Card Data Fraud.

Slides:



Advertisements
Similar presentations
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Advertisements

PCI DSS for Retail Industry
Cyber Insurance for Data Breaches Márk Félegyházi Laboratory of Cryptography and System Security (CrySyS Lab) Department of Telecommunications Budapest.
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
Ethics CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Dino Tsibouris (614) Information Security – What’s New In the Law?
INFORMATION WARFARE Written by: Larry Druffel Presented by: Frank Dang TCOM 614 Introduction to Telecommunication University of Redlands.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
From Paper To E-Payments: The Story of Wells Fargo Home Mortgage Nathan Stephenson Terri Godlevsky.
Why Comply with PCI Security Standards?
Northern KY University Merchant Training
Travillon Consultants
Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services.
Identity-Theft is the fastest growing crime in America; 9.9 MILLION victims were reported last year, according to a Federal Trade Commission survey!
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Protecting Customer Websites and Web Applications Web Application Security.
PCI requirements in business language What can happen with the cardholder data?
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
McLean HIGHER COMPUTER NETWORKING Lesson 8 E-Commerce Explanation of ISP Description of E-commerce Description of E-sales.
VeriShield Protect Revolutionary technology that simplifies PCI DSS compliance with no system upgrades Now available on V x Solutions!
Risks and Protection. What are the risks of shopping online? Spend 2 minutes identifying risks associated with shopping online card details could be stolen.
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
Security Mindset Lesson Introduction Why is cyber security important?
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Security risks in a network. Remote access  When you connect a computer to a network it is visible to all other computers on the network. When you connect.
Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.
By: Ted Worthington.  About TJ Max  Discovery  How the break in occurred  The Payment Card Industry-Data Security Standard  Lawsuit and Investigation.
Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.
Security is Broken… Time to Change the Game. The Security Industry Is Broken! Employee Data Breach The Worst Part of Sony Hack Missed Alarms and 40 Million.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Summary of Changes. General These are changes that have come up in many EMV migrations that I have assessed and been involved in. The changes are broken.
The Future. What will Change Fraud will not go away It will become more sophisticated and clever We have to step up to beat it June 16Caribbean Electronic.
Practical IT Research that Drives Measurable Results Develop a PCI DSS Compliance Strategy.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
INF526: Secure Systems Administration Team Status Exercise 1 Prof. Clifford Neuman Lecture 5 17 June 2016 OHE100C.
You’ve Been Hacked! What to do when your personal information has been compromised Paul T. Yoder, Information Systems Security Specialist.
Making card acceptance work for you
Policy Development Milan Adams.
THE PROBLEM Identity theft occurs when someone’s Personal Identifying Information (Social Security number, date of birth, driver’s license information,
McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.
Building A Security Program From The Ground Up
Gift Card Risk Mitigation – Presentation A
Point of Sale Attacks By Deepak.
Introduction to a Security Intelligence Maturity Model
Problems – Technical Requirements
Making card acceptance work for you
Network monitoring service pricing. Table Of Contents 1.Company Overview 2.Network monitoring service pricing 3.Certifications.
September 18, 2018.
My First Template.
DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat
Today’s Risk. Today’s Solutions. Cyber security and
Cyber Security Case Study 2011 Playstation Network Hack
Connor Griesemer and Kevin Wu
DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat
Figure 1. Number of Records Breached
RUBIDEX Blockchain Overview RUBIDEX.NET-A reliable Blockchain Solution.
Presentation transcript:

Card Data Fraud

External Compromise and Trends The theft of card data (hacking) has been increasing over the last few years and has been one of the main reasons for the introduction of PCI DSS. However PCI has meant that the methods used have changed and become more technical. At first the targets where large holders of card data, such as processors in the US. Attacks where often against live and test systems as the companies where using large volumes of live data to test. January 19 Caribbean Electronic Payments LLC

External Compromise and Trends Targets have included: Processors, Heartlands, CardSystems Solutions Inc Banks, JP Morgan Chase, BNY Mellon Retailers TJ Maxx, AOL, Home Deport, Sony Governments, US Military, Greek Government Often running into millions of card data lost. 130 million Heartlands 94 million TJ Maxx January 19 Caribbean Electronic Payments LLC

The Underground Fraud Market These details would be sold on the underground and dark web to crooks – anybody Call centres would sell spreadsheets of data at the gates of the centre in India Any data stolen can be sold. Even if the price was a dollar a number that’s a lot of money when you have stolen 94 million.

Top Attacks Vectors Originally – large unencrypted databases with poor fire walls Later breaches, after databases had been encrypted, used SQL Sniffers to identify when data was in the clear for Customer Service Calls

Prevention through Simple Controls The rules applied via PCI DSS are simple and could have been used 25 years ago: Encrypted databases Secure networks and firewalls Sensitive data encrypted at source – tokenisation Sensitive data not retained by retailer, processor, card scheme, etc. January 19 Caribbean Electronic Payments LLC

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.