SoylentNews is people
SoylentNews
Krebs on Security broke a story about Home Depot being breached, with an update stating that the banks believe the breach goes as far back as late April/early May.
Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning in the cybercrime underground. Home Depot says that it is working with banks and law enforcement agencies to investigate reports of suspicious activity.
[...]
In what can only be interpreted as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards “American Sanctions.” Stolen cards issued by European banks that were used in compromised US store locations are being sold under a new batch of cards labeled “European Sanctions.”
Home Depot's stock price also took a dive when the news was released.
(Score: 4, Insightful) by bob_super on Thursday September 04 2014, @03:20PM
Eventually, the credit card industry will finally move the US to chip-and-pin like most of the world (or whatever newer better thing they can think of), so that it stop being ridiculously easy to use stolen US card numbers.
It's too expensive to change terminals? The russians are going to fix that detail.
I'm coincidentally waiting for a new card, after someone got my number and effortlessly filled a couple big SUV/RV with it... Zip code safety my ass...
(Score: 5, Informative) by frojack on Thursday September 04 2014, @06:41PM
Chip and Pin provides no protection against this type of massive credit card thefts.
Most of these stolen cards numbers get used for Mail Order or Telephone Order fraud. (MOTO)
Moto fraud is actually on the rise in much of the EU, and especially Russia. The TYPE of fraud is changing, fraudsters don't bother to clone cards any more, they just use them for internet orders [atmmarketplace.com].
Very comprehensive report here: http://www.ecb.europa.eu/pub/pdf/other/cardfraudreport201402en.pdf [europa.eu]
Chip and pin had beat down stolen and cloned card ATM and POS usage in the EU, but it has done nothing to suppress CNP (Card not Present) fraud. (page 10). And this is exactly the type of fraud these massive card heists are used for.
Still C&P can't hurt in the US, where a lot of these stolen cards numbers are sold into, because its still easy to clone a card in the US. Arstecnhica [arstechnica.com] also had an article on this, questioning whether it would be wise to hop onto 20 year old technology.
In spite of this, credit card fraud rates in the US, while staggeringly high in Dollars are still only 6 cents on 100 dollars, and that rate is still FAR lower than the EU rate after 10 to 15 years on C&P. The size of of us fraud in dollars simply demonstrates the size of the US econemy compared to the EU, and the extent to which we use credit cards for everything.
No, you are mistaken. I've always had this sig.
(Score: 1) by ibennetch on Friday September 05 2014, @03:27AM
Unfortunately, there's very little motivation for the credit card companies to initiate this change and very little unity from the vendors to force such a change. The credit card companies don't absorb the loss; they push the loss from fraud back on to the store/vendor. The credit card companies themselves have no financial incentive to improve the situation and ultimately, no one likes change and no one likes to be the manager that spends a lot of corporate money making changes that no one is going to like anyway. I'm a big fan of making improvements to our (US) credit card security, but I just don't see the motivation there from the companies and the vendors are too scattered and disinterested to band together -- I just don't see any big changes coming any time soon.
(Score: 3, Insightful) by bob_super on Friday September 05 2014, @05:34AM
The Ars article linked by Frojack (above) actually says Chip-and-pin will happen in the US over the next few years.
It cuts on fake card fraud, which was pretty important before the internet happened.
I do prefer to keep my card in my hand and get a terminal to type a pin on, rather than give my card for some teen to take to the back for 5 minutes out of sight. It won't prevent database hacks, but it reduces the odds of petty fraud.