PCI Free Blog

Clever Criminal Tactics Spell Increased Urgency for PCI Compliance

We talk a lot on this here blog about credit card fraud and computer hacking since the Payment Card Industry Data Security Standard (PCI DSS) outlines specific measures and security requirements to guard against cyber theft.  But in these discussions attention is focused, almost without exception, on the number of accounts compromised in the big data breaches.  Not as much is made of the actual number of card numbers used to commit fraudulent charges. 

This is a key statistic since it indicates the actual financial liability incurred by a data breach.  If just one of a thousand stolen cards is illegally used for $1000 worth of purchases, the loss due to fraud is $1,000.  If all thousand cards are used for $1,000 worth of purchases, the loss due to fraud is $1,000,000.  In the past the number of stolen card numbers actually used for fraudulent purchases is pretty small at less than one percent in the biggest data breach cases.  The reason this rate is so low is largely logistical.  If you just stumbled upon a list of a thousand valid credit card numbers (assuming you are criminally minded and hatch a plot to use them to your benefit), you would probably be hard pressed as to how to start your stealing.  There is also the risk of either being caught red-handed or the issuer figuring out the compromised account numbers and shutting them off.  Either of these situations is likely to occur long before you’ve made a serious dent in your available stolen credit. 

But nowadays criminals are more highly motivated and resourceful.  A recent FBI report revealed that hackers had successfully gained access to the computer data of RBS WorldPay, a very large merchant processor.  Using account numbers stolen from RBS the thieves distributed cloned cards to accomplices around the world.  Then in an orchestrated raid the gang stole millions of dollars from ATM machines over a 10 hour period on November 8th, 2008.  Coordinated efforts like this indicate a vast criminal network with the potential to cost many more millions in stolen funds.  They can only have become more efficient and unobtrusive with practice over the last three years.

This is why we say get your business PCI compliant today.  This site allows merchants to achieve and maintain their PCI compliance quickly, easily, and at no cost.  Please go to our home page for more information.

This entry was posted in PCI Compliance, PCI DSS and PA-DSS, Sensitive Data Storage. Bookmark the permalink.

Leave a Reply