Digital Transactions Authoritative, insightful and timely information for payments professionals
The increase in thefts of personal and financial information from databases, highlighted by the recent security breach at payment processor CardSystems Solutions Inc., is causing other processing entities to enhance security efforts beyond just fortifying computers and telecommunications links. For instance, Vital Processing Services LLC, a big merchant processor based in Tempe, Ariz., several months ago began doing background checks on those employees of about 300 software firms that develop applications for Vital and could have access to sensitive data. So far, 25 to 30 people have been screened, says Eric Boazman, vice president of client relations. Boazman was a member of a panel that addressed security issues Thursday at the Midwest Acquirers Association annual conference in Chicago. Another panelist, Dan Kniola, director of network operations and administration for Morgan Stanley's Discover Financial Services Inc. unit, illustrated the increasing skill that fraudsters are displaying in obtaining payment card account numbers. The street price for a fraudulently obtained account number has fallen from $50 about two years ago to $10 today, according to Kniola. The reason is simple: “It's more supply,” he says. Account numbers can be obtained through database break-ins, such as the one that occurred at CardSystems, through employee theft, and by duping consumers online through phishing and its younger cousin, pharming, as well as through proven low-tech methods such as dumpster diving for personal information or theft of documents in the mails. Canceling an account and reissuing cards is a costly proposition for card issuers. The process costs Discover $39 per account, according to Kniola. That's why Discover prefers to monitor potentially compromised accounts if no suspicious activity has occurred rather than do blanket re-issues. The U.S. House of Representatives' Financial Services Subcommittee on Oversight and Investigations is looking into a recent string of security breaches involving card data. The largest of these occurred at CardSystems, where a hacker was able to gain access to data related to 40 million accounts and apparently stole data linked to 200,000 accounts. Visa U.S.A. and American Express Co. say they will ban CardSystems from processing their transactions come Oct. 31, a potentially fatal blow to the Atlanta-based processor (Digital Transactions News, July 21).
