Entries tagged with “data theft”.
Did you find what you wanted?
Nov 25 2014
Posted by Sara Davis
As our society’s digital dependence increases, so does the average person’s credit card usage. More businesses are going paperless – leading to an increase in online payments. Also, in general, online purchases are more popular than in-store purchases. In fact, a 2013 survey by Ebates.com, involving 1,000 U.S. consumers, revealed that 84% preferred shopping online than in-store. In light of these trends, it’s even more necessary to be well-versed in safe credit card usage practices.
One easy preventive measure against fraudulent usage of your credit card, should it be physically stolen, is to opt for including a photo of yourself printed on your card. Many banks already offer this option, which makes it practically impossible for a thief to use your stolen card in physical stores. Keep in mind that this provides little protection against fraudulent online purchases.
When using your card online, check your computer for malware before inputting your card number. Often, malware, acquired via unsafe web surfing, install keyloggers which can record and transmit your credit card information as you type it.
Another method used to steal your credit card information is via phishing sites. Make sure to check the URL or address bar in your browser to make sure you aren’t on a phishing site. Phishing sites perfectly mimic the appearance and functionality of a legitimate site, like Amazon, to trick you into submitting your sensitive information.
The key to minimizing the risk of unauthorized use of your credit card is vigilance. If you approach each use of your card with caution, you’ll avoid most credit card stealing traps.Contact us to learn more about fraud prevention tips.
Nov 13 2014
Posted by Sara Davis
Data Breaches, Data Security
There have been a few famous cyber security breaches regarding financial data in the past year. Here is our next example of one that involved a financial security breach at a large department store.
Hackers broke into the credit card payment system of the department store early last year. The company’s security system apparently issued alerts sixty thousand times but even so, the hackers were able to move around inside the system for more than half a year, all while continually causing alerts every day they were there.
The problem, in this instance, was that the number of alerts that occurred in the system per day was so high that those that corresponded to the actual break-in were only a tiny percentage of the total according to employees at the company. According to some estimates, as many as three hundred and fifty thousand credit cards were exposed during the attack, and some nine thousand have been used by fraudsters since then.
According to some security experts, the main problem was that the point of sales network for the company had all of the registers connected to a central computer. Because of this centralized system, it was easy for hackers to continually add their software back onto registers every day.
The breach could have been prevented had the company more closely monitored the connections between the registers and the central computing system. Every section of the process has to be monitored and secured or a breach at any point could circumvent point of sale security, which is exactly what happened in this case.
For more information about keeping financial transactions secure against hackers, please contact us.
Nov 12 2014
Posted by Sara Davis
Data Breaches, Data Security
There have been a number of cyber breaches in the last year where financial data has been leaked to the public. Some have been smaller companies but there have been a fair amount of larger corporations who have fallen victim also. Here’s an example of a more recent cyber security breach that took place at a major retail store.
Last year a major retail store reported that up to 40 million credit card numbers had been stolen by hackers. According to some, it was one of the biggest retail hacks in American history. The way the hackers gained access was by installing malware into the payment system the store was using. By doing this, it allowed hackers to gain credit card information for every single user from the over 1,500 stores where the information was stored. The way the hack worked is that the program would copy the credit card number of consumers whenever they swiped their card to pay for their items.
The hackers were actually spotted by a few different security companies during this breach. This was a case where the security measures in place actually functioned, and the problem was the human element.
Apparently, the security program in place had the option to automatically delete malware being placed on the system, but the security team turned it off. According to some sources, the security team then failed to keep a firm enough grip on network security, which caused them to miss the multiple flags that went off.
The Symantec Endpoint Protection system that the company was using for antivirus even identified the threat well in advance.
The case with this retail store just goes to show that a security system, no matter how advanced, is only as effective as the people using it.
For more information on cyber security, please contact us today.
Oct 24 2012
Barnes and Noble has reported that PIN entry devices in dozens of its stores have been hacked. According to the company, one device in each of 63 different stores had been compromised. The company said that its website and purchase made on the Nook were not impacted by the breach. Reports indicate that the stores involved in the compromise were located in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island. B&N is working with banks to notify affected customers. The company acted swiftly in disconnecting the devices in all of its more than 700 stores once the breach was discovered. Further, the company altered the process for using a card to a more secure method. Rather than swiping the card, the consumer will now hand the cashier the card to be swiped, a process the company believes to be more secure.
There are two security issues at play here. The first is the question of physical security. How many times have you walked into a grocery store, or any store for that matter, and used the PIN pad device without the assistance of the clerk? While that certainly adds convenience, it can also introduce risk. The following video demonstrates just how easy it can be to compromise a PIN pad machine.
As you can see, without the proper physical security, attaching a skimming device or tampering with the machine can take just a matter of seconds. If you are accepting cards it is vitally important to think about the physical security of the data, as well as the technical security. If you use a mobile device, ensure that it is with you at all times. If it is not with you, it should be locked in a secured location. If you are using a Point of Sale solution or a PIN pad device, make sure that it is secured to the counter and that you can tell whether or not the device has been altered. In the video above, the clerk noticed that machine had been tampered with and was able to prevent the theft of data.
The second issue at play here is the technical aspect of security. This is of particular consequence, because thieves that are able to access full card data can make counterfeit cards and the volume of fraudulent transactions increases significantly. To counter this, the PCI SSC has drafted a number of documents specifically aimed at protecting PIN pad devices. You can find all of the PCI SSC security documents on the Library section of their website.
Security of transaction data is not an “online only” problem. Thieves are able to extrapolate physical theft into credit card fraud. That means the physical instruments that we use to accept credit card transactions must be afforded the same level of protection as the systems in which we store that data (e.g. databases or POS applications).
Oct 2 2012
Posted by hmark
Privacy, Regulations and Laws
On this blog, we have discussed, almost ad nauseum, data breaches. How they happen, how they can be avoided, what to do if your business is impacted. What we haven’t discussed much is that most merchants, particularly in the SMB segment, are also consumers. So what rights do consumers have when their data has been compromised? The Privacy Rights Clearinghouse has been producing a six part video series on important privacy topics. This week, the organization released Part 4: Data Breaches: Know Your Rights.
The video walks viewers through an incident in which a consumer is notified that his data has been compromised. It discusses what questions you should ask and what steps you might take to protect yourself. As an example, we hear that consumers are often advised to get a “credit freeze” in the wake of a compromise. But what does that mean and is that really the best option for everyone?
As an additional resources, check out the Fact Sheet also offered by the organization. Unfortunately, data breaches are going to continue to be common for the foreseeable future. Not because organizations aren’t taking appropriate steps to protect the data, but because data thieves are often highly motivated and see hacking as a high-reward/low-risk activity. That being the case, as consumers, it makes sense that we educate ourselves on how to respond and what rights we have under the various state or federal laws surrounding our financial or personally identifiable information.