GS Logo
The Green Sheet, Inc

Please Log in

Banner Ad
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

Thriving in a disruptive market - MLS strategies

News

Industry Update

Zaxby's breach under investigation

UBPS acquisitions further ambitious vision

AmEx restructuring, reimbursements force job cuts

Fed assesses Durbin effect on networks, banks

Features

SMEs and important changes to the EU data protection act

Bill Farmer
Mako Networks Ltd.

Research Rundown

ISOMetrics:
Fed analysis of post-Durbin effects on networks

Website mistakes to avoid

Selling Prepaid

Prepaid in brief

Using KYC to boost prepaid usage

Low fees may be lynchpin for tax refund card adoption

Views

Is prepaid usage a valid measure of banking status?

Patti Murphy
ProScribes Inc.

Top five reasons to sell POS systems

Brian Jones
Harbortouch

Is m-commerce at a cultural tipping point?

Rick Berry
ABC Mobile Pay Inc.

Education

Street SmartsSM:
Tack like a sailor to strengthen your sales

Jeff Fortney
Clearent LLC

Time to take inventory of your leadership stock

Dale S. Laszig
Castles Technology Co. Ltd.

Distancing your ISO from the pack through partnerships

Christopher Briller and Sean O'Neil
MerchantPro Express LLC

Fraudsters persisting in the new year

Nicholas Cucci
Network Merchants Inc.

Company Profile

Glazer_Kennedy Insiders Circle LLC

New Products

Say yes to global customers

Multicurrency processing
Pivotal Payments

Artificial intelligence pinpoints fraud

Kount AI platform
Kount Inc.

Inspiration

You think you've got it bad

Departments

GS 10 Years Ago

Readers Speak

Resource Guide

Datebook

Miscellaneous

2013 events calendar

Skyscraper Ad

The Green Sheet Online Edition

January 28, 2013  •  Issue 13:01:02

previous next

Fraudsters persisting in the new year

By Nicholas Cucci

We saw several notable data breaches in 2012, and the need for vigilance continues when it comes to card system security in both mobile and card-present environments.

From Zappos.com and Global Payments Inc. to LinkedIn, we saw several notable data breaches in the year just ended. However, the most noteworthy breach of 2012 occurred at the South Carolina Department of Revenue, according to attorney Ronald Raether, a partner at Faruki Ireland & Cox PLL in Dayton, Ohio.

That state agency breach highlighted a lingering problem. Government agencies remain vulnerable to hackers, just as they did five years ago, Raether told BankInfoSecurity.com in December 2012.

In the last quarter of the year just ended, 10 major U.S. banks were the targets of powerful, distributed denial-of-service (DDoS) attacks. In these attempts to make a machine or network resource unavailable to its intended users, perpetrators interrupt and sometimes cause the suspension of service provided by a host connected to the Internet.

One of the most common methods involves saturating target machines with external communications so that they cannot respond to legitimate traffic, or they respond very slowly, essentially making the site unavailable.

State-sponsored hacktivism

On Dec. 10, 2012, a group calling itself Izz ad-Din al-Qassam Cyber Fighters posted to a website that it would begin a second phase of a DDoS campaign against five U.S. banks. The group has reportedly targeted Bank of America Corp., SunTrust Banks Inc., PNC Financial Services Group Inc., U.S. Bancorp and JPMorgan Chase & Co., according to several news organizations.

"In [this] new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," al-Qassam's posting stated. And recently, the New York Times reported that U.S. officials believe Iran is behind the group's attacks. These banks reportedly had experienced an earlier phase of al-Qassam's DDoS attacks in September and October. So far, no evidence of fraud has been linked to these attacks, although the group continues to make threats against American banks.

PNC has suffered sporadic online access issues related to high volumes of traffic in recent months, but the bank was unable to link those issues to a DDoS attack. PNC spokeswoman Amy Vargo said some customers reported having trouble accessing the bank's site during the afternoon of Dec. 27, 2012, but the issue was intermittent, and systems were quickly restored to normal.

Arm your merchants with info

How can you reduce your merchant's risk? Unfortunately, no foolproof means of preventing DDoS attacks has been developed. Yet the following steps may prove helpful:

The latest breach

Another recent breach that carried over into 2013 occurred at New York-based wholesaler Restaurant Depot. The company notified officials in several states of a POS network breach that exposed a to-be-determined number of customer debit and credit cards.

This company experienced a similar breach in 2011 that affected over 200,000 individuals. Jetro Holdings Inc., parent company of Restaurant Depot, announced the most recent breach in December after several customers complained of fraudulent activity on their credit cards following purchases at the company.

Richard Kirschner, President of Restaurant Depot and Chief Operating Officer of Jetro Holdings, told BankInfoSecurity.com that only card numbers were exposed. He said the breach was not made through an individual POS terminal, but the company was still trying to determine how hackers obtained access. "It will take time; this was very sophisticated," he said.

Trying to plug an invisible security hole

Jetro Holdings stated in December that it had spent considerable resources over the prior year upgrading its card-processing systems at all locations to ensure they met security mandates. After the 2011 breach was discovered, the company hired Trustwave to help monitor its network. But ongoing monitoring failed to detect the latest attack.

Financial fraud expert Shirley Inscoe, of Aite Group LLC, told BankInfoSecurity.com that Restaurant Depot likely had multiple security gaps, despite its belief that it was Payment Card Industry Data Security Standard-compliant at the time of the recent breach.

"Investigations of stated. She predicted the card brands would levy fines this time. And card issuers would likely seek compensation for their costs as well, if they had to issue many new cards as a result of this data breach. It will be interesting to see how this breach plays out. As for 2013, the need for vigilance continues when it comes to card system security in both mobile and card-present environments.

Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at ncucci@nmi.com.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | IRISCRM.COM | Humboldt Merchant Services