Welcome to Tech Talk! In this edition, Tech Talk Editors George Milner and Teri Wesley write about new POS skimming, card thief insider secrets, and more!
Have you ever looked at your bank's offices as if you were a bank robber or burglar? Taking that unique perspective can uncover all sorts of security risks that aren't often apparent! Join security guru Barry Thompson for this unique BOL Learning Connect webinar to find out how to change how you look at your buildings to improve their safety and security.
Can't attend? Order the CD ROM of the program now.
Payment Card Industry Data Security Policy Template
On the lighter side ...
During the winter months, colds and viruses run rampant through offices and public places. Make sure you have "anti-virus" measures in place.
No holiday break for data thieves
You may have enjoyed an extended New Year's holiday break but data thieves kept right on working. As of January 4th, nine data breaches were already reported in 2011, with 175 potential exposures. Data breaches in 2010 increased by nearly 33 percent as 662 data breach incidents were recorded by the Identity Theft Resource Center (ITRC), amounting to a total of 16,167,542 records exposed. With no mandatory national reporting requirement in place in the U.S., these numbers could be even higher as many data breaches go unreported. MSNBC has more.
ATM scam gets a new twist
Just when you think you know all their tricks, data thieves and scammers dream up newer, more innovative ways to steal. The latest ATM scam is a virtually undetectable fake keyboard that is placed over an ATM's keypad and records the typed-in PIN. The device works in conjunction with a fake magnetic strip reader to send thieves the purloined data in real time, giving them immediate access to the user's funds. Help Net Security has the details.
Banks hit hard by fraud
Skimming, ACH fraud, card hacks, POS attacks and the latest and greatest form of bank fraud - phishing - have grown to an estimated $1 billion a year business. While cyber crooks are getting rich, small and mid-sized banks are struggling to combat online bank fraud and emerging new threats. A recent Information Security Media survey reported that 48% of the banks polled experienced phishing attacks in 2010. Read more at Threatpost. And go here to download the complete 2010 Faces of Fraud Survey. Some of the results might surprise you - or not.
New POS skimming trend
"EFTPOS," or electronic funds transfers at point of sale, is yet another new fraud term to familiarize yourself with as EFTPOS skimming becomes more popular among data thieves. With this form of skimming, fraudsters swap out the self-swipe POS terminals at cash registers and replace them with devices that record credit and debit card data. Major retailers and fast food restaurants have already lost millions to this growing scam. Infosec Island reports.
Inside the mind of a card thief
Ever wonder what goes through the mind of a thief and what you would ask an identity thief if you ever met one? Dan DeFelippi, 29, was convicted of credit card fraud and ID theft in 2004 for making and using fake credit cards with stolen credit card data. Since his conviction, he has worked with the U.S. Secret Service and assisted in the arrests of up to 15 people over two years. He shares his story and tips on identity theft protection at CreditCards.com.
DHS fighting cybercrime
The U.S. Department of Homeland Security (DHS) has joined the fight against cybercrime. Homeland Security's Immigration and Customs Enforcement (ICE) investigations unit seized documents and computer equipment in a raid last month at the home of two Vietnamese exchange students attending Winona State University in Minnesota. Tram Vo and Khoi Van allegedly profited more than $1.2 million selling software, video games and Apple gift cards on eBay and using stolen credit card numbers to have manufacturers send the ordered merchandise directly to their eBay buyers. CIO has the story.
Government geeks fooled by ZeuS trojan
Executive holiday greetings purportedly sent on December 23rd from The White House to a number of unknown recipients were, in fact, not so merry. Instead of season's greetings, recipients who clicked on links embedded in the emails were gifted with a ZeuS trojan variant that steals passwords and documents then uploads them to a server in Belarus. Victims of the malware-laced emails included government employees and contractors employed to work on cybersecurity matters. Krebs on Security reports. This should be a reminder that everyone needs to be on guard against these kinds of attacks.
Top 5 menacing malware
Surprisingly ZeuS 2.0 ranks number four on the list of the top five most dangerous malware while the Stuxnet worm ranks as the number one threat of the year. What makes Stuxnet so dangerous is that the malware is the first of its kind to bypass cyberspace and launch its attack on physical processes making it thereby "unpatchable." Microsoft has issued multiple security bulletins warning users about the vulnerabilities exploited by this audacious malware. Read about Stuxnet, Zeus 2.0 and the remaining top five malware contenders at Infosec Island.
2010: the year of malware & bank trojans
2010 was the year for malware creators. International virus researchers at PandaLabs report that more than a third of all malware in history was created by cyber criminals last year. Accounting for fifty-six percent of all malware, the banking trojan remains the most widespread. A growing number of attacks on mobile phones, PC tablets and new technologies is expected for 2011. Read more from PandaLabs Annual Report at NetworkWorld.
Screen Shots Aren't Electronic Receipts - For Now
The FACT Act requires your commercial customers who accept debit or credit cards to truncate the account number on any receipt that is provided at the point of sale. This requirement is designed to protect the cardholder against fraud and identity theft, but the law does not specify what constitutes an electronically printed receipt. A recent case tackled the issue of whether an online screen shot would be subject to the truncation requirement. Read more about the court's decision and why online merchants might still want to take precautions at Findlaw.
MS update not the real deal
Appearances can be deceiving. If you received a security email notice on Tuesday of this week from Microsoft with a security update attached, we hope you took a closer look. Not only does Microsoft never send security updates in attachments, the fractured English contained in the message and the misspelling of Microsoft's domain name in the from field should warn experienced Windows users that this email is not the real deal. CIO has the details.
Security holes left open
Michael Zalewski, a Poland-based security researcher and a prominent member of Google's vulnerability research team, has reportedly identified a large number of exploitable holes in nearly all web browsers, using a new application testing tool he calls cross_fuzz. Since your systems are likely running the latest versions of IE, Firefox or one of the other popular browsers named in Zalewski's blog, you might want to check out his findings at Threatpost.
CD ROM Training
"Social Engineering"
What the Red Flag Regulations Missed
Video Training
FACTA:
Responding to Identity Theft
CD ROM Training
The Network Security Headache Is There an Easy Remedy?
Archived Articles on Technology and eBanking
You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page. Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
Support the vendors who support BOL!
Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support BankersOnline.com. Find them now in Our Sponsors and BOL Vendor Connect.
Print Friendly Version!
Email This Article!
Discuss NOW!
