If the high-profile breaches at Target, Nieman Marcus, and legions of other retailers have taught us anything, it’s that we haven’t seen the last of them.
Regardless of what security tools and protocols are put in place by retailers — or really any institution that houses sensitive consumer information – there inevitably will always be a weak link, potentially exposing millions of credit cards into a burgeoning online black market where criminal syndicates are doing a brisk business selling stolen cards in bulk.
Of course, when credit cards are sold and eventually cloned, it’s the financial institution that’s left holding the bag. Following a wide scale breach, banks are often left with two options. They can either replace all of the cards that have been compromised or they can selectively replace cards that they know have been cloned and are about to be used in a fraudulent transaction. However, replacing hundreds of thousands of credit cards that may or may not have been breached is simply not an economically feasible strategy for many banks – it’s cost-prohibitive, inconvenient for their customers who increasingly have their card accounts linked to a variety of services, and creates an opportunity for bad publicity.
The U.S. Computer Emergency Readiness Team (US-CERT) yesterday put out an alert (https://www.us-cert.gov/ncas/alerts/TA14-002A) on malware targeting Point of Sale (POS) systems, which retailers use to process transactions from consumers.
While POS targeting is nothing new, the threat has clearly escalated to a level that US-CERT felt it impactful enough to issue an alert. And while they offer up best practices for POS system owners to protect themselves and their customers from unauthorized access to their systems, they also recognize that no system is impenetrable. As such, they also offer up consumer tips for individuals to protect themselves if they believe their credit or debit cards have been compromised via a POS system.
At Easy Solutions, we believe POS system owners and financial institutions can take further steps to protect themselves and their customers. While traditional antivirus and firewall systems are useful for protecting against easily recognized threats, which are well-known and for which AV vendors have had the time to write signatures, they do nothing to protect against newer, targeted attacks on systems – often times with new malware being written daily specifically to thwart those systems.
Easy Solutions offers black-market monitoring as part of our Detect Monitoring Service (DMS) to provide our customers with early warning of massive credit/debit card breaches like the one announced by Target this morning. Over 40 million cards compromised, probably the result of a systematic attack on Target’s payment infrastructure.