by Stephen G. Smith
Originally posted Dec 20 2013 @ http://bit.ly/1ibCk1J
The timing for the 40 million-card Target data breach could not be worse—for consumers and financial institutions alike.
Since the breach was first brought to light by a security blogger on Wednesday, Dec. 18, Target has posted a letter to customers notifying them that the data exposed includes customer names, credit and debit card numbers and expiration dates, and card verification values. As of now, no significant PIN fraud has been reported, but that doesn’t necessarily mean PINs are in the clear.
We wanted to immediately disseminate that CSI is working proactively with our core customers to mitigate potential card fraud. To that end, we've already reissued more than 15,000 Visa debit cards to our customers. Our fraud monitoring capabilities have allowed us to accomplish this, despite the fact that Visa has yet to issue any compromised card lists.
It’s important to note that this investigation is in its infancy, and while many details remain unknown, there’s no better time to review the best practices for keeping your financial institution and its customers’ data safe.
First, an event of this magnitude underscores financial institutions’ need to employ a proper fraud monitoring solution, which provides 24x7 transaction screening and blocks suspicious activities, greatly reducing, even preventing, fraud losses. The most sophisticated solutions merge automation with skilled analysts who track trends, issue denials in real-time and quickly re-issue new cards to customers. They even can pick up on unusual activity by such variables as merchant type and geography, and deny authorizations from ever taking place.
Other crucial security controls include an updated intrusion prevention system, endpoint protection and regular network vulnerability scanning. Further, consider employing managed security services to monitor your outbound traffic behavior 24x7 and pinpoint such suspicious activity as large amounts of data leaving your network to an unknown destination.
In addition, keep communications with your customers open, and consider the following:
Alert customers that the Target breach could prompt a rise in such social engineering techniques as phishing, whereby cybercriminals posing as their bank will contact them in an attempt to extract additional financial data. If consumers are panicking in a time like this, they could fall prey to these scams. Let your customers know you will never ask for such personal information as PINs unless they initiate the contact.
Remind them to check their accounts daily, particularly if they shopped at Target during the pinpointed breach dates of Nov. 27 to Dec. 15. Any suspicious activity should immediately be reported to their financial institution.
The true breadth of this breach may remain unknown for weeks to come. For now, CSI is here to assist you and your customers in any way possible.
