anything about the specifics of target just in general we've seen an increase in criminal activity as it relates to getting insider help.
it is constant and i you can't t down because it has gotten sophisticated. >> this is a rare crime, so what are we to make of that? is this a big deal, a significant crime or small potatoes when you consider the amount of money that is changing handing. the breach itself is not small potatoes. it affects 40 million cardholders, and i'm sure they'll do a final analysis on that, but that has a big impact, no doubt. i believe it will serve to the issues that it's not just compliance but security, day-to-day attention to security. and the larger companies who have a lot more touch points and
more complexity to what they're trying to deliver the consumer, they have additional vulnerabl vulnerability points, they have more resources but it makes them more vulnerable in terms that they deliver services. definitely if you're large business or a small one it's definitely a wake-up call. >> why is this a problem to be worried about and noodled over by the banks, by the fulfillment companies. you heard that consumers will be held harmless, and having to make good on fraudulent charges being made in their name. >> the consumer is responsible for finding thoug those fraudult
charges. and there are breaches we don't hear about. the federal trade commission has many cases against companies for security breaches. so no, this is not small potatoes, and consumers are limited in the amount of money they can take out, and they have to be on the alert to report. so it is on the consumer. the bottom line there is technology that these companies could be using, including retailers, the banks, and everyone along the change, but no one wants to pay for it. this is one of those instances where there has to be a coming together with federal agencies, law enforcement agencies who bring together the banks, the retailers, and let's figure out how we can ramp ourselves up to the 21st century.
nothing is foolproof but we can do much, much better. let's take the murder off the individual consumer and put it on these far more sophisticated entities like retail establishments, like the banks. target is a $340 million profit company. they can forward to do this, and not put their customers at risk. >> when we come back we'll talk about what the industry and consumers can be doing, and what remains to be done to clear up some of these breaches and make it a safer system for everybody. stay with us. you're watching inside story. >> al jazeera america is the only news channel that brings you live news at the top of every hour. >> here are the headlines at this hour.
we're talking about the debit and credit card breach. with us sally greenberg and brett and jason oxman ceo of the electronic transaction association, and countless times when i've been overseas i hand somebody my card, they swipe it and instead of handing me back my card they hand me a keyboard. i say i'm american and they put the charge through. what are we not doing that they are doing around the world, and are there more secure ways. >> there is a technology used in europe called e.m.v. it's a chip in the card that you see outside of the u.s. and many travelers have those cards. they're more secure than the magnetimagnetic swipe cards.
it's harder to counterfeit the card with a chip in it rather than the magnetic stripe. we anticipate a lot of those account numbers will be for sale and many overseas will generate counterfeit cards. we're in the process of migrate to go e.m.v. that will take a couple of years. for a couple of reasons. one there, are 1 billion cards in circulation, and there are 8 million merchant who is accept cards, and they have to install new equipment. so it will take some time, but the bottom line is we'll get there eventually over the next couple of years. and those cards will make it harder for counterfeit cards to be produced by criminals. >> it's possible to produce credit cards for all kinds of things that they couldn't use ce used for. you could even use them to pay for a parking meter.
if we up security do we have to trade that speed and screen cone to get a more secure system? >> well, it's not necessarily that it's going to be a speed and convenience issue. it's the cost issue. when you go, you mentioned the parking garage or something like car wash that has an unintended device. it's basically a computer with a card acceptance system. it's not going to be inexpensive for them to upgrade that to accept chip cards, but i definitely agree there are security enhancements for card present or when card is present type of transaction that will be helpful in addressing this risk issue, especially if it's used with the pin number keeping in mind there are hundreds of thousands of merchants that don't take pin-based debit transactions today. they're going to have to add the
capability of taking pin transactions if that is part of it. lots of changes will have to occur. and card brands are driving that with deadlines that are in the marketplace now sally you heard millions of sales points, millions of places where you can swipe a card and pay. who should bear the cost, should it be shared among all the parties? >> i think most who have the most resources and can forward the more sophisticated technology you have profitable credit card companies. as we've heard, very profitable merchants, walmart, target are hundreds of millions of dollars profitable companies. i think it's a conversation we should have. some of the smaller merchants
maybe they get assistance from the credit card companies, the banks and the smaller merchants pay on some ratio that's commensurate with their profit level, but i think very unfortunate to put consumers in this very vulnerable position where we don't have any control if target's system is hacked. so something needs to happen. somebody has to agree to pay for this, and it's a conversation for some reason we haven't had in this country, but we have more secure systems in europe, and consumers are asking why. quickly before we go. >> it's a more economical business here in the u.s. we're robustly a competitive environment. >> well chris mentioned cost. >> it's a significant cost. the question on the table will
merchants undertake that cost to upgrade-- >> why does it have to be merchants if processers are making 3% to 5% per swipe. >> i would dispute those numbers but the merchants benefit from some protection on the network if they make that infrastructure. and do consumers want that capability or is it irrelevant because they're already protected. they already have zero reliability for fraud. >> are we going to see this happen quickly? >> we're on a timetable. october 2015 is the tentative date where we're supposed to have this emv capability in place. i think we'll have one in place but we'll have to do a lot more to look at these sophisticated criminals. thank you all. that brings us to the end of this edition of "inside story." in washington, i'm ray suarez.
haiti, october 2010, at a hospital in a small, rural town north of the capital. these were the first victims of a horrific, unknown disease in a country still reeling from a devastating earthquake. patients were dying in the space of a few hours. children were especially vulnerable. al jazeera was the first news channel on the scene. in the following days and weeks we tracked the epidemic as it ripped across the country. leaving dozens, then hundreds, and soon thousands of haitians dead in its wake. i'd reported from war zones for