Credit Card Fraud Prevention for Merchants

As reported here and elsewhere, we know that the Heartland data breach went on for several months and resulted in the neighborhood of 130 Million credit and debit cards being at risk or exposed. I’ve pointed out that once these card numbers are out there, they will probably be used until they expire or they are cancelled. Yesterday’s article in BankInfoSec reminds us that the threat is very real. First National Bank of Durango in Colorado announced that 5,000 debit card customers were at risk.

We shouldn’t be surprised. Albert Gonzalez didn’t stick those 130 million numbers in his pocket and wait for the Feds to break down his door with an arrest warrant. He sold the numbers- probably all 130 million of them. They’re still out there and I’m willing to bet that, now that the heat on Gonzales has cooled a bit, those in possession of the information will start to use it.

And I’m not just picking on Heartland. TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority and Dave & Buster’s were all in the similar time frame and Gonzalez had a hand in all of them. All told, we’re looking at somewhere over 170 million at-risk or exposed accounts. The population of the US is about 308 million so it wouldn’t be too far fetched to say that almost half the population was exposed.

They are still out there, fellow merchants, and the fallout has probably just started.

Be careful, and if you need to learn how to protect yourself, have a look at our webinar

Not only do we know that regular smart cards are easily hacked, now there’s evidence that Chip and PIN is hackable too.

I put the full blog post over on the Cardholder911 site because it looks like, in this case, it’s going to be the card holder and not the merchant that’s left holding the (empty) bag.

If you’re in the USA, you probably don’t have one of these yet but you can bet that it won’t be long. You should probably read the post.