More fallout this week from the Target breach, as a lawsuit filed by two banks implicated Trustwave, the company responsible for ensuring Target’s PCI Data Security Standard compliance, as allegedly failing to detect obvious signs of weakness preceding the breach reported in December.
By Jeffrey Green (@epaymentsguy)
More fallout this week from the Target breach, as a lawsuit filed by two banks implicated Trustwave, the company responsible for ensuring Target’s PCI Data Security Standard compliance, as allegedly failing to detect obvious signs of weakness preceding the breach reported in December.
Trustmark National Bank of New York and Green Bank of Houston filed the suit in U.S. District Court in Chicago. Trustwave, according to the suit, is alleged “to have given Target a clean bill of health in September, two months ahead of the attack.”
Also this week, the California Department of Motor Vehicles (DMV) reportedly was the latest target of cybercriminals. Law-enforcement authorities alerted the agency to a potential security issue within its credit card processing services. Though there was no evidence of a direct breach of the DMV’s computer system, the agency said it opened an investigation into any potential security breach in conjunction with state and federal law enforcement.
Card data posted online
So what happens when a company’s payment system gets breached? Well, you’ll find payment card information available online, as demonstrated this week when as Hacktivist group Anonymous Ukraine reportedly posted more than 7 million credit card numbers. The card numbers are real, but most were not paired with CCV (card verification value) security codes or card expiration information.
Crooks also are showing their propensity to use advanced technology to carry out their deeds. This week we learned that three-dimensional printing, reportedly for years has enabled card thieves to make card skimmers that fit over the card slots on ATMs, gas pumps and in-store point-of-sale devices.
And now one group plans to mass-produce the devices.
Breach effects examined
The implications of the increasing amount of data thefts and breaches is now becoming clearer, as a recent survey by ACI Worldwide of financial industry professionals conducted earlier this month at BAI Payments Connect found that 44 percent of customer accounts had been compromised. More than 15 percent of respondents indicated recent breaches put increased pressure on fraud operations, while another 12 percent indicated they suffered a negative impact on their brand. However, 22 percent said they felt no direct impact from breaches.
Efforts to bring the debit networks together through a common EMV debit identifier continued, as Visa and Pulse announced they had come to together on a common debit solution. Fiserv struck similar deals with both Visa and MasterCard a week earlier.
Meanwhile, Saudi Arabia said it will build one of the world’s biggest biometric centers to increase security.
“The Ministry of Interior is seeking to build a world-class and highly efficient database containing the biometric features of both citizens and residents through representation by the National Information Center,” biometric ID expert Adil Al-Aids reportedly told a local daily.