BreachExchange mailing list archives
Michaels Breach: Patterns Showed Fraud
From: security curmudgeon <jericho () attrition org>
Date: Mon, 16 May 2011 00:33:01 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.bankinfosecurity.com/articles.php?art_id=3639 By Tracy Kitten Managing Editor Bank Info Security May 13, 2011 Card issuers were quick to link incidents of debit and credit fraud to the Michaels retail chain, experts say - a sign that strong transaction monitoring and behavioral analytics are the best ways to curb growing card-fraud schemes. The Michaels card breach is now believed to have affected stores in 20 states. The mode of card fraud: Point-of-sale PIN pad tampering, also known as PIN pad swapping. [See 3 Tips to Foil POS Attacks.] Brian Riley, senior research director of bank cards at TowerGroup, says as details about the breach are gradually revealed, it's clear that financial institutions, as card-issuers, picked up on the common fraud link - Michaels. "The behavioral scoring in this was really high," he says. "The pattern of transactions showed that all of these affected accounts had Michaels' purchases in their history. Behavioral scoring is really where it's at in card transactions." Even advanced card technology, such as the Europay, MasterCard, Visa chip and PIN standard, which takes the skimmable magnetic-stripe out of the equation, would not have helped in the Michaels' case, Riley notes. "With a tampered POS device, you can get around EMV," he says. "A good, robust scoring system is the only way to really pick up on this. That's why behavioral scoring is so important. That's, quite often, how these things are discovered." [...] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Michaels Breach: Patterns Showed Fraud security curmudgeon (May 16)