Monday, January 14, 2008

The story of credit card theft - Part -1

The recent credit card theft that took place at TJX and Officemax retail stores are very common in spite of lot of Government and industry mandates. The moment you make a purchase using your credit card, chances are the device that is being used by the company aren’t updated for last 10-15 years – bit scary.

All Visa and MasterCard of this world at their level have instituted a good protection systems, security standards and policy but in the complete transaction cycle – Merchant application(RETAIL STORE ETC) remains at a risky state due to lack of awareness or support from business vis-à-vis becoming the MOST VULNERABLE POINT in the financial transaction. Hence, most of the security breach happens to the systems that involves large retail stores, Gas stations etc. They are largely an open invitation to part time computer geeks with an access to internet.

Here is how, the moment you swipe your card, the credit card details are captured raw(plain text/weak encryption) and then send it to the central system from the local retail center server as part of the daily consolidation. A hacker or a wrongdoer could gain access to this system and might be able to get 200-400 active credit accounts. However, smart hackers, look into the upstream system and find out way to get into the mail server. This number could be in range of 40-45 million CREDIT CARD ACCOUNTS - Once the hacker is able to get into the main central system - he can also get access to -

1) Credit card number
2) Expiration date details
3) CVV number (remember the security code that most of the websites ask for double validation - This is also no fool proof)
4) Private information - Home address, Telphone number etc
5) Your authentication details if the merchant holds websites to manage through e-business

This is what might have happened to TJX and OfficeMax stores.

Stay tuned for more information -
- How to manage this information ?
- What are the protections systems that are possible ?
- What are the various governmental and industrial mandates ?
- What is Credit Card companies doing to ensure better protection of your credit card account?

Till then STAY TUNED…
Posted by at

1 comment:

Anonymous said...

Very interesting..... :)

But the problem is how to safeguard it..... Once you people implement something other people break it

Recently Virtual keyboard on one of the bank site.... I really liked it...

I guess this is ongoing process & theft will never stop.... :(

Regards

12:37 AM

Post a Comment

Subscribe to: Post Comments (Atom)