Time To Finish Up: Lessons Learned!

Information Security News Update!

My first experience blogging has been very exciting and rewarding. My final take: I plan on researching for an opportunity to be a regular contributor on cyber-security and cyber-crime issues in the financial sector.

The first couple of weeks were a little shaky due to the fact that I needed to get my feet wet in the blogging arena. Once the dust settled and the kinks were smoothened out, it became so much fun to read and blog on the various topics that I found interesting.

Throughout the blogging weeks I wrote about a variety of topics. However, most of my blog materials were about the financial/banking industry cyber-crimes from Bankinfosecurity.com website. The topics covered hacking, viruses, ID theft, credit card skimming, cyber fraud, information security threats and ways to combat them, etc.

Initially, I did not choose to write on these topics but cyber-crime in the financial sector picked my interest as I began to read about how it impacted my current field of work, and the millions of dollars being lost due to financial cyber-crimes around the world. Also, as the course progressed I gained better insight about cyber security issues. Another source that I used was Networkworld News website.

I feel that this type of blog is a very useful tool and a great learning experience for information security and banking industry professionals. One of the lessons I learned was that my materials sources kept me abreast of current issues in the cyber security & cyber-crime world. It also made me more aware about how the Federal, States, and local authorities are combating cyber security frauds and financial cyber-crimes.

Skimming Stopped by Bank, Merchants

Pay-at-the-Pump Scheme Launches 10-Month Spree

Combating Pay-At-The-Pump Skimming

Some years ago, words like skimming, phishing, spamming, etc., were not common in the electronic world vocabularies. How the world has changed electronically is amazing. The more sophisticated technologies get, the men/women of the information age underworld get even super sophisticated at challenging the advancements and pose more cyber threats.

The financial/banking industry is one of the most vulnerable areas susceptible to different types of attack. Probably because “money is king” as the saying goes, therefore systems, devices, or persons that have access to it must be more prone to attacks.

Gray Taylor, a security and compliance expert for National Associations of Convenience Stores (NACS) says it bluntly; “the U.S. payment system is broken …, the magnetic stripe is the culprit.” Recently in Orlando, FL, a U.S. District court charged two suspected fraudsters for credit cards pay-at-the-pump skimming. The skimming fraud resulting in thousands of dollars spanned over 10 months of numerous fraudulent retail transactions with 175 credit cards at least. The good news is that the fraudsters were finally busted by a retail store’s surveillance and “banks’ transactional fraud-detection systems” when the suspects were making a $73,500 purchase. Other skimming crimes were committed at gas stations in Orlando suburbs.

Some of the banks that were victims included Chase and American Express. These cases are examples indicating that hacking and skimming U.S.-based magnetic-stripe accounts by criminals are growing. According to Jeff Lenard, NACS spokesperson, “pay-at-the-pump skimming is an issue the convenience-store and petrol industries are taking seriously.” To help retailers mitigate potential security breaches, NACS has launched WeCare Decals, tamper-evident labels for quick identification. They also recommended that retailers install video cameras for better surveillance, inspect pumps regularly to monitor tampering, and change pump dispenser locks because the older pump locks have same keys and inspection and collaboration are the best response to POS attacks. Hopefully the “WeCare Decal” mechanism and other recommendations would provide some desperately needed solution to curb magnetic-stripe cards skimming fraud.

http://www.bankinfosecurity.com/articles.php?art_id=4225&opg=1

http://www.bankinfosecurity.com/articles.php?art_id=4218&search_keyword=skimming+stopped+by+bank%2C+merchant&search_method=exact

EMV: It's About Reducing Fraud

Silicon Valley Bank Plans to Expand Chip Card Program

The combined global effect of the identity theft fraudsters that swindled at least $9 million from 8,000 victims in a period of 15 years (Atlanta, GA) and a 16 month period ID theft crime costing over $13 million across Africa, Asia, Europe, the Middle-East, and the United States (Queens, NY) may cause those opposing the Europay, MasterCard, Visa (EMV) standard to rethink their stance on the chip and PIN card technology. According to Pradeep Moudgal, who oversees global cards and merchant services for Silicon Valley Bank (SVB) in California, chip and PIN card technology migration by U.S. financial institutions will be expensive. However, considering the cost already inflicted on the accountholders and the issuing banks, what more evidence is needed to convince the U.S. card issuers to support EMV and implement chip and PIN. No one knows.  

The vast majority of ID theft crimes are attributed to the magnetic stripes on the back of the cards, says Avivah Litan, a Gartner analyst. This Achilles heel of the global card industry could finally be eliminated with the implementation of chip and PIN card technology. As the first U.S. commercial bank to implement EMV, SVB is proving that fact as it rolled out EMV cards with its elite business cardholders. Following that will be SVB’s more affluent clienteles who travel overseas.

The embarrassment of card rejection overseas and increased global ID security vulnerability, in the long run, far outweigh the cost of chip and PIN card technology implementation. Moreover, the reduction of ID theft fraud, as evidenced in the U.K. and some parts of Europe and Asia, should be a strong motivating factor to those in the U.S. still gauging the cost and benefits of the new technology. If chip and PIN could become a positive tool to mitigate cybercrime, financial fraud, identity theft, information security threats, etc., why not give it a shot. Any takers?

Reference:

http://www.bankinfosecurity.com/p_print.php?t=a&id=4187