SoylentNews is people
SoylentNews
from the data-breaches,-faster-than-the-speed-of-business dept.
Ars Technica reports:
Dozens of UPS stores across 24 states, including California, Georgia, New York, and Nebraska, have been hit by malware designed to suck up credit card details. The UPS Store, Inc., is a subsidiary of UPS, but each store is independently owned and operated as a licensed franchisee.
In an announcement posted Wednesday to its website, UPS said that 51 locations, or around one percent of its 4,470 franchised stores across the country, were found to have been penetrated by a “broad-based malware intrusion.” The company recorded approximately 105,000 transactions at those locations, but does not know the precise number of cardholders affected.
UPS did not say precisely how such data was taken, but given the recent breaches at hundreds of supermarkets nationwide, point-of-sale hacks at Target, and other major retailers, such systems would be a likely attack vector. Earlier this month, a Wisconsin-based security firm also reported that 1.2 billion usernames and passwords had been captured by a Russian criminal group.
(Score: 0) by Anonymous Coward on Thursday August 21 2014, @07:04PM
> I think this UPS store problem would never have happened if the US used the newer credit cards with chips and PINs.
Chip and Pin will stop this kind of fraud, but the crimes will just shift. Instead of stealing a CC# they will steal all the other information in the transaction and use that - for example if they know what you bought at Target they can call you up and impersonate the bank by telling you what you bought after all who else would know the list of your purchases other than the bank? It won't work 100% of the time, but CC# theft doesn't work 100% of the time either. I'm sure there are plenty of other ways to exploit that information too, given enough of them and enough persistence criminals are clever.
(Score: 2) by emg on Thursday August 21 2014, @07:59PM
But then what? What does impersonating the bank gain them?
About the only thing I could see is if they could then convince you to give them the CVV so they could make fraudulent online purchases.
(Score: 0) by Anonymous Coward on Thursday August 21 2014, @08:16PM
Lots of things, just off the top of my head:
(1) Man in the middle for opening new credit accounts and/or changing the address on your current credit card so they can trick the bank into shipping them a replacement card.
(2) Access to other accounts at the same bank so as to drain your savings account.
(Score: 2) by emg on Thursday August 21 2014, @11:16PM
Only if people are retarded enough to tell them their online password, which the bank has no reason to request.
It's true, that does happen: a politician in my parents' town famously gave their PIN to the crooks who stole their bank card and then called them to ask for that PIN. But you do have to be politician-level stupid to do so.
(Score: 0) by Anonymous Coward on Friday August 22 2014, @12:04AM
> Only if people are retarded enough to tell them their online password,
Don't be that guy.
Even the people suspicious enough not to hand out passwords won't necessarily balk at things like answers to "secret questions" that will let the hackers into their email accounts and thus able to request a password reset.
Personal information can be exploited in all kinds of ways your lack of imagination doesn't stop the people looking to get rich.