Target hackers try new ways to use stolen card data
For the first time, hackers market stolen data with info on the location of store where card was used; experts say new strategy will slow detection
Computerworld - The techniques used by hackers to use credit and debit card data stolen from Target shoppers suggests that the cyber crooks have found a troubling new way to stay ahead of the latest fraud detection processes.
Security blogger Brian Krebs, who first reported the Target data breach news last week, said on Sunday that compromised cards are being marketed online with information on the state, city and ZIP code of the Target store where they were used.
Fraud experts say the location information will likely allow buyers of the stolen data to use spoofed versions of cards issued to people in their immediate vicinity, Krebs wrote. "This lets crooks who want to use the cards for in-store fraud avoid any knee-jerk fraud defenses in which a financial institution might block transactions that occur outside the legitimate cardholder's immediate geographic region," he said.
This is believed to be the first time that security experts have observed hyper-localized selling of stolen credit and debit card information following a retail breach.
Target last week disclosed that hackers had accessed data stored on some 40 million credit and debit cards belonging to shoppers who bought merchandise in its stores between Nov. 27 and Dec. 15.
The information exposed in the incident includes the cardholder's name, the credit or debit card number, the card's expiration date and the CVV security code used to activate the card in a store, Target said.
The breach is believed to have exposed data from cards distributed by most major U.S. credit card issuing banks and credit unions. JP Morgan Chase on Saturday announced that it had put restrictions on the amount that customers affected by the Target breach could spend or withdraw daily.
James Huguelet, an independent consultant who specializes in retail security, said Krebs' report concurs sporadic reports after the breach that that stolen Target cards were used fraudulently in areas close to where the owners of the cards lived.
Local use of a card makes it more likely that the crooks can use it for a relatively long period of time before a block is put on it, he said. "That makes such cards much more valuable to a criminal. This is a very clever tactic to increase the monetary value of each stolen card. It's one I've not seen used before," Huguelet said.
Card thieves typically sell stolen data to buyers around he world, making it likely that fraud detection tools used by banks will detect the crimes.
Fraud detection tools used by banks and other card issuers look closely at the location where a card is used and the frequency of its use to determine potential criminal use. Banks often decline transactions or require additional authentication for card transactions that originate from new or unexpected locations.
- Russian credential theft shows why the password is dead
- Cybersecurity should be professionalized
- Feds declare big win over Cryptolocker ransomware
- Hackers hit more businesses through remote access accounts
- P.F. Chang's post-breach move to manual processing is telling
- Microsoft withholds monster IE update from Windows 8.1 dawdlers
- In baffling move, TrueCrypt open-source crypto project shuts down
- 'Oleg Pliss' hack makes for a perfect teachable IT moment
- Give IE the heave-ho until Microsoft patches zero-day
- Hackers find first post-retirement Windows XP-related vulnerability
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts