[ISN] Heartland Aftershocks: Still at Risk?

From: InfoSec News <alerts_at_private>
Date: Fri, 5 Mar 2010 02:44:38 -0600 (CST)

By Linda McGlasson
Managing Editor
Bank Info Security
March 4, 2010 

Earlier this week, First National Bank of Durango, CO came forward to 
reveal that as many as 5,000 of its customers were at risk because of 
new fraudulent transactions tied to the Heartland Payment Systems data 

The incident begs the question: Are banking institutions and customers 
still at risk of similar aftershocks from this historic case?

Fraud Scenario: 'Lie Low and Wait'

What happened to First National Bank of Durango is not unusual, says 
Avivah Litan, Gartner distinguished analyst. "Typically the crooks will 
use stolen cards right after a heist until the looting is discovered and 
publicized in the media," she says. "At that point, the crooks will lie 
low and not use them because of heightened alerts that will flag and 
stop their use (e.g. because the cards are on watchlists)."

Then when time passes and the heat is off, "The crooks will rear their 
ugly heads and start using them again, as has happened here," Litan 

Debra Geister, Senior Director, AML and Compliance Services at 
LexisNexis Risk Solutions, says this scenario is really no different 
from a sleeper scam, where the fraudsters sit back and wait until an 
opportune time to strike. "Keep in mind, in the fraudster's world, this 
[credit card] data is their asset. It is how they generate income."


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Fri Mar 05 2010 - 00:44:38 PST

This archive was generated by hypermail 2.2.0 : Fri Mar 05 2010 - 00:59:58 PST