Security News > 2011 > May > Michaels Breach: Patterns Showed Fraud
http://www.bankinfosecurity.com/articles.php?art_id=3639 By Tracy Kitten Managing Editor Bank Info Security May 13, 2011 Card issuers were quick to link incidents of debit and credit fraud to the Michaels retail chain, experts say - a sign that strong transaction monitoring and behavioral analytics are the best ways to curb growing card-fraud schemes. The Michaels card breach is now believed to have affected stores in 20 states. The mode of card fraud: Point-of-sale PIN pad tampering, also known as PIN pad swapping. [See 3 Tips to Foil POS Attacks.] Brian Riley, senior research director of bank cards at TowerGroup, says as details about the breach are gradually revealed, it's clear that financial institutions, as card-issuers, picked up on the common fraud link - Michaels. "The behavioral scoring in this was really high," he says. "The pattern of transactions showed that all of these affected accounts had Michaels' purchases in their history. Behavioral scoring is really where it's at in card transactions." Even advanced card technology, such as the Europay, MasterCard, Visa chip and PIN standard, which takes the skimmable magnetic-stripe out of the equation, would not have helped in the Michaels' case, Riley notes. "With a tampered POS device, you can get around EMV," he says. "A good, robust scoring system is the only way to really pick up on this. That's why behavioral scoring is so important. That's, quite often, how these things are discovered." [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/