learn more

Public Relations Blog


Our Public Relations Blog focuses on helping others to stay up-to-date
with the latest events and news in the merchant services industry

learn more

Why choose Merchant Service Provider?


Increase your sales if you currently do not accept credit cards, or lower your costs by
switching to us if you currently accept credit cards. Satisfaction 100% guaranteed.

Emerging Data Compromise Threats

May 23rd, 2009

Share


Malicious UserThe payment card industry experienced its first main public concession of cardholder data in 2003. This was a result of a layer attack against a imperfectly configured firewall. This began to force card companies to be compliant with the many data security programs. Since 2003 the industry has evolved as well as the Payment Card Industry Data Security Standard but unfortunately so have the data criminals. Many companies presently are fighting attacks from highly sophisticated and motivated criminals.

Below is a timeline of how these criminals are adapting with the security changes as the years go on.

6 Years Ago

The attack was basic. A U.S. payment processor was compromised as a result of a imperfect configured firewall. Also referred to as a basic layer network attack.

4 Years Ago

A data thief posed as a customer and a U.S. data aggregator failed to verify him as a thief. He was compromised with thousands and thousands of client records which contained personal identifiable information. This kind of attack is known as an “old-school” social trade attack.

2-4 Years Ago

Thailand hackers placed taps on phone lines to seize information being sent for authorizations. This is not an uncommon method of attack in the Middle East and Asia.

2 Years Ago

Using malicious software a main retailer was compromised.

Last Year

Using malicious software a main supermarket chain was compromised.

Those were just a few of the examples of how thieves are adapting there tactics to recent security changes and standards. Back in 2003 many of the attacks were simple and intended to take advantage of networks and unencrypted data. Companies weren’t encrypting data yet so this was a huge and valuable win for the criminals. More companies have been in comply with the security steps needed to be taken to make certain that the data is not retained. In return the thieves have to continuously change their tactics to retrieve the data needed.

More and more of these data thieves are trying to gain the sensitive data by using malicious software as it is being sent for authorizations. It increases the chances of obtaining the sensitive data.
Trojans, wireless attacks, have also begun to take a big role within the payment card industry. The result of external attacks within the payment card industry is huge. An analysis acknowledged outer sources being held accountable for 73% of breaches and 31% resulting in using malicious software.

As time goes on and advances so does technology. The payment card industry is always going to have to be one step ahead of these thieves at all times. Only time will tell if they can obtain more sophisticated security programs that these thieves can’t get through.