User Name: Password:
Credit Card
Credit Card

Card Data Breaches

One Billion Data Records Stolen in 2014

February, 2015

CUNA notes nearly 1 billion pieces of personal information were compromised in 2014 as a result of data breaches, with the retail industry allowing the highest number of incidents, according to a report from digital security firm Gemalto, based in the Netherlands. Breaches climbed by 49% overall in 2014 with 1,500 attacks, while the number of individual data records that were compromised jumped 78%, the report found. The majority of breaches (55%) occurred at merchant stores, up from 29% in 2013, with an increase seen in the number of attacks on point-of-sale systems as well. CUNA continues to urge lawmakers to pass legislation that would require merchants to adhere to the same strict payment data security standards that financial institutions must meet. While breaches often take place at merchant stores, credit unions and other financial institutions often are on the hook for the costs associated with rectifying a consumer’s financial situation. A CUNA survey found that the Home Depot breach alone cost credit unions $57.4 million in breach-related costs.

POS Malware Threatens Payment Cards Used at Gateway Arch Shops

February, 2015

SC Magazine reports Jefferson National Parks Association announced on Friday that malware was identified on point-of-sale (POS) devices at two gift shops at the Gateway Arch in St. Louis, and payment card information may have been compromised for anyone who used their payment cards at those terminals. The number of victims is unknown at this time. Payment card information may have been compromised, including names, payment card numbers, and expiration dates. Jefferson National Parks Association immediately suspended use of its networked payment systems. The malware has been disabled from the systems, and a stand-alone payment processing system is now being used. An investigation is ongoing.

Seattle Game Producer Reports Breach

February, 2015

Data Breach Today reports Big Fish, a Seattle-based online game producer and distributor, is notifying an undisclosed number of customers that their payment card information may have been compromised following a malware intrusion. The company became aware of the incident on Jan. 12, according to a copy of their breach notification, which was provided to the California Attorney General’s Office. According to Ian Hurlock-Jones, the company’s chief technology officer, an unknown criminal installed malware on the billing and payment pages of company websites that appears to have intercepted customer payment information. Information that may have been exposed includes names, addresses, payment card numbers, expiration dates and CVV2 codes, Big Fish says.

Payment Security Initiatives Unveiled

February, 2015

Bank Info Security reports the Feb. 13 White House Summit on Cybersecurity and Consumer Protection was the stage for more than a dozen companies and trade groups to announce new initiatives aimed at securing internet transactions and payments and reducing fraud. According to a White House fact sheet, Visa will commit to tokenization, substituting credit card numbers with randomly generated tokens for each transaction by the end of March. And MasterCard will invest more than $20 million in new cybersecurity tools, including the deployment of Safety Net, a new security solution that will reduce the risk of large-scale cyber-attacks. The card brands also are participating in the administration’s Buy Secure Initiative, pledging to collaborate with Apple, Comerica Bank and U.S. Bank to make ApplePay, a tokenized, encrypted mobile payments service, available for users of federal payment cards.

Hackers Continue Breaching, Stealing Credit Card Data from Parking Services

February, 2015

Help Net Security reports the hackers behind the Target and Home Depot data breaches have struck again, and this time the victims seem to be the customers of Book2Park.com, an online parking reservation service available at a variety of US airports. According to Brian Krebs and his sources from several banks that bought a handful of cards from a new batch put on sale on popular carder online store Rescator[dot]cm, the common denominator is that all the cards were recently used by their rightful owners to make parking reservations at Book2Park.com. Anna Infante, the owner of the service, confirmed that they had a breach, but that they still don’t know what information – if any – was stolen. According to her, the tech firm they used recently discovered that someone planted malicious files on the company’s Web server. She said that they are working on discovering the extent of the breach and protecting potentially affected customers.

Are Credit-Card Fraud Mobile Apps the Next Big Thing?

February, 2015

Forbes reports payment-card data breaches have exploded in the last year, making customers leery of shopping at certain retailers and using credit cards in general at many merchants. Affecting millions of consumers, the cost of credit-card and debit-card fraud rose to $11 billion in 2013, up $3 billion since 2012, as identified in the 2014 Identity Fraud Report from Javelin Strategy & Research. Yet as technology advances and digital payments become increasingly popular, how can a consumer ever feel safe? One way that customers can begin to feel at ease is by incorporating fraud surveillance and identity theft resolution products into their lives. By ProtectMyID® and BillGuard joining together, customers and employees alike can gain a comprehensive product that supports them from data breach – including exposure of Social Security numbers or credit-card and debit-card numbers. In fact, Google Play identified BillGuard as one of the best apps of 2014.

Guilty Plea in ATM Skimming Scheme

February, 2015

Bank Info Security reports a Romanian man has pleaded guilty to charges stemming from his role in a large-scale ATM skimming scheme that defrauded Wells Fargo, Citibank, TD Bank and other financial institutions out of at least $5 million. Marius Vintila pleaded guilty to conspiracy to commit bank fraud and aggravated identity theft, according to the U.S. Attorney’s Office for the District of New Jersey. Vintila and his co-conspirators constructed sophisticated card-reader devices capable of reading and storing customers’ bank account information as the customers performed routine bank transactions at ATMs, prosecutors say in the statement. The conspirators also hid pinhole cameras in panels designed to match existing ATM components. Vintila then taught and directed several conspirators to install the devices on ATMs, according to the statement.

Card Breach Hints at Lingering Concerns

February, 2015

Data Breach Today notes French Lick Resort, which has two locations in Indiana, is reporting a possible breach affecting guests’ payment card information over a nine-month period. The latest incident shows that the payment ecosystems of U.S. businesses continue to be tainted with memory-scraping malware and point-of-sale attacks, says JD Sherry, vice president of technology and solutions at Trend Micro. It will take investments in advanced breach detection capabilities to augment businesses’ approach to keeping their payment networks pristine and recognizing targeted attacks, Sherry says. In addition, asset, configuration and vulnerability management should be high priorities in order to keep tabs on operational changes and the potential risks of those changes to retailer networks, he explains.

Park ‘N Fly Confirms Data Breach

January, 2015

Data Breach Today reports Park ‘N Fly is notifying an undisclosed number of customers that their payment card information was exposed following a compromise of the company’s e-commerce website. Airport parking lots are attractive targets for fraudsters because they are often used by business travelers utilizing business or commercial credit cards, says one card issuer who asked not to be named. “These cards are favored by fraudsters because of high lines, low decline rates and less scrutiny on a day-to-day basis by cardholders,” the issuer says. Park ‘N Fly, an offsite airport parking operator based in Atlanta, says that it has hired data forensics experts to assist with its investigation of the breach, which has been contained. Compromised information includes card numbers, cardholder names, billing addresses, card expiration dates and security codes. Other loyalty customer data that may have been exposed includes e-mail addresses, Park ‘N Fly passwords and telephone numbers.

Heartland First to Offer Comprehensive Merchant Breach Warranty

January, 2015

BusinessWire announced Heartland Payment Systems, one of the nation’s largest payment processors, today announced it is the first company to offer a comprehensive warranty that protects businesses from payment card breach losses in the event of a breach. Heartland’s breach warranty is offered at no charge to its Heartland Secure™ merchants in the first year and can be extended for $8.33 per month per card-entry device. To be covered under the warranty, a merchant must have a Heartland Secure-certified device and process payments through Heartland on that device. Heartland Secure™ is a comprehensive credit/debit card data secure payment solution that combines three powerful technologies – EMV, the Heartland E3® end-to-end encryption technology and tokenization – working in unison to provide merchants with the highest level of protection for card-present transactions. If the encryption fails on a Heartland Secure machine, Heartland will reimburse the merchant for the amount of compliance fines, fees and/or assessments the merchant must pay to the card brands, issuing banks and acquiring bank(s).

Article archive by topic

Card Data Breaches

Card Fraud

Identity Theft

Network Security

Skimming

Smart Cards