TulipTools Internet Business Owners and Online Sellers Community

Quote:In what appears to be a widening incident, Bank of America, MasterCard and Visa all announced this week that they have been informed of a potential security breach at a U.S.-based retailer.

The companies refused to name the retailer involved, but at least one bank said that systems belonging to Wal-Mart Stores, the world's largest retailer, may be to blame.

However, it was unclear on Feb. 10 whether a breach at Wal-Mart was also behind reissues at the other financial institutions. A Wal-Mart spokesman said he was unaware of an information breach linked to Regions...

full article: http://www.eweek.com/article2/0,1895,1925426,00.asp

related topic: Offline Security breach at Sam's Club exposes credit card data of Gas Buyers http://community.tuliptools.com/index.ph...726.0.html

A related article:

Quote:The top Democrat on the U.S. House Financial Services Committee on Wednesday said he would consider legislation to require credit card companies to name the party responsible for consumer data breaches.

In nearly identical letters to the chief executives of Visa USA and MasterCard International, Massachusetts Rep. Barney Frank said a company responsible for security systems that are breached should be the one to notify customers, or should be identified publicly as the party responsible for the breach.

"If this can not be done legally at present, I feel strongly enough on this point to make legislative changes to make this a requirement," Frank wrote to the executives.

full article: http://news.com.com/Congressman+wants+re...g=nefd.top

Any old people here that read Readers Digest?  There's a section about stupid criminals.  One of the stories was a Wal-Mart employee used a customer's cc to make purchases.  The employee got caught when he/she also entered her employee ID number to get the discount!!

Related article:

Quote:Debit card fraud that has affected customers at a number of credit unions in central Massachusetts is linked to transactions at office supply retailer OfficeMax, according to investigators.

Dozens of credit union members in the towns of Leominster and Fitchburg, Mass., have been defrauded of more than $45,000 in the last few weeks by criminals in the United States and abroad, according to law enforcement officials in those towns.

The fraudulent transactions involve cloned Visa debit cards and may be linked to the theft of blocks of PINs from OfficeMax or an intermediary processor, sources familiar with the case said...

full article: http://www.eweek.com/article2/0,1895,1935677,00.asp

Related update:

Quote:The unfolding debit card scam that rocked Citibank this week is far from over, an analyst said Thursday as she called this first-time-ever mass theft of PINs "the worst consumer scam to date."

Wednesday, Citibank confirmed that an ongoing fraud had forced it to reissue debit cards and block PIN-based transactions for users in Canada, Russia, and the U.K.

But Citibank is only the tip of the iceberg, said Avivah Litan, a Gartner research vice president. The scam -- and scandal -- has hit national banks like Bank of America, Wells Fargo, and Washington Mutual, as well as smaller banks, including ones in Oregon, Ohio, and Pennsylvania, all of which have re-issued debit cards in recent weeks.

"This is the worst hack ever,"...

full article: http://techweb.com/wire/security/181502468

Quote: Citibank has put a transaction block on an unspecified number of Citi-branded MasterCard debit and credit cards used in three countries because of fraudulent automated teller machine (ATM) cash-withdrawal activity, the company said in a statement yesterday...

The fact that the fraud involves ATM cash withdrawals using personal identification numbers (PIN) suggests that it may be the result of massive "card-skimming" activity, said Avivah Litan, an analyst at Gartner Inc...

Litan said it is likely that Citibank’s current ATM fraud problems are related to the Sam’s Club breach.

full article: http://www.computerworld.com/databasetop...08,00.html

Quote:"This is the worst hack ever,"...

number of accounts please.  :

Citibank issued a statement last week that said  “Citibank and our customers were the victims of a third-party business information breach last year".  Sam's Club? Is everyone protecting Wal-Mart's reputation?  Two different sets of data breach rules/punishments for large and small card merchants. :

Quote:Two different sets of data breach rules/punishments for large and small card merchants.

Life is soooo unfair!!!!    ...but it's true, a small merchant  often has their ability to accept credit cards yanked by the card companies after a data breach of a few hundred card accounts, while a large merchant with a data breach of 1000s/100's of 1000's of cards doesn't suffer the same fate.



Has anyone else noticed that the largest data breaches occur OFFline rather than online? 

I'm back...article looks at the effects this could have on debit card usage, and points out that with many debit cards (without Visa or MasterCard logos), the protection offered is less than with credit cards:

Quote:Security breaks could curtail debit card use

A recent spate of fraudulent bank card transactions is complicating a question that arises each time you reach the checkout register: debit or credit?...

...the industry may have to rethink how it detects fraud, because, "Systems around PIN debit are not as advanced as the ones around signature debit," she says. "There was never a need."

If fraud occurs in a credit card transaction, you usually have no liability. Signature debit card transactions often enjoy the same protection. But if fraud occurs with a PIN debit card transaction, the consumer's protection can vary by bank...

.

http://www.usatoday.com/money/perfi/cred...-sue_x.htm

A related article:

Quote:A Citibank ATM network breach in Canada, Russia and the UK could have been prevented if the bank's US customers had chip and PIN technology on their cards, a leading analyst has said.

Citibank this week admitted that hundreds of its US customers had been affected when hackers broke into the ATM network through a retail store server and stole a "block" of PINs and the keys to decrypt them.

Avivah Litan, a research director for Gartner, told silicon.com: "You won’t have the same problem with a chip card. They are hard to duplicate but it's pretty easy to copy a magnetic stripe."...

full article: http://www.silicon.com/financialservices...105,00.htm