SC Magazine notes as users prepare for the long Thanksgiving weekend, internet fraudsters are already looking forward to Monday – the unofficial start of the holiday cybercrime season. Cyber Monday, the digital equivalent of the brick-and-mortar world’s Black Friday, is one of the busiest online shopping days of the year, and typically marks the beginning of a month-long period of increased online threats. Attack volume usually peaks during the two weeks before Christmas, when last-minute shoppers are online in full force. Phishing attacks, survey scams and poisoned search engine results are all expected to ramp up on Cyber Monday, the day most employees return to work for the first time since the Thanksgiving break.
The Federal Reserve Bank of Atlanta’s Portals and Rails notes despite the PCI Council’s best efforts and laudable goals, the effectiveness of its data security standard, PCI DSS, is frequently questioned. This standard is sometimes disparaged as expensive and ineffective. Contrary to the claims of PCI DSS critics, however, Verizon has collected some data that support the value of PCI. The Verizon 2011 Payment Card Industry Compliance Report provides evidence that PCI compliance is effective at preventing breaches, and that the most compliant organizations are the least likely to be breached. The Verizon report provides a detailed analysis of compliance and breach threats across their client portfolio.
Idan Aharoni at RSA’s Speaking of Security, blogs about automated Credit Card (CC) stores. These websites offer fraudsters an automatic way of buying stolen credit cards – simply fund an account with e-currency, choose which type of card you would like, pay and receive the full credential. Their popularity has reached such a fever pitch, CC store kits are traded in the underground in the same fashion as phishing kits.
Bank Info Security reports fraud specialists at New York’s Chase Bank have been credited with helping thwart an ATM skimming scheme that hit nearly 1,500 Chase customers in Manhattan’s Union Square. Chase’s detection of the fraud and notification of law enforcement reportedly helped investigators track and catch two Bulgarian nationals who have been indicted for the crime. Nikolai Ivanov, 31, and Dimitar Stamatov, 28, both legal residents of Canada, have been charged for netting more than $285,000 after skimming card details from four Chase ATMs.
Threat Post reports in a recent announcement that AT&T said that hackers made an organized and systematic attempt to gain access to nearly one million of its customers’ online accounts. The phone company assured customers in an e-mail their accounts were intact. AT&T does not believe that the perpetrators of this attack obtained access to online accounts or any of the information contained in those accounts. While no information appears to have been breached here, AT&T spokesman Mark Siegel said the company has launched an ongoing investigation to further identify the hack’s intent. AT&T, the largest phone company in the world, has 100.7 million wireless subscribers, yet only 1 percent of them, approximately one million customers, were targeted by the attack, in which hackers used automated scripts to try to match up customer telephone numbers with account numbers and gain access to accounts.
Market Watch notes while Cyber Monday, the online version of Black Friday, is the biggest online shopping day of the year, it is also a time when consumers can be careless and open themselves up to the risk of identity theft. This online shopping bonanza marks the start of the holiday season, and IdentityHawk wants to remind consumers to take precautions to protect their identities online and offline. Results from the 2011 Identity Fraud Survey Report conducted by Javelin Strategy & Research indicate that of all identity theft victims, 40% had their information misused while making an online purchase, compared to 13% for purchases made over the phone or through the mail.
CBS New York reports authorities announced Friday that they have busted a steakhouse scam that, for a while, was well done. Manhattan District Attorney Cyrus Vance Jr. announced the break-up of an elaborate identity theft ring that targeted patrons at steakhouses and other top-tier restaurants. The waiters would allegedly skim diners’ credit cards and go on luxury shopping sprees. Some 28 people face racketeering and other charges. After secretly skimming the diner’s card, they’d allegedly make a counterfeit one. Cops said after making the fake credit cards, members of the ring literally took them for a test drive and used the card to pay for short trips in a taxi to see if the charge would go through, CBS 2?s Tony Aiello reported. Then members of the ring would take the cloned card and go on shopping sprees at stores such as Neiman Marcus, Cartier and Chanel, authorities said. To back up their fake cards, the ring also allegedly made fake drivers’ licenses.
Bank Info Security notes the shift toward chip and PIN or Europay, MasterCard, Visa (EMV) card technology in the United States has already begun. Pradeep Moudgal, head of global cards and merchant services for $19.2 billion Silicon Valley Bank contends it’s going to take a lot of push from financial institutions, from the merchant community, from the regulators, who work together to really help move the needle on EMV adoption. The EMV chip and PIN standard, a commonly used payments card method in Europe and Asia, offers an alternative to magnetic-stripe technology, which remains the standard in the U.S. The EMV chip is considered far more secure than the mag-stripe, because it prevents card details from being physically skimmed at points of sale.
Dark Reading reports a desktop computer stolen from healthcare organization Sutter Medical Foundation has potentially exposed the personal information of nearly 4 million patients. The password-protected but unencrypted machine contained a patient database. Ironically, the Sacramento, Calif.-based healthcare organization had been implementing encryption across the organization at the time of the theft. Unfortunately, the machine that was stolen was not yet encrypted.
Threat Post reports on cybersecurity legislation. Citing a looming crisis over lax computer security, Senate Majority Leader Harry Reid said on Wednesday that the Senate will debate cybersecurity legislation. The move comes despite the lack of a coherent Senate plan and could set up a showdown with House Republicans over the government’s role in forcing industry to strengthen cyber protections, according to a report by The Hill. Reid sent a letter to Senate Minority Leader Mitch McConnell detailing plans to bring comprehensive cybersecurity legislation to the floor of the Senate for debate early in 2012. The move was greeted with approval by both Republican and Democratic members of the Senate Homeland Security and Governmental Affairs Committee.
