Did Visa's Malware Warnings to Target Go Unheeded?

Visa sent out two retailer alerts about security-busting malware last year.

Jan 21, 2014 at 8:54PM

The debit and credit card security breach that occurred at Target (NYSE:TGT) over the holiday shopping season has become a firestorm, as the big retailer revealed that 40 million shoppers possibly were victimized by credit fraudsters. From there, things only got worse: Target quickly updated the number of accounts hacked to 110 million. A few days ago, retailer Neiman Marcus acknowledged having been victimized, too -- and experts expect several more merchants to come forward with the same story before long.

The U.S. government has released information culled from its investigation of the incident to retailers in the hopes of finding other compromised point-of-sale, or POS, systems, and possibly averting other attacks. Included in the release are tips on rooting out such malware, which can evade detection by standard anti-malware programs.

Hopefully this helps, but advance knowledge of a problem is apparently not enough to prevent such a debacle. Payments giant Visa (NYSE:V) had warned retailers -- including Target -- on two separate occasions last year about just this sort of problem, supplying malware signatures and several suggestions to avoid intrusion. With this type of heads-up, why did the breach still occur?

Malware nearly invisible to protection programs
The POS malware Visa described in April and August of last year was the same kind that caused the recent upheaval: memory-scraping programs that work themselves into a merchant's Windows-based POS network, gleaning account data from the magnetic strip on debit and credit cards. The malware parses information during the time account data is stored in the system's random access memory before payment authorization is completed.


POS systems are becoming increasingly popular hack targets, and the government report notes that the specific type of malware used is virtually invisible to anti-virus and anti-malware programs, so Target and other retailers may not have been able to detect it. The manner in which the malware infiltrated the system in the first place, however, appears to be an area where retailers dropped the ball.

IntelCrawler, a security firm that originally identified the creator of the malware code as a Russian teenager, notes that the hackers who obtained the program entered the retailers' systems remotely. How? Simply by repeatedly trying different passwords on remote POS servers until they got in. Apparently, uncomplicated passwords are the norm on such servers, and access is not very strict -- even though they can contain boatloads of data from several store locations.

Charges of negligence
Target is facing a rash of lawsuits claiming that the store was lax in protecting its customer information from hackers, as well as taking too long to publicize the data breach. Banks such as JPMorgan Chase (NYSE:JPM) are also likely to sue, particularly if Target is found to have been negligent in its security protocol. Banks could be liable for in-person transactions and will probably want to be refunded the cost of replacing compromised cards. JPMorgan has admitted to replacing 2 million cards affected by the breach.

Visa could levy fines against Target and its payment partners as well, much as it did when TJX experienced a security breach nearly 10 years ago. Lawmakers have raised a ruckus over the issue, with several Senate Democrats requesting a hearing by the Financial Services Committee.

Time will tell whether Target -- and possibly other retailers -- could have been more vigilant in foiling the attacks. If having advance knowledge of a possible assault isn't sufficient for prevention, however, it's likely that these particular types of attacks may have become altogether unstoppable.

Stocks you'll want to hang onto for the long haul
As every savvy investor knows, Warren Buffett didn't make billions by betting on half-baked stocks. He isolated his best few ideas, bet big, and rode them to riches, hardly ever selling. You deserve the same. That's why our CEO, legendary investor Tom Gardner, has permitted us to reveal The Motley Fool's 3 Stocks to Own Forever. These picks are free today! Just click here now to uncover the three companies we love. 

Fool contributor Amanda Alix has no position in any stocks mentioned. The Motley Fool recommends Visa and owns shares of JPMorgan Chase and Visa. Try any of our Foolish newsletter services free for 30 days. We Fools don't all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

4 in 5 Americans Are Ignoring Buffett's Warning

Don't be one of them.

Jun 12, 2015 at 5:01PM

Admitting fear is difficult.

So you can imagine how shocked I was to find out Warren Buffett recently told a select number of investors about the cutting-edge technology that's keeping him awake at night.

This past May, The Motley Fool sent 8 of its best stock analysts to Omaha, Nebraska to attend the Berkshire Hathaway annual shareholder meeting. CEO Warren Buffett and Vice Chairman Charlie Munger fielded questions for nearly 6 hours.
The catch was: Attendees weren't allowed to record any of it. No audio. No video. 

Our team of analysts wrote down every single word Buffett and Munger uttered. Over 16,000 words. But only two words stood out to me as I read the detailed transcript of the event: "Real threat."

That's how Buffett responded when asked about this emerging market that is already expected to be worth more than $2 trillion in the U.S. alone. Google has already put some of its best engineers behind the technology powering this trend. 

The amazing thing is, while Buffett may be nervous, the rest of us can invest in this new industry BEFORE the old money realizes what hit them.

KPMG advises we're "on the cusp of revolutionary change" coming much "sooner than you think."

Even one legendary MIT professor had to recant his position that the technology was "beyond the capability of computer science." (He recently confessed to The Wall Street Journal that he's now a believer and amazed "how quickly this technology caught on.")

Yet according to one J.D. Power and Associates survey, only 1 in 5 Americans are even interested in this technology, much less ready to invest in it. Needless to say, you haven't missed your window of opportunity. 

Think about how many amazing technologies you've watched soar to new heights while you kick yourself thinking, "I knew about that technology before everyone was talking about it, but I just sat on my hands." 

Don't let that happen again. This time, it should be your family telling you, "I can't believe you knew about and invested in that technology so early on."

That's why I hope you take just a few minutes to access the exclusive research our team of analysts has put together on this industry and the one stock positioned to capitalize on this major shift.

Click here to learn about this incredible technology before Buffett stops being scared and starts buying!

David Hanson owns shares of Berkshire Hathaway and American Express. The Motley Fool recommends and owns shares of Berkshire Hathaway, Google, and Coca-Cola.We Fools don't all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

©1995-2014 The Motley Fool. All rights reserved. | Privacy/Legal Information