Credit Card hacks -- NS can't help us here

Talk about internet security, computer security, personal security, your social security number...
Post Reply
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Credit Card hacks -- NS can't help us here

Post by Tom T. »

http://tech.yahoo.com/news/ap/20090614/ ... rs__gamble

The entire article is well worth reading if you have the time, but I'll excerpt some highlights. It's noteworthy that both therube and I recently have had our credit card accounts changed as a precaution after a database breach. I had it happen also about a year ago. Note: It is not the card *issuer* (bank) who is usually at fault, but the merchant, either online or brick, who .. well, here it is. Food for thought. (Pay cash? Check/cheque?)
*******************************************
Every time you swipe your credit card and wait for the transaction to be approved, sensitive data including your name and account number are ferried from store to bank through computer networks, each step a potential opening for hackers. And while you may take steps to protect yourself against identity theft, an Associated Press investigation has found the banks and other companies that handle your information are not being nearly as cautious as they could.

The government leaves it to card companies to design security rules that protect the nation's 50 billion annual transactions. Yet an examination of those industry requirements explains why so many breaches occur: The rules are cursory at best and all but meaningless at worst, according to the AP's analysis of data breaches dating to 2005. It means every time you pay with plastic, companies are gambling with your personal data. If hackers intercept your numbers, you'll spend weeks straightening your mangled credit, though you can't be held liable for unauthorized charges. Even if your transaction isn't hacked, you still lose: Merchants pass to all their customers the costs they incur from fraud.

More than 70 retailers and payment processors have disclosed breaches since 2006, involving tens of millions of credit and debit card numbers, according to the Privacy Rights Clearinghouse. Meanwhile, many others likely have been breached and didn't detect it. Even the companies that had the payment industry's top rating for computer security, a seal of approval known as PCI compliance, have fallen victim to huge heists.

Companies that are not compliant with the PCI standards — including one in 10 of the medium-sized and large retailers in the United States — face fines but are left free to process credit and debit card payments. {{WHY? --TT]] Most retailers don't have to endure security audits, but can evaluate themselves. [{Y?]] Credit card providers don't appear to be in a rush to tighten the rules. They see fraud as a cost of doing business and say stricter security would throw sand into the gears of the payment system, which is built on speed, convenience and low cost. ... <major snip>

...two of her credit card accounts were tapped by hackers in a breach traced to a Hannaford Bros. grocery store... It all happened at a supermarket chain that met the PCI standards. Someone installed malicious software on Hannaford's servers that snatched customer data while it was being sent to the banks for approval. ...

Computer security experts say the PCI guidelines are superficial, including requirements that stores run antivirus software and install computer firewalls. [[D'oh!]] Those steps are designed to keep hackers out and customer data in. Yet tests that simulate hacker attacks are required just once a year, and businesses can run the tests themselves. [[Sure, they're all expert pen testers.]] ....

The AP [[Associated Press, reporters]] contacted eight of the biggest "acquiring banks" — the banks that retailers use as middlemen between the stores and consumers' banks. Those banks are responsible for ensuring that retailers are PCI compliant. Most didn't return calls or wouldn't comment for this story. :roll: ...

Supporters of PCI point out nearly all big and medium-sized retailers governed by the standard now say they no longer store sensitive cardholder data. Just a few years ago they did — leaving credit card numbers in databases that were vulnerable to hackers. So why are breaches still happening? Because criminals have sharpened their attacks and are now capturing more data as it makes its way from store to bank, when breaches are harder to stop.

Security experts say there are several steps the payment industry could take to make sure customer information doesn't leak out of networks. Banks could scramble the data that travels over payment networks, so it would be meaningless to anyone not authorized to see it. [[They could "ENCRYPT" it? WHAT AN IDEA! :ugeek: :ugeek: In the meantime, why don't they just shout it out the window, or write it all on a postcard and mail it?]] ...

For example, TJX Cos., the chain that owns T.J. Maxx and Marshalls and was victimized by a breach that exposed as many as 100 million accounts, the most on record, has tightened its security but says many banks won't accept data in encrypted form. :o :shock: :? ...
*****************************
That's less than a third of the full story. The rest is interesting if you have time.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Credit Card hacks -- NS can't help us here

Post by Tom T. »

dorothia wrote:How does someone build credit without a credit card? I am thinking of those who do not have a credit card and pay for everything by check and cash. How is their credit rated? Is it based on a loan for example (car, student, etc.) and what if it is their first time applying for such a loan? How is their credit history looked at then? What if someone is applying for an apartment rental and does now own a credit card?
dorothia, I'm sorry, but this is essentially a technical support forum. This "extras" area of the forum is for discussions of Web security and technology, not for financial issues. Please search for sites that offer the kind of financial advice that you are seeking. Thank you and good luck.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Credit Card hacks -- NS can't help us here

Post by GµårÐïåñ »

dorothia wrote:How does someone build credit without a credit card? I am thinking of those who do not have a credit card and pay for everything by check and cash. How is their credit rated? Is it based on a loan for example (car, student, etc.) and what if it is their first time applying for such a loan? How is their credit history looked at then? What if someone is applying for an apartment rental and does now own a credit card?
Check out the forums on myFICO, there is a wealth of knowledge there and I have been contributing there for a long time, you will find everything you need to know there and there are alot of people who will help you. (http://ficoforums.myfico.com/fico/), good luck to you and as Tom said, we might discuss financial related issues but only in the security context and if you search, you will find lots of resources.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5
Post Reply