Keeping Information Safe

There is a growing trend amongst cyber attackers to move beyond credit
cards to newer areas and  stealing PINs of debit card is a new
phenomenon which has become attractive as cash can be withdrawn.
Incidentally, according to State of Cybercrime, 2009 Report by Verizon
Business,  the value associated with selling stolen credit
card data have dropped from between $10 and $16 per record in mid-2007
to less than $0.50 per record today. The report also saw an explosion
in PIN attacks. The report also concludes that PIN fraud puts a larger
share of the burden of proof that transactions are fraudulent upon the
consumer which  makes the recovery of lost assets more
difficult and time consuming than with standard credit-fraud charges.
The remedies, as per the report lie with the banking infrastructure but
this is also a public security threat as the impact is felt in the
community when a repayment is missed leading the customers in a
difficult situation.



The report points to the modus operandi of the attackers. The
attackers, according to the report, cyber criminals use sophisticated
techniques to access information in secure locations by using
cryptographic key. Also, the PIN management process are
usually available in public domain. According to the report,
if a hacker is able to compromise a critical part of the supporting
infrastructure they may be able to steal the PINs for
consumer’s accounts. The crux of the problem, as per the
report is the fact that a large number of PIN infrastructure is stored
using outdated and inadequately configured technologies which are
susceptible to attacks. The report suggest that the best way to protect
themselves and consumers against this type of fraud would be for
financial institutions and supporting businesses to understand about
ways to protect their PIN code infrastructure.



Verizon Business's Investigative Response Team is engaged in analyzing
data compromises and helping financial organizations to protect
themselves against debit card PIN attacks. Verizon team travel around
the world and help financial organizations help investigate cyber
crimes. They also work with the federal and industry regulators and law
enforcement agencies. The team also has the capability to quantify the
financial losses which might result as a result of security breach.
Asia is one of the important geographies for Verizon Business
considering the rate of growth of cyber attacks in this part of the
world. According to Bryan Sartin, Director, Investigative Response,
Verizon Business, “Of the investigations that is being
carried out by Verizon, APAC accounts for around 20 percent.”



Verizon Business has a program called Guarantee Response through which
it guarantees response within 24 hours once it is reported to the
investigation team. Within Asia,  India is an important
country from the compliance point of view.  According to, Mark
Goudie Managing Principal, Asia Pacific, “Investigative
Response Indian companies because of their international business and
particularly their outsourcing engagement wherein they are supposed to
comply with several clients' compliance mandate required by their
country. It ranges from PCI to ISO to HIPA and others. Due to this,
Indian companies are more prepared to face the security breaches.
“



Verizon Business on an average does about 250 investigations across the
word and the biggest challenge for it has been identifying the source
of such attacks, getting there quick, identifying how it is happening
and then taking steps to quickly stop this completely to ensure that
there is no further loss to the organization.