Avivah Litan

A member of the Gartner Blog Network

Avivah Litan
VP Distinguished Analyst
12 years at Gartner
30 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Her area of expertise includes financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications…Read Full Bio

Coverage Areas:

Small Kentucky town latest victim of credit card fraud affecting 25% of police force

by Avivah Litan  |  July 12, 2012  |  Comments Off

I’ve been hearing from U.S. banks that card fraud continues to be a major issue for them, while online bank account takeover and trojan-based attacks have flattened out. The new trend, they say, is ‘micro-attacks’ that are localized, small in nature and which stay under the radar longer, giving the crooks more time to rack up unauthorized charges.

I heard today the latest example of this fraud trend. Law enforcement officials from Winchester, Kentucky report that a local restaurant appears to be the source of a lot of card fraud that has shown up since the breach apparently started in June. Winchester has a small population of just 17,000 with about 38,000 in its surrounding county, but already 12-15 banks serving that area have been affected by this card fraud. One bank already lost $30,000 which is a lot of money for a local Kentucky bank. Stolen cards have already been used around the world, in places far from Winchester, including Singapore, Australia, the Dominican Republic and Brazil.

And here’s an unusual twist: One quarter of the town’s police force, which happens to like the food and ambience at this local restaurant, have had unauthorized charges on their credit cards as a result of this incident.

No one yet knows how it happened and where it happened but it appears that someone got into the store’s system remotely and siphoned off the cards’ magnetic stripe data so that the criminals could make counterfeit cloned cards.

The town doesn’t likely have cybercriminals capable of this type of crime. Given that the cards were used across the globe so quickly, the hacker who perpetrated this crime could very well be sitting in a coffee shop on the other side of the world.

In any event, the restaurant goers should get their money back, and hopefully the banks who refund the victims their money will also get their money back from the right source responsible for this crime. It would be a shame to hold the restaurant responsible, since I doubt they even know what payment card data security is or means. Small businesses tend to rely on their vendors for that, and really aren’t aware that sometimes they can’t.

It’s these small localized incidents that are giving mega banks and card issuers major headaches.

Comments Off

Category: Uncategorized     Tags: