Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

United States

Where do security breaches occur? What type of data is stolen and who makes the discovery?

Credit card
Image via Wikipedia

Trustwave has published its Global Security Report 2011 and it has some very interesting research.

The research is from incidents investigated by the company. Specifically, a total of 220 investigations, undertaken against suspected breaches, 85% were confirmed with 90% resulted in data theft.

The headline statistics are:

Industry breakdown of where the incident happened

  • Food and beverage   57%
  • Retail   18%
  • Hospitality   10%
  • Government   6%
  • Financial   6%
  • Education   1%
  • Entertainment   1%
  • Construction   1%

 Types of Data stolen

  • Payment Card Data   87%
  • Sensitive company data   8%
  • Trade Secrets   3%
  • Authentication Credential   2%
  • Customer records   2%

It could be that Trustwave is a Payment Card Industry Forensics and Incident Investigator or it is further proof, if we needed it, that the bad guys are after the money.

Who found out that there had been an incident?

  • Regulatory detection   60%
  • Self detection   20%
  • Public detection   13%
  • Law enforcement   7%

Is it any wonder why the credit card issuers are strictly enforcing Payment Card Industry Data Security Standards (PCI DSS) when Merchants find 1 in 5 Account Data Compromises (ADC), also known as a breach.

Previous research found that the majority of cards are used in multiple frauds.

Merchants come out on top in the time to detect a breach

  • Regulatory detection  156.5 days
  • Public Detection   87.5days
  • Law Enforcement   51.5 days
  • Self Detection   28 days

This is interesting, 1 in 5 breaches were found first by a Merchant which means the majority of breaches take over 100 days to be discovered.

Trustwave www.trustwave.com

Card Payments Roadmap in the U.S.: How Will EMV Impact the Future Payments Infrastructure? – Smart Card Alliance

Close up of contacts on a Smart card with sign...
Image via Wikipedia

The EMV specification defines technical requirements for bank cards with embedded microchips and for the accompanying point-of-sale (POS) infrastructure. With few exceptions (primarily in the United States), financial institutions worldwide issue EMV bank cards to businesses and consumers.

According to EMVCo, approximately 1 billion EMV cards have been issued globally and 15.4 million POS terminals accept EMV cards. The primary purposes of including a chip in a bank card are to store cardholder data securely, protect data stored on the chip against unauthorized modification, and reduce the number of fraudulent transactions resulting from counterfeit, lost, and stolen cards.

Smart Card Alliance website

Smart Card Alliance White Paper: Card Payments Roadmap in the U.S.: How Will EMV Impact the Future Payments Infrastructure?

29% of credit card holders hit by fraud as global fraud rises

ACI Worldwide conducted fraud research in 14 countries and found that 29% of the 4,200 respondents had been victims of credit card fraud in the last 5 years.

The percentage in the UK was above the norm at 33%, a rise of 6% in the last 18 months. This estimates the number of UK Consumers hit by credit card fraud as 14.6 million in the past five years.

Other countries fared better, such as the Netherlands with 11% experiencing fraud whilst others, like China with a 43% fraud rate, fared worse.

ACI Worldwide http://www.aciworldwide.com

Risk of identity theft in hotel declines – USATODAY.com

Hotels are no longer the No. 1 target of hackers in their quest to steal credit card information but your data still has a higher chance of being stolen inside a hotel, a veteran cybersleuth tells Hotel Check-In.

Last year, hotels became a top priority for online criminals seeking to steal travelers’ credit-card information and other data.

But this year, online thieves are now focusing on restaurants, Nicholas Percoco, senior vice president and head of SpiderLabs at data security firm Trustwave, told me. That means they might target a posh hotel restaurant with a sommelier, a fast-food joint or anything else in between.

Thieves started to ease up on hotel computer systems in mid-2010, about 18 months after attacking Wyndham hotel computers and computers of other chains.

I asked Percoco if hotels moved down a notch because the industry spent more money to protect their computer systems, if travelers got smarter or if thieves just decided to move on.

It’s a mix, he told me. Many of the big chains – like Marriott, Hilton and InterContinental Hotels Group, though he wouldn’t name names – have thrown resources to shore up their computer security, he told me.

Furthermore, all the media reports about hotels being at risk for cybercrimes made the thieves fearful that they could get caught.

As they did with hotels, these cybercriminals look for a weak link in a restaurant or fast-food chain and enter their computer system to steal credit-card information and other data

Risk of identity theft in hotel declines – USATODAY.com.

http://travel.usatoday.com/hotels/post/2011/02/trustwave-spiderlabs-hotels-hackers-identity-security/142372/1

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: