Report: Neiman Marcus breach lasted July to January
New York – Neiman Marcus reportedly first experienced a data security breach in July 2013 and did not fully resolve the issue until Sunday, Jan. 12, 2014. According to the New York Times, in a private call with credit card companies held Monday, Jan. 13, the time stamp on the first breach indicates it took place in mid-July.
While Neiman Marcus only publicly disclosed this hacking attack on Friday, Jan. 10, the company reportedly first informed credit card companies around Christmastime. While Neiman Marcus denies its attack has any connection to the recent data breach at Target, investigators reportedly believe both attacks originated in Eastern Europe.
Report: Retailers may face major hacking threat
New York – The retail industry may be facing a major threat by hackers targeting sensitive consumer data held by numerous chains. According to Bloomberg, a report from security company iSight Partners says multiple groups of hackers have been targeting retailers since June 2013 using a piece of software known as Kaptoxa.
Kaptoxa, which is available on underground hacker websites, has been identified by a separate anonymous report as the software used in the recent Target attack. Target would not comment on whether Kaptoxa was used. The Wall Street Journal reports that some of the code used to penetrate Target’s security system was written in Russian.
NRF asks court to uphold lower swipe fee cap
Washington, D.C. – The National Retail Federation (NRF) has asked an appeals court to uphold a judge’s ruling that the Federal Reserve set its cap on debit card swipe fees far higher than intended by Congress and that the cap needs to be recalculated at a lower level.
A three-judge panel of the U.S. Circuit Court of Appeals is scheduled to hold a hearing in Washington, D.C., on Friday, Jan. 17 on the Federal Reserve’s challenge of U.S. District Court Judge Richard Leon’s July ruling that the 21-cent cap that took effect in 2011 was too high. The ruling came in a lawsuit brought by NRF and other groups.
Under the Durbin Amendment section of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the Federal Reserve was required to adopt regulations that would reduce debit card swipe fees from an average 45 cents per transaction to a “reasonable” level “proportional” to banks’ cost for processing the transactions. The law allowed the Federal Reserve to consider the incremental costs of acquiring, clearing and settling each transaction but prohibited any other expenses from being included. The Federal Reserve estimated those costs at an average four cents and initially proposed a cap no higher than 12 cents, but eventually set the figure at 21 cents after heavy lobbying by banks. The NRF lawsuit claims the higher level includes costs that were barred by Congress.
Leon’s July ruling also agreed with NRF that the regulations failed to comply with a congressional requirement that at least two competing processing networks be available for each transaction regardless of whether consumers choose “credit” or “debit” when using a debit card. The requirement was intended to lower costs by increasing competition.
“Nearly four years after the law was passed, debit swipe fees are still far higher than they should be, and banks are raking in billions of dollars in unearned profits every year as a result,” NRF senior VP and general counsel Mallory Duncan said. “Instead of doing what Congress ordered, the Fed gave in to pressure from big banks – and retailers and their customers are paying the price. It’s time for the Fed to follow the law instead of catering to the industry it is supposed to regulate.”