Debit card fraud outbreak raises questions about data breach

Jaikumar Vijayan   Today’s Top Stories   or  Other Security Stories  

Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare The Secure Web Gateway. Mission Critical For Business Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management An Overview of PAN Manager by Egenera Maximizing Business Agility with the Dynamic Data Center Fast and Simple Recovery of Your Critical Microsoft® Applications with Symantec Backup Exec" Computerworld Report- Large Enterprises Pay More for IPAM An Apple for Your Enterprise? Six Questions To Ask About Information And Competition Sign up to receive Security Resource Alerts

March 9, 2006 (Computerworld) -- The continued refusal by major credit card associations and financial institutions to identify the source of a data compromise that has resulted in a wave of debit card fraud worldwide is fueling concerns about the scope of the problem.

It is also shining a spotlight on what may be growing attempts by criminal gangs to try to compromise PIN-based card transactions, which have until now been considered extremely secure, analysts said.

The immediate furor was ignited earlier this week by Citibank, which acknowledged that it had put transaction holds on an unspecified number of Citi-branded MasterCard debit cards after detecting fraudulent cash withdrawals in Canada, Russia and the U.K. (see "Citibank probes ATM withdrawals, cites potential U.S. ‘retailer breaches' ">).

In a brief statement, Citibank said that the fraud was the result of a “third-party business information breach” that took place last year. To protect its customers, the company said it “blocked PIN-based transactions in those locations for the customers affected by the breach." A spokesman for the company, however, refused to name the third-party retailer involved in the breach.

Citibank’s disclosure made it the latest in a fast growing list of financial institutions that during the past several weeks have reissued thousands of debit cards or blocked access to certain transactions in countries where ATM cards were used fraudulently to withdraw cash and make purchases on U.S. accounts.

The list includes banks such as Bank of America Corp., Wells Fargo Bank and Washington Mutual Bank, as well as numerous credit unions around the country. One example is $13 billion North Carolina State Employees Credit Union in Raleigh, N.C., which over the past two weeks has reissued more than 27,500 debit cards after being told by Visa U.S.A. Inc. of a security breach involving a U.S. retailer.

According to Leigh Brady, senior vice president at the credit union, many of the compromised debit cards were being used fraudulently in several countries, including Romania, Russia, Spain and the U.K. “This is the largest [card reissue] we’ve had one in quite a while,” Brady said.

In an advisory this week, analyst firm Gartner Inc. said the combined bank actions “reflect the largest PIN theft to date and point to a new wave of 'PIN block' card fraud."

Continued...
1 | 2 | 3 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Offshore outsourcing cited in Florida data leak Security snafu at Boston Globe exposes subscriber data Bank tape lost with data on 90,000 customers Hacker hits Georgia state database via hole in security software Confidential patient data sent to wrong company -- for 15 months Idaho utility hard drives -- and data -- turn up on eBay Aetna says laptop stolen with data on 38,000 members Honeywell blames ex-employee in data leak Ohio University reports two separate security breaches FBI: No credit card data breach in N.H. state server case Update: Fla. residents' data exposure a statewide issue Lessons learned from corporate security breaches Data exposure: Using software to redact personal data from public documents

Arrests made in debit card fraud case FTC imposes $10M fine against ChoicePoint for data breach Laptop theft at Fidelity exposes data on 196,000 HP workers Registrar's database said to have exposed data Debit card fraud outbreak raises questions about data breach N.H. IT worker disputes state government security breach Creative Bungling: IT Can't Stop All Data Breaches Update: Thief nabs backup data on 365,000 patients Ohio recalls voter registration CDs; Social Security numbers included Analysis: Data breach notification law unlikely this year 'Human error' exposes patients' Social Security numbers in N.C. Data exposure: Counties across the U.S. posting sensitive info online

"Some Asian airlines are reporting rising losses to inflight credit card fraud because there is typically no online credit-card authorization..." Read more... "In Wednesday's..." Read more... Read more Security posts or See all Blogs

Microsoft feared Mac vs. Vista comparison in '05, insider e-mails show Downed Hadron Collider faces $21M in repairs Thanks to gamers, the desktop supercomputer arrives More top stories...

Hosting firm takedown bags 500,000 bots New Firefox app lets users pimp their browsers Microsoft to launch major upgrade to NAV ERP software Dec. 1

2008 Salary Survey: IT pay takes tiny leaps If you're like our 7,000 survey respondents, your paycheck this year has been flattened and your bonus obliterated. We offer 12 ways to plump up your paycheck. Windows 7 in-depth review and video: This time Microsoft gets it right Microsoft's next OS might more accurately be called Windows 6.5: It's essentially a better version of Vista. Twitter for business: 5 ways to tap the power of the tweet Twitter can be a valuable business tool -- if you know what you're doing. Here's how to juice it for all it's worth. Microsoft's 'Vista Capable' changes outraged HP, insider e-mails show By helping Intel with loosened 'Vista Capable' requirements, Microsoft 'severely damaged' its credibility, said an HP exec in a newly unsealed Feb. 2006 e-mail. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Moving to Windows Vista: The Promise, The Reality Moving to Windows Vista: The Promise, The Reality View this exclusive webcast today! Go to the webcast  Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing  Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage Download this white paper today! (Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Collaboration Tools and Organizational Success Driving Business Success Through Workgroup Choice and Flexibility Boost Productivity While Cutting Costs with Next-Generation Collaboration View more whitepapers

• Offshore outsourcing cited in Florida data leak
• Arrests made in debit card fraud case
• Security snafu at Boston Globe exposes subscriber data
• FTC imposes $10M fine against ChoicePoint for data breach
• Bank tape lost with data on 90,000 customers
• Laptop theft at Fidelity exposes data on 196,000 HP workers
• Hacker hits Georgia state database via hole in security software
• Registrar's database said to have exposed data
• Confidential patient data sent to wrong company -- for 15 months
• Debit card fraud outbreak raises questions about data breach
• Idaho utility hard drives -- and data -- turn up on eBay
• N.H. IT worker disputes state government security breach
• Aetna says laptop stolen with data on 38,000 members
• Creative Bungling: IT Can't Stop All Data Breaches
• Honeywell blames ex-employee in data leak
• Update: Thief nabs backup data on 365,000 patients
• Ohio University reports two separate security breaches
• Ohio recalls voter registration CDs; Social Security numbers included
• FBI: No credit card data breach in N.H. state server case
• Analysis: Data breach notification law unlikely this year
• Update: Fla. residents' data exposure a statewide issue
• 'Human error' exposes patients' Social Security numbers in N.C.
• Lessons learned from corporate security breaches
• Data exposure: Counties across the U.S. posting sensitive info online
• Data exposure: Using software to redact personal data from public documents

• Microsoft feared Mac vs. Vista comparison in '05, insider e-mails show
• Hosting firm takedown bags 500,000 bots
• Downed Hadron Collider faces $21M in repairs
• More top stories 

The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones

Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day. New baits

"Turning information into a Competitive Advantage" Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage. View this webcast now!  See more Webcasts

Steven J. Vaughan-Nichols: The World without Linux DATELINE: WindowsWorld 2008: Microsoft CEO and President, Steve Ballmer was happy as a clam today when he announced, for the 4th time this century, that Longhorn would be released soon. ...[more]