Sunday, 12 October 2008

Fraud Ring Funnels Data From Cards to Pakistan


A sophisticated organised crime gang has been bugging credit card terminals at a number of large British retailers, forwarding the card and PIN data to Pakistan. The bugs are very subtle, and there is no external evidence of tampering. They maintain a low profile, stealing only small numbers of credit cards rather than indiscriminately copying everything.

1 comment:

Ben Wright said...

Brett: A quote in the WSJ article says the hackers are performing at a level of sophistication that rivals foreign intelligence services. The implication: Payment card data security requires much, much more than just forcing merchants to lock down data and comply with the PCI (payment card industry data security standard). Card data security is on par with national security issues. Card security requires wholesale rethinking of the credit card system. The Federal Trade Commission misunderstands the magnitude of the problem. The FTC is locked in an old-fashioned belief that data in-security is due to stupid merchants (like TJX) treating consumers (and their privacy) "unfairly" by failing to secure their systems. We need fresh thinking and better leadership on this issue from the FTC. --Ben