Debit Card PIN scandal “worst hack ever”

Sensei Post in Identity Theft

Citibank only — So far it is just the start. The unfolding debit card scam that rocked Citibank last week, and that has now struck both national and small banks, is far from over, said Aviviah Litan, Gartner research vice president, Thursday, March 9, as she called this first-time-ever mass theft of PINs “the worst consumer scam to date.” “It’s significant because not only is it a really wide-spread breach, but it affects debit cards, which everyone thought were immune to these kinds of things,” said Litan. The problem, she continued, is that retailers improperly store PIN numbers after they’ve been entered, rather than erase them at the PIN-entering pad. Worse, the keys to decrypt the PIN blocks are often stored on the same network as the PINs themselves, making a single successful hack a potential goldmine for criminals: they get the PIN data and the key to read it.
In this case, Litan said, the thieves used the information to crank out counterfeit debit cards, then emptied accounts at ATMs. She estimated that they absconded with “at least a couple of thousand records, maybe more” and have cashed out to the tune of “millions already.” The victim of the hack attack isn’t yet known, although some banks have pointed fingers at OfficeMax, which has denied that its system was penetrated. Litan believes it much more likely that a third-party processor or terminal supplier was involved; the silence about the victim could point to a processor, she said, because they have the most to lose by the negative publicity.
Last summer, credit card processor CardSystems was hit with a massive breach that involved millions of accounts; CardSystems essentially sank under the publicity, and was later bought by Pay By Touch. In February 2006, the FTC reached a settlement with CardSystems that require it to adopt more stringent security measures, but the company remains open to consumer lawsuits that could mean millions in payouts.
So what’s a consumer to do? “Security is tight at the ATM, but point-of-sale is a whole other story,” said Litan. “Look at your [debit card] account on a regular basis, and don’t use a PIN-based debit card at point-of-sale,” she recommended. “I never do.”

Please follow and like us:
« Prev: :Next »