Gabreil M. Helmer of the Foley Hoag LLP, Security, Privacy and the Law web site writes, “Last week was a tough week for Albert Gonzalez, the so-called ‘leader of the largest hacking and identity theft ring ever prosecuted by the U.S. government.’” Gonzalez received a sentence of 20 years of imprisonment in two separate federal cases against him. The hacker pled guilty in the New Jersey and Massachusetts cases for his role as mastermind of the two largest financial data breaches ever, those involving TJX and Heartland Payment Systems.
A Florida credit union must reissue 12,000 debit cards after new fraud attempts traced back to the Heartland Payment Systems data breach, as reported by Bank Info Security. The MidFlorida Federal Credit Union is taking this action, according to chief operating officer Kathy Britt, because of the continued risk of fraud. Britt says the $1 billion-asset, Lakeland, FL-based credit union already reissued new cards to about 5,000 of its members in 2009, after the breach was made public. Britt says the new replacements follow recent fraud attempts on cards involved in the Heartland breach. The credit union has about 80,000 debit card holders.
The Ponemon Institute published for the first time their Global Cost of a Data Breach study in cooperation with PGP Corporation. The study examines actual costs incurred by companies as a result of discovering and responding to a data breach. Ponemon surveyed companies in the U.S., UK, Germany, Australia and France and found that in 2009, the average cost of a data breach was $3.4 million. That is $142 per customer affected by the breach. Costs in the U.S. have risen steadily from a 2005 average incident cost of $4.5 million to a 2009 cost of $6.65 million.
Bank Info Security reports Russian federal authorities this week arrested three suspects already indicted here in the U.S. for the RBS WorldPay heist. This brings hope that there will be justice meted out for the $9 million hack that stunned even the most knowledgeable law enforcement officials when it happened in November 2008. In the indictments handed down in Atlanta, Pleshchuk and Tsurikov were the accused leaders of the group of eight hackers. The group allegedly infiltrated RBS WorldPay’s network and broke the encryption around the company’s payroll debit cards.
Angela Moscaritolo at SC MagazineUS.com writes that U.S. banks are grappling with a recent increase in skimming attacks, which are being carried out by Eastern European gangs aiming to steal consumer bank account numbers and PINs, according to a Gartner analyst. These types of attacks are not new, but the scale and the organization behind them according to, Avivah Litan, Gartner.
Francois Lasnier at Bank Info Security blogs that a change is happening in the security of online banking. In October 2005, the FFIEC provided guidance requiring the banking industry to provide stronger security controls to ensure the safety of online transactions. This set in motion a flurry of changes, but the effort has not been able to keep up with the ever-increasing sophistication of online threats. The time has come for stronger security, but the focus needs to be protecting end users — not simply meeting compliance requirements.
Shirley Inscoe at Bank Fraud Forum writes that according to the 2009 ABA Deposit Account Fraud Survey Report, debit card losses totaled $788 million in 2008, compared to $1.024 billion lost to check fraud. On the surface, check fraud is clearly a larger problem. Surprisingly, however, more banks reported experiencing debit card fraud losses than check fraud losses. While 92% of survey participants reported experiencing debit card fraud, only 80% of banks reported experiencing check fraud losses.
