• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

       

Debit-card fraud continues
Published: 2006-03-10

Controversy over the recent rash of debit-card fraud has prompted speculation as to the source, but with the sheer breadth of the fraud it seems certain that criminals have unlocked a new method of obtaining PIN numbers.

A number of banks have pointed towards third-party exposure of the data, and retailer OfficeMax is widely speculated to be the source -- this speculation is based on the data loss reported last month by the chain, however OfficeMax denies any blame in the incidents, an MSNBC article reports.

Many retail systems pass PIN numbers across a network unencrypted, and some of the more advanced transaction systems will store the PIN numbers in a temp file, despite warnings against such practices.

Investigations into the fraud are ongoing and widespread, involving everyone from local police agencies to the Secret Service and private organizations. The consequences of this theft remaining unchecked are dire for both consumers and businesses alike, and with consumers often on-the-hook for charges incurred (unlike with credit card transactions) the backlash against those found at fault could be substantial.

Posted by: Peter Laborge

       

Expand all | Post comment