The US credit card industry was a very late adopter of security chips, lagging the EU by a decade or so; when they did roll out chips, it was a shambolic affair, with many payment terminals still not using the chips, and almost no terminals requiring a PIN (and some require a PIN and a signature, giving rise to the curiously American security protocol of chip-and-PIN-and-swipe-and-sign).
The adoption of security chips has not slowed credit card fraud, either. 60,000,000 US credit cards were compromised in the past 12 months and 90% of those were chip-enabled. The majority of compromised cards were stolen by infected point-of-sale terminals. The US has the worst credit card security in the world.
The findings come from a Gemini Advisory report, which blames a "lack of chip compliance" in merchants for the rise.
Based on the proprietary Gemini Advisory telemetry data collected from various dark-web sources over several years, we have determined that in the past 12 months at least 60 million US cards were compromised. Of those, 75% or 45.8 million were CP records, likely compromised through card-sniffing and point-of-sale (POS) breaches of businesses such as Saks, Lord & Taylor, Jason’s Deli, Cheddar’s Scratch Kitchen, Forever 21, and Whole Foods. To break it down even further, 90% or 41.6 million of those records were EMV chip-enabled.
Furthermore, the shift in Card-Not-Present (CNP) fraud is becoming more evident with a 14% increase in payment cards compromised through e-commerce breaches in the past 12 months. Payment card data that that was stolen from Orbitz, Ticketmaster, City of Goodyear, and British Airways represented only a small part of the 14.2 million CNP records posted for sale in the past 12 months.
Card Fraud on the Rise, Despite National EMV Adoption [Gemini Advisory]
Credit Card Chips Fail to Halt Fraud, Survey Says [Jeff John Roberts/Fortune]
Nearly two weeks after the city of Baltimore's internal networks were compromised by the Samsam ransomware worm (previously), the city is still weeks away from recovering services -- that's weeks during which the city is unable to process utility payments or municipal fines, register house sales, or perform other basic functions of city governance.
Google has published the results of a study of the efficacy of standard anti-account-hijacking techniques like two-factor authentication (2FA), secret questions, and passwords: the good news is that when these are used, they are incredibly effective at stopping both automated and targeted attacks, including "advanced" attacks of the sort that are often characterized as unstoppable.
In 2014, Quentin Tarantino sued Gawker for publishing a link to a leaked pre-release screener of his movie "The Hateful Eight." The ensuing court-case revealed that the screeners Tarantino's company had released had some forensic "traitor tracing" features to enable them to track down the identities of people who leaked copies.
Raspberry Pi is one of the world’s most versatile open-source computers. Alexa is a home automation hub with limitless potential. Together, they’re a dream team for ambitious makers, opening the door to everything from automatic lights to voice-controlled robots. Learning Raspberry Pi is meant to be relatively easy for newbies, but its applications with Alexa […]
Heads up: The clock is winding down on a free-entry contest to win not only one of the best smartphones on the market but a handy pair of earbuds. A simple sign-up is all you need to be eligible to win a 256 GB iPhone XS Max, along with AirPods. And while “free” is tough […]
Kudos to those of us who have chosen a less wasteful third option to “paper or plastic” at the supermarket or club stores. Tote bags are reusable, but they can be a pain to tote around. Here’s an upgrade to that planet-saving measure. The Club Cart Lotus Trolley Bag is that rare tote you’ll want […]