Experts say card issuers picked up on the Michaels card breach by employing strong transaction monitoring and behavioral analytics, proving that cross-channel detection tools are the best ways to curb growing card-fraud schemes.
Michaels Stores Inc. says POS PIN pads at nearly 90 stores in 20 states were tampered with, exposing debit and credit cardholders to fraud. Now the chain says it is replacing PIN pads at the majority of its 964 U.S. stores.
Police and the U.S. Secret Service are now investigating a series of fraud incidents involving Chicago-area customers of the Michaels craft store chain, which appears to be another victim of POS device tampering.
Technology to fight ATM skimming continues to advance, but so do the threats. Fraudsters have devised new ways to work around - if not defeat - new anti-skimming solutions, say industry experts who point to global ATM fraud trends.
ID fraud prevention requires partnership, and according to Javelin, the future of fraud-detection should be built around integrating a bank's back-end solutions with the fraud-prevention and detection solutions in which consumers are already investing.
The so-called POS "swap" attack is rare, but effective, not only against mag-stripe cards but chip-based cards as well. The same mode of attack was used against Hancock Fabrics, leading to card fraud that affected more than 140 customers.
Experts warn of ingenious phishing attacks based on the latest news. "This is one of those rare opportunities that can build you a great list and a couple of zeros in your profit," one hacker is quoted as saying.
How did fraudsters hijack the identities of scores of South Florida residents for the filing of fraudulent tax returns? Thieves had funds electronically routed to bank accounts, and then quickly withdrew the funds using debit cards at ATMs.
Sony Corp.'s announcement that hackers may have accessed data on 77 million gamers follows a long line of recent breaches. And Neal O'Farrell of the Identity Theft Council says the string of incidents has led to consumer 'breach fatigue.'
Online security has come a long way in recent years, but so have phishing attacks. As the Epsilon e-mail breach proves, fraudsters are honing their attacks through the acquisition detailed e-mail profiles and sensitive information connections, says ID security expert Tim Rohrbaugh.
"The phishing only works if the consumer participates; they have to click on something; they have to open something," says Neal O'Farrell of the Identity Theft Council. "So, based on that assumption, shouldn't we be doing more to educate them?"
Gigi Hyland of the NCUA says the latest draft of online authentication guidance is awaiting final signoff from just one FFIEC member agency. And Verizon's new data breach report finds that compromised records resulting from data breaches dropped dramatically in 2010, but the number of breaches continues to grow.
Key questions: What impact - if any - will the recent RSA and Epsilon data breaches have on the FFIEC's pending authentication update? And when will this long-awaited banking guidance finally be released?