A few months ago the Target I patronize — by which I mean, I often stand outside and make thinly veiled, passive-aggressive remarks in a faintly superior tone — upgraded its credit card terminals. I remember thinking two things:
1. It’s only a matter of time before someone tries to write their name on the screen with a ballpoint pen. Every old terminal had scratches left by someone who thought they should sign in ink. At least when Boris Q. Funderman gets out a Sharpie and signs the new machines, his shame will be apparent to all.
2. If I wanted to infiltrate a company’s credit card database, that’s where I’d start. If you hack the mainframes, sirens wail, the IT security guys jump off their cots and start typing madly like they do in the movies. “They’re past the firewall! They’re using SSL tunnels with randomly generated proxy IPs to gain Root! I’ve never seen anything like it!”
But that’s the movies. You suspect real life is one guy who looks at the logs, thinks “uh-oh,” passes it up the chain to the manager for IT, who thinks “uh-oh,” then hands it off to corporate, which thinks “uh-oh,” and tells PR to craft a statement that doesn’t make people think “uh-oh,” but winds up making Wall Street think “uh-oh,” and makes some people shrug.
Forty million accounts hacked? Eh, they won’t use mine. Chance of winning the Mega Millions jackpot is 260 million to one? THIS IS MY LUCKY DAY.
So now everyone has to go through their credit card statements, frown, look up and say, “Honey, did we buy a TV in Saigon?”
Here’s what I don’t get, though. It seems that the hackers don’t have access to the most important part of the transaction: your Crucial Squiggle. How many times have you signed your name and gone outside the box, and the clerk shoots you a suspicious look. The security guard by the door touches his ear; he’s on alert. Then you try again signing your name, and there’s the nervous moment where you know computers are matching the lines to signatures you’ve made before and... APPROVED!
The flood of relief! The guard stands down. So no, I’m not concerned about the breach, and I think the idea that people will flee Target and go to another store is ridiculous. Why would you want to trade with any big company that hasn’t suffered a huge security breach? That just means they’re next.