Monday, January 12, 2009

CheckFree Users not Scot-Free

CheckFree initially reported that about 160,000 consumers were exposed to their recent breach, but has since adjusted those numbers by +4.84 million.  The reason for the adjustment was straight-forward...their "inability to determine the actual identities of customers redirected to the Ukraine by hackers."  So one has to question how they came up with the 160,000, er 5 million number.  They have 40 million plus users. 

According to a story from Bank Technology News' John Adams; entitled "CheckFree's Hack Attack Has a Long Tail"  it's been a good year for hackers.  "The CheckFree hacking put the cap on a brutal year for security, with Guardium estimating a 50 percent increase in data breaches across all industries in 2008—affecting nearly 36 million Americans—with another 50 percent increase predicted for 2009".

Wow...that's a disturbing trend.  What's more disturbing, is that Avivah Litan, VP and distinguished analyst at Gartner, says payments and funds transfer processors, rather than retailers are now the one's being targeted by hackers.

Still, the takeaway for the payments industry is that crooks are getting very wise to where the real booty is to be found—the payments and funds transfer operations which provide access to the point at which money enters and exits financial institutions. “There’s an emphasis on attacking processors now instead of retailers,” Litan says.

Here's a portion of the news story from Bank Technology News:
For a five-hour period in December, customers accessing CheckFree’s electronic bill payment site instead found themselves unknowingly redirected to the worst neighborhood on the Internet—a bogus malware site manned by Ukrainian hackers. That’s the easy part to figure out.

According to a notice recently filed by CheckFree parent Fiserv with the New Hampshire attorney general’s office, about 160,000 customers were exposed to the breach. Yet the firm and a number of its banking clients are alerting a whopping five million consumers to possible exposure.


The reason for that 4.84 million-customer gap between estimated and potential exposure is the inability to determine the actual identities of customers redirected to the Ukraine by hackers, requiring the additional notification of clients of banks that outsource their bill payments to CheckFree.



continue reading at American Banker/BTN




Reblog this post [with Zemanta]

Disqus for ePayment News