GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

This event is brought to you by: Insert your company name


Industry Update

Supreme Court upholds AmEx's merchant contract

Authentify xFA renders passwords obsolete

Mobile user desires universal, First Data finds

Check usage survey reveals key behavioral insight

Selling Prepaid

Prepaid in brief

Gift cards remain a strong product category

Gift card issuers face new accounting standards


With prepaid debit gains, it's a mixed bag

Patti Murphy
ProScribes Inc.

Maintaining equilibrium in acquiring

Ken Musante
Eureka Payments LLC


Street SmartsSM:
Smooth apperators

Dale S. Laszig
Castles Technology Co. Ltd.

How consumer demands and biller priorities align

Eric Leiserson

Making a Square peg fit a triangle mold

Steve Norell
US Merchant Services Inc.

POS attacks on the rise

Nicholas Cucci
Network Merchants Inc.

The mix moves the message

Nancy Drexler
Acquired Marketing

Company Profile

Plug n Pay Technologies Inc.

New Products

Docking station for secure checkout

USA ePay

Online value-add for merchant portfolios

Real Local Pages ISO program
Real Local Pages


Checkup for the road ahead


Merchant selling in the connected age


Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

July 22, 2013  •  Issue 13:07:02

previous next

POS attacks on the rise

By Nicholas Cucci

POS software vulnerability is to blame for numerous attacks exposing hundreds of thousands of credit cards per year. Some retailers in Louisville, Ky., have found this out the hard way.

Card issuers have been able to tie fraudulent transactions back to a number of merchants in the Louisville area who all have one thing in common: the same POS systems with remote access software, supplied locally to some Louisville merchants, according to

Given multiple links to Louisville, issuers at first thought the breach had involved a processor. The attacks may have begun in February 2013. The names of the stores that experienced a breach have not yet been revealed. The Kentucky Task Force Crimes Unit, which is part of the U.S. Secret Service, is heading up the investigation.

The attacks thus far discovered do not seem to have affected PIN debit transactions. However, Park Community Federal Credit Union of Louisville posted a fraud alert on its website on April 2, 2013, to notify people of a possible compromise that could affect a significant number of cardholders in the region.

Keeping cardholders vigilant against fraud

Park Community is active in keeping area citizens informed of various threats, including one hoax involving temporary debit card holds. The credit union's website warned that members received automated phone calls telling them that their cards were temporarily on hold or deactivated for security purposes.

The calls instructed cardholders to enter their card numbers via phone. "These calls were bogus and not from Park Community," the site stated. The credit union noted that it never contacts members to ask for debit card or checking account numbers.

POS breaches are on the rise. Card issuers have been the first line of defense in detecting system intrusions. They search for fraud patterns in localized areas. In March 2013, a St. Louis-based grocery store chain was alerted by card issuers to a possible breach.

Schnuck Markets Inc., which has 101 stores in five states, later stated that its computer forensic firm found evidence that malware had captured mag stripe data. Some 2.4 million credit and debit cards were exposed between Dec. 1, 2012, and March 29, 2013.

Detection lags intrusions

Financially motivated fraudsters are a key part of the 75 percent of incidents in Verizon's 2013 Data Breach Investigations Report, which analyzed 47,000 data security incidents over the course of a year.

This study also found that 37 percent of the security breaches occurred in financial organizations and retail environments, while restaurants suffered 24 percent of the reported incidents. In 66 percent of cases, the breach was not discovered for months, or even years. In 22 percent of cases, it took months to contain the breach.

"What's alarming is how long breaches took to spot, and how long they took to fix," the report stated. "And while sensitive data remains exposed, losses grow and reputations suffer further damage." Here are a few things you can do to make sure your merchants understand how to protect their POS systems.

Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners, as well as a member of the Electronic Transactions Association's Risk, Fraud and Security Committee. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Board Studios