Bank Info Security interviews Kim Peretti, former federal prosecutor regarding the TJX/Heartland data breaches. With the recent sentencing of the last of Albert Gonzalez’ co-conspirators in the data breaches, a long, hard criminal investigation comes to a close. Kim Peretti, former senior counsel with the Department of Justice, offers an inside look at these investigations.
Justin Pritchard at About.com alerts consumers to dangers of skimming scams and how to avoid them. He says scammers can quickly read a card’s information and use it to access your account fraudulently. He notes skimmers may be installed on ATM machines, and sometimes not be noticed. A small device is placed over the normal card reading slot and can read a card’s magnetic stripe. Skimmers can also be handheld devices that a dishonest merchant can keep in his pocket. While charging a card while out at dinner, for example, a scammer can run a card through a skimmer as well.
The new point of sale standard released by the PCI Security Standard Council receives mixed reactions from industry security experts. The revised standard is meant to enhance and prevent payment card fraud on devices that accept payment transactions, and will cover everything from retail point of sale card readers to unattended payment terminals at gas stations and parking lots.
Bank Info Security reports that PCI’s 2PIN Transaction security update is effective immediately. A new measure to strengthen credit card data protection was released by the PCI Security Standards Council May 12. Version 3.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) standard is designed to streamline and simplify testing and implementation by providing a single set of modular evaluation requirements for all PIN acceptance Point of Interaction terminals.
Bank Info Security reports on a Visa alert to banks, processors that describes bogus batch settlement. Banking institutions and payments processors are on heightened alert after notification from Visa that a criminal group plans to execute a large, fraudulent batch settlement scheme. Visa does not have any information as to when the fraudulent settlement activity may occur. The criminals claim to have access to a merchant account placed with a bank in Eastern Europe.
Bank Info Security reports the same electronic crime syndicate behind two-thirds of the phishing attacks detected in the last half of 2009 has been linked to the recent rash of incidents targeting small and midsized businesses. “Avalanche” is the name given to the world’s most prolific phishing gang and to the infrastructure it uses to host phishing sites. And this is the group that has shifted additional resources to the creation of spoof sites and spam lures that distributed the very latest, most malignant Zeus variants, says Rod Rasmussen, co-author of the global phishing study released by the Anti-Phishing Working Group.
PRNewswire reports ID Analytics receives third patent from U.S. patent and trademark office for new detection system and method using historical identity records. ID Analytics received a patent for the company’s system and method for fraud detection using multiple historical identity records. ID Analytics incorporates these in its ID Network, which includes more than a billion unique identity elements and receives an average daily flow of 45 million identity elements from its customers which include eight of the top ten credit card issuers, six of the top ten financial services companies and four of the top five wireless carriers.
Elinor Mills at CNET reports on “SMiShing.” She says that when we think of phishing attacks, in which scammers try to lure sensitive information out of Internet users, we think of fake official-looking e-mails and Web sites. But you don’t even need to be online to get phished. A phishing attack making the rounds tries to dupe cell phone users into revealing their personal data over the phone. It uses SMS messages, which makes it a “SMiShing” attempt. It all starts with a spam text message purporting to be from a financial institution.
Joseph Menn at the Financial Times reports US regulators are drafting plans to force banks to protect their customers better from a surge in online account fraud. While banks are not obliged to disclose the extent of fraud to customers or investors, figures they provided to federal examiners showed aggregate losses from computer intrusions and falsified electronic transfers of $120m in the third quarter, more than triple the level of two years ago. Overall identity fraud at banks is costing the system about $700m per quarter, according to the Federal Deposit Insurance Corporation. (Free registration)
Elinor Mills at CNET News reports Facebook has joined the ranks of the most popular sites targeted by phishers, according to a study released Wednesday by Kaspersky Lab. Facebook’s share of the phishing attacks that occurred from January through March this year was 5.7 percent, while more than 52 percent were masquerading as PayPal, 13.3 percent targeted eBay users, and 7.8 percent were fake HSBC messages.
