This article by eWeek's Brian Prince talks about how hacking has become so prevalent that it is driving the price of credit/debit card data down. One thing for sure. If hackers get their hands on the Track2 Data AND the PIN they will have hit the jackpot. (see what the Secret Service project the value of those items to be compared with a simple Primary Account Number (PAN) and CVV2)
Looks like it's somewhere around 1000 times more valuable. This is why HomeATM has gone to such lengths to 3DES encrypt the Track2 data through Zones 1-4 and 3DES DUKPT end-to-end encrypt the PIN.
The PIN IS the Holy Grail for Hackers and the world wide web is the "information highway" that puts your PIN at risk. It doesn't matter to them if you type or if you click. If you do it in a web browser it is fair game for the hackers.
If you want to secure your PAN and your PIN then the eCommerce transaction MUST be done outside the web browser space. Want to "hand over" your account over to the hackers? Then keep on typing, clicking or otherwise entering your PIN into a web browsers.
The hackers are watching...
Internet security is busted, said researchers at the Black Hat conference in Las Vegas today.
"The best strategy to defend against Clampi is to use separate machines for Web surfing and funds transfer"
- Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.
"Using Windows, it's too dangerous to
do transactions on the same machine you do for Web surfing," he says.
"You can't have any crossover between them."
Editor's Note: Which is why HomeATM doesn't use the Web browser.
We encrypt the data and use the Internet as a conduit to transmit the encrypted data
so that card holder data is never in the clear.
Stolen Credit Card Data Goes for Cheap on Cyber-Black Market
Hacking large companies as Albert Gonzalez is alleged to have done can be profitable. But stolen credit cards and other data may not sell for as much on the black market as you expect.
The black market economy of the cyber-world is always busy, especially in an age of massive data breaches like the ones that occurred at Heartland Payment Systems and Hannaford Brothers.
According to research from Kaspersky Lab posted Aug. 17, U.S. credit cards are not worth as much as you might think. While analyzing malware, Kaspersky Lab virus analyst Dmitry Bestuzhev came across a Website with pricing information for the credit cards swiped by cyber-crooks. The highest prices belonged to German credit cards, which sold for $6 (USD) a piece. U.S. Visa cards sold for $2.
"It's certainly difficult to say how many sites like this there are now," Bestuzhev said. "I believe it's not very many because the bad guys don't need to largely market their business. Their customers know them already and if there is a new one, it is passed along by others. It's a kind of club where cyber-criminals 'know each other' in terms of online life."
Continue Reading
Jul 30, 2009 - PIN Payments Blog
No Website is Safe; Online Transactions aren't safe; Use the Internet for browsing,
use another device for payments. Read more about those bulletpoints in
the related articles section below. In the meantime, there's only one "another ...