by Avivah Litan | July 12, 2012 | Comments Off
I’ve been hearing from U.S. banks that card fraud continues to be a major issue for them, while online bank account takeover and trojan-based attacks have flattened out. The new trend, they say, is ‘micro-attacks’ that are localized, small in nature and which stay under the radar longer, giving the crooks more time to rack up unauthorized charges.
I heard today the latest example of this fraud trend. Law enforcement officials from Winchester, Kentucky report that a local restaurant appears to be the source of a lot of card fraud that has shown up since the breach apparently started in June. Winchester has a small population of just 17,000 with about 38,000 in its surrounding county, but already 12-15 banks serving that area have been affected by this card fraud. One bank already lost $30,000 which is a lot of money for a local Kentucky bank. Stolen cards have already been used around the world, in places far from Winchester, including Singapore, Australia, the Dominican Republic and Brazil.
And here’s an unusual twist: One quarter of the town’s police force, which happens to like the food and ambience at this local restaurant, have had unauthorized charges on their credit cards as a result of this incident.
No one yet knows how it happened and where it happened but it appears that someone got into the store’s system remotely and siphoned off the cards’ magnetic stripe data so that the criminals could make counterfeit cloned cards.
The town doesn’t likely have cybercriminals capable of this type of crime. Given that the cards were used across the globe so quickly, the hacker who perpetrated this crime could very well be sitting in a coffee shop on the other side of the world.
In any event, the restaurant goers should get their money back, and hopefully the banks who refund the victims their money will also get their money back from the right source responsible for this crime. It would be a shame to hold the restaurant responsible, since I doubt they even know what payment card data security is or means. Small businesses tend to rely on their vendors for that, and really aren’t aware that sometimes they can’t.
It’s these small localized incidents that are giving mega banks and card issuers major headaches.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.