Skimming not a violation of PCI DSS
Friday, October 31st, 2008 Posted in Credit Card Fraud, PCI DSS | 5 Comments »It is important to remember that credit card skimming is an entirely different type of fraud than what the PCI DSS is meant to protect against. Remember that the PCI program has several sub-sections: PCI DSS, PCI PED, and ...
PIN security rises in importance
Friday, August 8th, 2008 Posted in Chip PIN, Credit Card Fraud, Merchant, PCI PIN | 1 Comment »Evan Schuman of StoreFrontBackTalk reminds us that credit card compromises that result in fraudulent ATM use can mean only one thing: they had access to the cardholder's PIN. In reference to the recent indictment he reminds us about such details. But ...
Credit card theft indictments show why small crime matters
Friday, August 8th, 2008 Posted in Credit Card Fraud | 1 Comment »Many of you are aware and have read the detailed recounts of the recent indictment of many individuals involved in some of the most notorious credit card compromises. (The BBC article mentions PCI DSS.) Attorney General Michael Mukasey says in ...
Podcast: ROI of Reporting Data Compromise
Friday, July 11th, 2008 Posted in Credit Card Fraud | 2 Comments »We just published another podcast, this time on the ROI of Reporting Data Compromises. This is a topic I've long loved presenting and feel energized about. When most people think about security breaches and data compromises, they often forget about ...
PIN Theft
Sunday, June 29th, 2008 Posted in Credit Card Fraud | 7 Comments »We have blogged before about attacks on PIN terminals, but here's another blog post and interesting video on that theft in action. It seems The Real Hustle has a number of YouTube videos on a variety of scams ranging from ...
Where does all the data go? - Hacker Underground
Sunday, June 29th, 2008 Posted in Credit Card Fraud | 86 Comments »These days I have been thinking and researching the great question of "Where does all the data go?" We read about data compromises in the news and hear about large fines and penalties geared towards corporate America (or "end users" ...
Verizon Data Breach Report
Saturday, June 14th, 2008 Posted in Credit Card Fraud, PCI DSS | No Comments »Bryan Sartin invited me to a Webinar last week that summarized the Verizon/Cybertrust data breach analysis. Kokie Tjan informed me there is a PDF summary available online of the Verizon Business Data Breach Investigations Report. This is the 10,000 foot view ...
Fraudsters test AVS system
Wednesday, June 11th, 2008 Posted in Credit Card Fraud, PCI DSS | 3 Comments »David Gamey pointed me to the Register article on yet another scam fraudsters are using to defeat credit card fraud checks. We have discussed this topic before with pay-at-the-pump, but this new attack really goes to the heart of a ...
FTC rules on TJX case
Friday, March 28th, 2008 Posted in Credit Card Fraud | 1 Comment »It seems the FTC ruled on the TJX breach similarly to how it did for ChoicePoint. The full press release and WSJ article. From the WSJ article: TJX Cos. (TJX) was one of three firms that agreed to settle charges that ...
Hacking Chip-and-PIN
Thursday, February 28th, 2008 Posted in Chip PIN, Credit Card Fraud | 2 Comments »There's a blog post online about some computer security researchers who have found a way to compromise Chip-and-PIN terminal devices. You can check out the BBC NightNews show here. Ok, yes this is an attack against the system, but do you ...
