Around 80 percent of global merchants including retailers, financial institutions and hospitality firms have failed interim tests which show they are not in compliance with card data security standards.
Stationary and office supply store Staples is the latest company to be dealing with a credit and debit card breach, according to Brian Krebs at Krebs on Security.
Tips for shoppers worried that their credit or debit cards may have been compromised by the massive security breach at Target stores.
We've already discussed a lo-tech but surprisingly effective attack on ATM users here and elsewhere. However, Brian Krebs has recently posted on more conventional skimming attacks: Green Skimmers Skimming Green. An interesting and useful comment thread too. However, in view of the mentions there of chip and pin technology, it's worth pointing out that while
[Update: the BBC Radio 6 issue is now confirmed by WebSense (apologies for misattributing it earlier!), who have more detail here, and note that areas of the BBC 1Xtra radio station Web site are also affected.] I hear from ESET colleagues in the UK that the BBC's Radio 6 homepage (one of the Beeb's music stations) is
Insider Threat – your ATM may now be hacked from the inside. According to Wired’s Threat Level Blog… A Bank of America worker installed malicious software on his employer’s ATMs that allowed him to make thousands of dollars in fraudulent withdrawals, all without leaving a transaction record, according to federal prosecutors. According to the
[Update: added some extra links at http://avien.net/blog/?p=422] Here, so to speak, is a bit of hot potato*. Flippancy notwithstanding, this isn't really funny. For several years now, Brits have enjoyed a banking card system called chip and PIN, a simple form of two-factor authentication for in-person credit and debit card transactions. In countries where the
For many years banks and credit card vendors have accepted that there will be some amount of fraud and built those costs in to the operational model. The thinking goes that if the loss is small enough then it isn’t worth pursuing so they simply pass the cost on to the public through fee structures,
MSNBC put up some interesting comment on the Heartland security breach. Since they’ve put some emphasis on the involvement of malware in the breach, it’s worth making a few points. * Heartland was PCI compliant when the breach occurred. The PCI DSS v1.2 Requirement #5.1.1 states: “Ensure that all anti-virus programs are capable of detecting,