The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
[UPDATE: Some offers mentioned below have expired and/or are no longer available on our site. You can view the current offers from our partners in our credit card marketplace. DISCLOSURE: Cards from our partners are mentioned below.]
Consumers who have been lulled in to a false sense of security over credit card fraud could be in for a rude awaking. That was the message delivered at Visa’s Global Security Summit held in Washington, D.C., on Wednesday.
Disclosure last week of a serious data theft involving some of the nation’s largest data brokers hovered over the conference, and some experts suggested it signals a new wave of sophisticated identity theft. A gang of criminals had long-term access to Social Security Numbers, dates of birth and a treasure trove of other non-financial information stored by Lexis Nexis and about a dozen other data brokers, security expert Brian Krebs reported last week. The data was often used to defeat so-called Knowledge Based Authentication, in which banks and other institutions ask personal questions to verify identities.
The incident shows that criminals trying to steal money from banks are using more sophisticated methods now, said Kurt Baumgartner, a security expert with Kaspersky Labs.
“The new angle is that the attackers are going in through the side door,” he said. “Now, instead of attacking just the payment processors, attackers are focusing on data brokers …The processors are locked down, so attackers are shifting focus to other sources of information.”
Criminals armed with full dossiers of data on victims — or with a resource to get whatever data point they need — have an easier time committing account takeovers.
Byron Acohido, author of Zero Day Threat and a cybercrime reporter at USA Today, said increased dependence on Cloud services has made life easier for criminals.
“What (firms) are doing is storing the information all in one place, putting it on servers and therefore (exposing it),” he said. “Now we learn the bad guys have had their fingers in the pie the whole time.”
Criminals armed with information such as date of birth and past addresses can do much more than make credit purchases in a victim’s name. Most consumers are unprepared to deal with the consequences of such a more severe bout of ID theft, Acohido said.
“The payments industry has done a good job in terms of consumers and (stolen) credit cards and making them whole, and there are regulations to protect them,” Acohido said.
“But people don’t realize what happens if the bad guys take out a loan in your name of get a passport in your name, then you are stuck. There’s very little protection, or regulation, to help. And I think we’re going to see that happen more.”
The development concerns FBI agent Donald Good, who said most consumers are unaware of all the information that data brokers have.
“What all that translates into for most folks is money,” he said. “A lot of times we all forget how much information on us is out there.”
The three spoke on a panel called Cyber Crime: Addressing Global Trafficking of Financial Data, at Visa’s annual global summit on security. The discussion covered a wide range of topics, but it circled back to the data broker heist several times.
In a larger sense, the audience — almost entirely fraud analysts at brand-name banks — expressed concern about placing continued trust in the Cloud. One questioner called the Cloud “a one-stop shop for criminals.”
Baumgartner put it more gently, admitting that the Cloud does “aggregate the information a little better for the attackers.”
There were also concerns expressed about fast adoption of mobile phone payments, with Acohido warning that all threats consumers encountered on their PCs are quickly being re-written by criminals for use attacking smartphones.
But ultimately Good said that consumers and employees tend to be their own worst enemy when they spend time online.
“Still, the most common method of compromise is via email, people clicking on a link in email that they shouldn’t, even with all the education that is out there,” Good said.
Image: Hemera
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams