22 Aug
If you are one of those that wonders why Identity Theft has become such a problem, wonder no more. Here’s just a few reports from one week. The total - almost 2.5 Million!
Insider possibly compromises 2,000,000 records, including Social Security numbers, of mortgage applicants: “Countrywide Financial Corp. data loss circa 2008/08/02″
15,000 notified about lost flash drive containing names, addresses, credit card numbers and Social Security numbers: “Arapahoe Community College data loss circa 2008/08/04″
Personal and financial information of 380,000 on stolen laptop: “Ireland Department of Social and Family Affairs data loss circa 2008/08/11″
Names, Social Security numbers, and dates of birth of 92,095 on hacked server: “Dominion Enterprises / InterActive Financial Marketing Group (IFMG) data loss circa 2008/08/18″
16 Aug
Chip and PIN was designed to prevent fraud. Maybe it would be better to say that it was designed to prevent fraud in the areas that use it and to take the fraud losses off the banks. In that sense, it’s a tremendous success.
The business and financial press in the UK have been reporting, to the point of saturation, that fraud losses in the UK have been reduced by 50% over the past three years since Chip and PIN were introduced. The business and financial press in the UK have been reporting, to the point of saturation, that the UK is a hot bed of debit card fraud. The reason - Chip and PIN has driven overseas fraud up by 77% in the last year alone.
Chip and PIN has one major flaw. It isn’t universal. Most European banks will have deployed the technology by 2010. The US has no plans to deploy it - ever. So the magnetic strip on the back of the cards will remain. And that means business as usual for the bad guys. They simply capture the data from the Chip and PIN readers, clone it to a mag-stripe and bingo - they have a workable debit card that can be used where ever Chip and PIN technology isn’t in use - like the US!
And, according to Bob Sullivan over at the
Red Tape Chronicals (who is not often wrong) even the encrypted PINs have been hacked. According to that article, indicted criminals involved in the TJX hack and others are accused of
Downloading “tens of millions of credit and debit cards and PIN blocks associated with millions of debit cards.”
Obtaining “technical assistance from criminal associates in decrypting encrypted PIN numbers.”
Cashing out “by encoding the data on magnetic stripes of blank credit/debit cards and using these cards to obtain tens of thousands of dollars at a time from ATMs.”
I urge you to read Mr. Sullivan’s article. Let there be no mistake; fraud is big business operated by well educated and well connected organized crime. But not to worry, the Associations known as Visa and MasterCard are working hard to deal with it with technology like Chip and PIN that puts the losses on the merchants instead of the banks.
12 Aug
The history
A few years ago, there were stories circulating around the Internet about hotel key cards that contained a lot of personal information including your name, your address, and your credit card number. But then a quick trip to
Snopes would tell us that the stories were totally false. They even went so far as to say that the Police Detective that issued the initial information had issued a retraction. All well and good. I believed that; there was no reason for a hotel to save the information on the card.
The problem
A recent story released by
the Washington Post has dredged up the story again. Now we’re hearing that prostitutes and addicts in Vegas (Vegas has junkies?) are being arrested with hotel key cards in their possession. And these key cards DO have credit card information on them. All of it. It seems that the bad guys are passing legitimate cards through hand-held scanners and cloning the information onto the mag strip on key cards. After all, a magnetic stripe can be erased and re-written. These are then used by the bad guys on the street to cash out at ATMs and small purchases. If they get arrested, what’s so unusual about a hooker with a couple of hotel keys?
The answer?
Sounds to me like a no-brainer. Even in Las Vegas we wouldn’t expect anyone, even a prostitute, to have more than one key card. After all, when we check out, we’re supposed to leave them behind. So law enforcement needs to be more vigilant when doing a post-arrest inventory. Those cards need to be checked to see if they have hotel data or credit card data. It looks like, at least in Vegas, the PD is aware.
