Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

Financial Services

Where do security breaches occur? What type of data is stolen and who makes the discovery?

Credit card
Image via Wikipedia

Trustwave has published its Global Security Report 2011 and it has some very interesting research.

The research is from incidents investigated by the company. Specifically, a total of 220 investigations, undertaken against suspected breaches, 85% were confirmed with 90% resulted in data theft.

The headline statistics are:

Industry breakdown of where the incident happened

  • Food and beverage   57%
  • Retail   18%
  • Hospitality   10%
  • Government   6%
  • Financial   6%
  • Education   1%
  • Entertainment   1%
  • Construction   1%

 Types of Data stolen

  • Payment Card Data   87%
  • Sensitive company data   8%
  • Trade Secrets   3%
  • Authentication Credential   2%
  • Customer records   2%

It could be that Trustwave is a Payment Card Industry Forensics and Incident Investigator or it is further proof, if we needed it, that the bad guys are after the money.

Who found out that there had been an incident?

  • Regulatory detection   60%
  • Self detection   20%
  • Public detection   13%
  • Law enforcement   7%

Is it any wonder why the credit card issuers are strictly enforcing Payment Card Industry Data Security Standards (PCI DSS) when Merchants find 1 in 5 Account Data Compromises (ADC), also known as a breach.

Previous research found that the majority of cards are used in multiple frauds.

Merchants come out on top in the time to detect a breach

  • Regulatory detection  156.5 days
  • Public Detection   87.5days
  • Law Enforcement   51.5 days
  • Self Detection   28 days

This is interesting, 1 in 5 breaches were found first by a Merchant which means the majority of breaches take over 100 days to be discovered.

Trustwave www.trustwave.com

Card Payments Roadmap in the U.S.: How Will EMV Impact the Future Payments Infrastructure? – Smart Card Alliance

Close up of contacts on a Smart card with sign...
Image via Wikipedia

The EMV specification defines technical requirements for bank cards with embedded microchips and for the accompanying point-of-sale (POS) infrastructure. With few exceptions (primarily in the United States), financial institutions worldwide issue EMV bank cards to businesses and consumers.

According to EMVCo, approximately 1 billion EMV cards have been issued globally and 15.4 million POS terminals accept EMV cards. The primary purposes of including a chip in a bank card are to store cardholder data securely, protect data stored on the chip against unauthorized modification, and reduce the number of fraudulent transactions resulting from counterfeit, lost, and stolen cards.

Smart Card Alliance website

Smart Card Alliance White Paper: Card Payments Roadmap in the U.S.: How Will EMV Impact the Future Payments Infrastructure?

Downloadable: CyberSource’s report on UK Online Fraud 2011

The report is based on an industry wide survey, and addresses the detection, prevention and management of online fraud.

The Cost of Fraud

On average, the percentage of annual online revenue that businesses expect to lose to payment fraud in 2010 has dropped from 1.8% to 1.6%.

The survey revealed that this does vary dramatically by merchant size:

  • very large businesses expected to lose £365,500 to online payment fraud, equating to an average of 1.5%
  • Large businesses expect to lose £173,500 (1.2%)
  • Medium businesses £66,000 (2.4%)
  • Small businesses £3,500 (1.5%)

The report delivers:

  • Key fraud metrics, including review and order reject rates
  • Most widely used fraud detection tools
  • Chargeback practices; re-presentment and win rates
  • Merchants’ fraud management priorities for 2011

Download the report here, required registration.

14 Arrested for Credit Card Fraud

First 4 digits of a credit card
Image via Wikipedia

Authorities arrested 14 members of a criminal ring that has netted $30 million in credit card and bank frauds

Courthouse News Service.

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: