Blog article
See all stories ยป

An article relating to this blog post on Finextra:

Malware used in Hannaford card data theft

A security breach at US grocer Hannaford Bros that compromised around 4.2 million credit and debit card accounts was caused by fraudsters installing malware on servers at all of the retailer's 300 sto...


See article

PCI Data Security Law

Legally speaking, we can't expect the PCI to keep up with the criminals. Therefore the legal system (Federal Trade Commission) is wrong to punish merchants like Hannaford and TJX for credit card break-ins. --Ben
2623

Comments: (2)

A Finextra member
A Finextra member 31 March, 2008, 23:55Be the first to give this comment the thumbs up 0 likes

The aim should be to remove the value in stolen card and personal data.

The current methodology of transacting is flawed and unless it changes there will just be more of this going on. In boom times insider threats tend to diminish, but when people get financally stressed or fear job loss they may be more ameniable to a few dollars on the side.

There are easy, low cost ways to do it. Perhaps the tightening financial markets will see retail banks looking at more modern and relevant ways to get ahead of the criminals.

The alternative is a third party Paypal type service taking over the retail transaction space and turning old fashioned banks back into somewhere you (temporarily) park your money. 

A Finextra member
A Finextra member 08 July, 2008, 18:52Be the first to give this comment the thumbs up 0 likes Dean:  I agree that current US public policy makes paypal a more attractive option.  But that policy -- which is most famously advanced by the Federal Trade Commission -- is inadvertant.  The FTC and other authorities have mindlessly adopted the conventional wisdom that the problem of merchant data security is a merchant problem alone and not a systemic problem.  --Ben  http://hack-igations.blogspot.com/2008/04/more-on-tjx-data-breach-and-federal.html