Articles

Bank Info Security reports Bank of America now says the suspected breach of credit card data it reported earlier this month is likely linked to a third-party merchant – not a third-party service provider. BofA spokeswoman Betty Riess noted this was an isolated incident at a third-party merchant (like a store) that may have impacted a very small number of cards, not a security breach at Bank of America or one of its vendors. BofA linked suspicious activity to this unnamed merchant after data from internal fraud monitoring and information from affected card brands was connected.

Dark Reading reports a dangerous zero-day Flash attack recently revealed by Adobe is the dreaded and relatively rare universal cross-site scripting (XSS) threat. Adobe issued a patch for this along with other flaws in the application. The vulnerability was spotted being exploited in the wild in targeted, email-based attacks. Universal XSS attacks spread via browsers or plug-ins, so they can affect any website, regardless of whether it harbors inherent XSS flaws. Adobe’s patch for the flaw was issued late yesterday, one day after it had issued updates for Acrobat and Reader in its regularly scheduled patch release.

The Southern reports Carbondale, Illinois area banks are seeing an increase in fraudulent charges made on customers’ debit cards and officials are cautioning consumers to keep a watchful eye on their debit and credit cards, as well as the banking accounts tied to those cards. Bank officers said that in many cases the bank or credit card processing systems are able to catch unauthorized charges right away. When fraudulent activities are found, accounts are restricted or cards are inactivated, and a new debit card is issued to the account holder.

SC Magazine reports U.S. companies operating critical infrastructure will be forced to better defend their networks against cyber attacks, and to collect and share data crossing their network with federal authorities, if the bipartisan Cybersecurity Act of 2012 becomes law. The proposed bill is designed to streamline data security processes and improve the ability for companies to share information about data threats within their industries. But public interest organizations want to ensure the legislation limits the amount of personal data to which the government will gain access.

Security Management reports ADT Business Solutions has created a new technology that uses electromagnetic technology to both detect and prevent skimming devices on ATM machines. When installed on an ATM, the device can block skimming devices from being able to download payment card data and an alarm feature alerts the bank of the presence of a skimmer. Electromagnetic pulses disrupt the operation of a foreign card reader, rendering it useless, and preventing that device from capturing cardholder’s bank card data. Financial fraud rings often use skimmers, realistic looking card readers placed over factory card readers, at ATMs or gas stations, to steal payment card information. Because skimmers are virtually undetectable by users, in a few hours, criminals can steal data from hundreds of cards. The card data is written onto blank payment cards and then used to withdraw money or make purchases later. The average skimming attack nets $50,000 in losses, according to the Secret Service, which handles a large portion of skimming investigations.

MasterCard just introduced a comprehensive roadmap focused on advancing the U.S. electronic payments system. MasterCard says the roadmap, which includes the path for migration from magnetic stripe to EMV technology currently available on “chip” cards, will serve as the foundation for the next generation of products and services developed to enhance the way consumers pay. As payments continue to evolve to include new devices and new channels, such as mobile and eCommerce, the roadmap takes steps to address how consumers really shop, providing them greater security and control in their payment choices and the potential to seamlessly integrate loyalty programs and offers into the purchasing experience.

Bank Info Security notes that after nearly two years of highly-publicized fraud incidents and educational efforts, pay-at-the-pump skimming attacks continue unabated. Despite increasing efforts to educate institutions and retailers about skimming fraud, especially at self-service gas pumps, skimming attacks continue to grow. Why? Because fraudsters continually move their targets to regions that are less informed about the perils of card skimming.

The Toronto Sun reports that the Halton Regional Police announced the multi-force takedown of a fraud ring responsible for over a quarter of a million dollars in debit card skimming. After the fraud bureau launched an investigation, officers from various police forces swooped on several homes in the GTA, arresting 12 people and seizing numerous pieces of equipment allegedly used to copy debit card information at bank machines and gas station ATMs, as well as at some other commercial points of sale. Also seized was equipment used to forge credit cards, numerous fraudulent cards, $40,000 in cash, computer equipment and three high-end vehicles.

American Express announced new research sponsored by Accertify shows that U.S. consumers are wary of transacting on tablets and smartphones. Accertify, an American Express company, recently commissioned a study of “connected” U.S. adults — or those with access to both a smartphone and a web-enabled computer — to learn more about how consumers perceive and are affected by online fraud. The Accertify survey found that consumers will change their shopping behavior if they have a negative experience with a fraud protection system. In addition, the survey found that consumers feel more vulnerable to fraud online than when conducting transactions in-person. Eighty-eight percent of respondents regularly make a purchase or conduct a financial transaction online, and, nearly two in three (63%) consumers believe that more fraud occurs when conducting transactions online than in-person.

DNA Info reports a Bank of America customer got more than cash when she tried to use a Bleecker Street ATM recently – a device designed to steal her card details came off in her hand as she inserted her card, police said. Amazingly, the man who planted the identity stealing technology then appeared – and asked for it back. The woman, 23, told police her card got stuck in the door swipe at the bank’s branch at 184 Bleecker St. When she pulled the card out, a false facade fell off revealing the real card slot behind it.