GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

Proximity payments mash-up: NFC, QR, BLE, MST

News

Industry Update

Threat indices rise as 'fullz' rush in to IRS site

Ready or not, PCI 3.0 is here

Small change for small issuers in Target-MasterCard settlement

Second Sally Beauty breach a 'wake-up call'

Trade Association News: MWAA revisits heart of Chicago

Features

NFC game changer for retailers and marketers

The Mobile Buzz: Six mobile engagement strategies

Views

Insider's report on payments: Going cashless sounds like nonsense

Patti Murphy
Proscribes Inc.

Valuation impact of EMV on merchant acquiring assets

Scott Calliham and Janinne Dall'Orto
First Annapolis Consulting

Education

Street SmartsSM:
Controversial questions and answers - Part 2

Jeffrey I. Shavitz
Affinity Solutions Inc.

EMV liability shift catching SMBs unaware

Chris O'Donnell
Instabill Corp.

Don't gamble with your business

Kevin Mendizabal
Frates Insurance and Risk Management

Using emotion to your advantage

Jeff Fortney
Clearent LLC

Infographic: 2015 U.S. EMV liability shift

Company Profile

Conformance Technologies

CardConnect

New Products

EMV merchant preparedness, prepackaged and just-in-time

EMV Marketing-in-a-Box for POS
Strategic Marketing LLC

Turnkey, white label hospitality platform

Residualfy
Residualfy Inc.

Inspiration

Mad men and women of business - Part 1

Departments

Readers Speak

Boost Your Biz: Who cares?

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

June 08, 2015  •  Issue 15:06:01

previous next

Threat indices rise as 'fullz' rush in to IRS site

The Internal Revenue Service confirmed reports of a wide-scale attack on one of its web portals, describing the incident as "a sophisticated effort" involving "unauthorized access" to numerous taxpayer accounts. The agency did not directly refer to it as a security breach. A statement issued May 26, 2015, indicated identity thieves had used the Get Transcript web portal to obtain approximately 100,000 consumer records, initiating an estimated 15,000 fraudulent tax refunds.

The Get Transcript portal is temporarily closed pending oversight by the IRS Criminal Investigation unit and Treasury Inspector General for Tax Administration. The IRS reported it will notify about 200,000 taxpayers whose accounts were targeted by criminals, including the 50 percent whose accounts were not compromised due to attempted break-ins that failed to authenticate.

The IRS stated it will offer free credit monitoring services to approximately 100,000 taxpayers whose Get Transcript accounts were illegally accessed, "to ensure this information isn't being used through other financial avenues."

Analysts have speculated that unusual activities in the Get Transcript portal began as far back as February 2015. However, the IRS detected no unlawful activities in its main computer system, which handles tax filing submissions. At a May 26 press briefing, IRS Commissioner John Koskinen claimed the IRS security infrastructure is essentially intact. "This is not a hack or data breach," he said. "These are impostors pretending to be someone."

Big data, big crime

In his book Future Crimes, Global Security Adviser and Futurist Marc Goodman wrote that nearly 20 percent of U.S. and European consumers have been victims of identity theft.

"These stolen identities are often referred to as 'fullz' by hackers and contain names, addresses, Social Security numbers, dates of birth, workplaces, bank account numbers, bank routing numbers, state driver's license numbers, mother's maiden names, e-mail addresses, and additional online account names and passwords," he wrote.

Goodman went on to predict that tax refund identity theft will cost the IRS as much as $21 billion over the next five years, "all because we're leaking massive amounts of data from deeply insecure systems that can easily be traded at tremendous profit on the Dark Net." Security analysts are concerned by the scope and sophistication of recent cyber security attacks, which have enabled criminals to leverage stolen personally identifiable information to gain access to consumers' financial assets and identities.

The IRS revealed that criminals were able to answer personal identity verification questions that are typically known only to taxpayers. "In this sophisticated effort, third parties succeeded in clearing a multi-step authentication process that required prior personal knowledge about the taxpayer, including Social Security information, date of birth, tax filing status and street address before accessing IRS systems," it stated.

Senate Finance Committee wants answers

Government leaders have been critical of the IRS' attempts to downplay the seriousness of the situation. In a letter to IRS Commissioner John Koskinen dated May 27, Senator Orrin G. Hatch, Chairman of the Senate Committee on Finance, referred to the IRS incident as a data security breach, stating that his committee "has an obligation to ensure that proper protections are in place and that such a breach is less likely in the future."

Hatch also noted a separate investigation initiated by the committee in April into stolen identity refund fraud. He described it as a key concern highlighted by the recent IRS breach. He believes it is critically important for the committee to fully understand what took place and what appropriate legislative responses may be required to reduce the risk of recurrence.

Hatch wrote, "To this end, I ask that you provide my Committee staff with a confidential briefing by no later than June 5, 2015." The briefing would cover the following questions:

Federal departments referenced in Hatch's letter may include The Cyber Threat Intelligence Integration Center, which monitors foreign cyber threats, and the Department of Commerce's National Institute of Standards and Technology, a consortium of technology experts committed to enhancing critical security infrastructure.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems