On Monday, Mar. 10, the document, McAfee Labs Threat Report: Fourth Quarter 2013, was released. Included in that report was a listing of the retailers, such as Target, who were affected in 2013 data breaches. Other companies affected in 2013 included Easton-Bay Sports, Harbor Freight, Michaels Stores, Neiman-Marcus, ‘Wichcraft, and White Lodging.
According to the McAfee report, the credit card numbers stolen have been surfacing in popular black markets. “We have tracked these and continue to see them appear in large lots (dumps) in key ‘carding’ marketplaces. Typically the thieves will drop data in batches of 1 million to 4 million numbers.”
The report went on to say, “One popular credit card black market is the Lampeduza Republic. Its well-organized hierarchy and documented constitution make for a disciplined and functional marketplace. Lampeduza’s network of sales websites is very active and contains many lots specific to these recent retail attacks. Thieves can pay for the stolen credit cards using one of the many anonymous virtual currency mechanisms, such as Bitcoin.”
To date, there is no evidence that the attacks on these retailers were related, however, the McAfee report did note, “Many of them leveraged off-the-shelf malware to execute the attacks.” For consumers, this means 2014 could be a terrible year for their security. It means that the malware needed to hack security in many retail stores is readily available and easy to implement.
Credit card companies are taking the initiative to move the U.S. to the same chip-and-pin technology used by other countries. Ryan McInerney, president of Visa was quoted by Finextra as saying, “The recent high-profile breaches have served as a catalyst for much needed collaboration between the retail and financial services industry on the issue of payment security.”
At present, the migration to new technology is scheduled to be complete by October 2015, at which time the liability for fraud-related losses switches to retailers who have upgraded their hardware. The question is, how many more data breaches must we endure until that time?
Recent Comments