All the latest UK technology news, reviews and analysis
|
|
|
21 Jan 2009
Credit card processing firm Heartland Payment Systems has uncovered malicious software in its computers that has been diverting information used for credit card cloning.
The company said that it started to get reports last year of increasing levels of card fraud among its customer base.
Heartland called in investigators who found malicious code in its servers which could scan and send on the data stored on the magnetic strip of credit and debit cards.
The company handles up to 100 million credit card transactions a month for over 250,000 US businesses.
"We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands," said Robert Baldwin, Heartland's president and chief financial officer, in a statement.
"We understand that this incident may be the result of a widespread global cyber fraud operation, and we are co-operating closely with the US Secret Service and Department of Justice."
The company has stressed that the code could not record Social Security numbers, unencrypted PINs, addresses or telephone numbers. Nevertheless, the information could be used to create cloned cards.
"Today's systems have 'air gaps' where the data is unencrypted, and there is always the potential for data leakage," Mark Bower, director of information protection solutions at Voltage Security, told vnunet.com.
"There are some techniques to avoid this problem, notably format-preserving encryption. This uses standard algorithms to encrypt data from the get-go."
Bower explained that some merchants are encrypting data only for storage, and then sending decrypted information for processing, which is highly unsafe.
The timing of the announcement, on the same day as the US presidential inauguration, has also been questioned.
"It is certainly interesting timing, but it won't bury the news. The TJ Maxx case resonated for months, and this is much bigger," said Bower.
"It's not the initial breach that's the problem; it's criminals selling that data on which can continue to be a problem for months."
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
The Company: My client based in Sheffield are one...
Binary Phase Shift Keying (BPSK) Modulation Consultant...
Java Games Developer, Online Gaming, London Key words...
Quant Dev, Quantitative Developer, RAD, Hedge Fund, Asset...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Data Breaches and Thefts - a Solution?
Price Waterhouse Cooper and Carnegie-Mellon?s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and overall enterprise (business) risk. Look: I like to pass along things that work, in hopes that good ideas make their way back to me. Data breaches and thefts are due to a lagging business culture ? and people aren?t getting the training they need. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices. The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html - The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action. In the realm of risk, unmanaged possibilities become probabilities ? read the book BEFORE you suffer a bad outcome.
Posted by: John Franks 21 Jan 2009