The Rippleshot Data Breach Blog

Data Breach Ripples: Week of August 14

Written by Zach Walker | Aug 14, 2015 6:00:00 PM

In this week's issue: a Chip-Card skimmer was uncovered inside an ATM in Mexico, an investigation has been conducted into Carphone Warehouse's data breach, eCommerce sites brace for an increase in fraud, authorities foil a 5-year hacking scheme and in this week's Rippleshot blog post, we take a look into small businesses and how many are unaware of the upcoming EMV shift.

Chip card atm "Shimmer" found in mexico

In the never-ending game of Cat and Mouse, one of the latest tools fraudsters use has been uncovered by fraud experts in Mexico, sparking concerns over the security of chip-enabled cards. An ATM skimming device, dubbed an ATM “shimmer,” was found in Mexico that is able to capture the data that is read by the ATM.  This skimming device is placed directly inside the ATM’s card acceptance slot where it can scrap the payment information stored on the magnetic stripe, as well as the more secure integrated circuit card verification value (iCVV). 

The iCVV is different from the current card verification value (CVV) that is currently used on magnetic stripe payment cards and helps prevent the copying of the payment data on the magnetic stripe. Learn more about the benefits and downsides surrounding the upcoming EMV migration in our white paper, EMV Adoption In The U.S.   

Carphone warehouse data breach investigated 

Over the weekend, a mobile phone retailer disclosed that it had fallen victim to a data breach. Carphone Warehouse, headquartered in London, discovered on Wednesday that a security incident had taken place, compromising the personal information its customers.

The Information Commissioner’s Office (ICC), the UK’s governmental entity in charge of data security, noted that Carphone Warehouse’s 2.4 million customers across Europe are at risk. Currently, the ICC believes that the payment information of as many as 90,000 customers may have been compromised in the attack. Carphone Warehouse handles several websites like OneStopPhoneShop.com and e2save.com. Carphone Warehouse stated that the company has taken down any affected sites to mitigate future risks. 

e-commerce sites will take a hit in october after emv migration

You have probably noticed that more and more POS terminals are being replaced with EMV-compliant terminals at the retailers and merchants that we transact with daily. In October, the U.S. will finally make shift to EMV-enabled payment cards that will help in reducing total fraud losses for everyone in the payment ecosystem. After the deadline the larger card issuers will stop taking losses on card-present transactions at merchants that have not updated their terminals to transact with chip-enabled cards.

While the chip-and-signature cards are more secure than the traditional magnetic stripe cards, the payments industry will face an increase in card fraud related to card-not-present transactions, ATM skimming and other places where EMV adoption is still lagging. Fraudsters are aware that starting in October, their stolen cards will be replaced with brand new cards, making their current stash of stolen cards worthless. 

Authorities foil five-year scheme allegedly stealing press releases

The U.S. Department of Justice announced on Tuesday that five men were arrested in Georgia this morning in connection with five-year hacking scheme. Federal authorities that commented on the investigation stated the hack targeted more than 150,000 corporate press releases that were privy to corporate information that the public was not aware of.

These stolen releases could have been used in connection with securities traders in order to manipulate the market via stocks and options. In a news conference, U.S. Attorney for New Jersey Paul Fishman said that thirty-two people had been arrested under both civilian and criminal charges linked to the hacking scheme.

Rippleshot Content: majority of small business owners unaware of emv shift

In this week's Rippleshot blog post, we continue our coverage on the October 2015 deadline for merchants to be EMV-compatible. Whichever party (issuers or merchants) is not EMV-compliant after the deadline will take responsiblity for fraud and all related chargebacks. In a July 2015 survey conducted by Wells Fargo, 68 percent of the small business owners that were surveyed were not even aware that the EMV shift was on the horizon. We take an in-depth look at the survey and shine some light on the EMV migration from the perspective of a merchant. 

 

SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.