The rash of attacks against Target and other top retailers is likely to be the leading edge of a wave of serious cybercrime, as hackers become increasingly skilled at breaching the nation’s antiquated payment systems, experts say.
Traditional defenses such as installing antivirus software and monitoring accounts for unusual activity have offered little resistance against Eastern European criminal gangs whose programmers write malicious code aimed at specific companies or buy inexpensive hacking kits online. Armed with such tools, criminals can check for system weaknesses in wireless networks, computer servers or stores’ card readers.
Nearly two dozen companies have been hacked in cases similar to the Target breach and more almost certainly will fall victim in the months ahead, the FBI recently warned retailers, according to an official who was not authorized to speak publicly. Not all of the compromised firms have been publicly identified, nor is it clear how many shoppers’ credit card numbers and other personal data have been stolen.
Banks, retailers and policymakers have been slow to address the growing sophistication of cybercriminals. Only 11 percent of businesses have adopted industry-standard security measures, said a recent report by Verizon Enterprise Solutions, and outside experts say even these “best practices” fall short of what’s needed to defeat aggressive hackers lured by the prospect of a multimillion-dollar heist.
“You’re going to see more and more people trying this,” said Nicolas Christin, a security researcher at Carnegie Mellon University. “If you just saw your neighbor win the lottery, even if you weren’t interested in the lottery before, you may go out and buy a ticket.”
[...]
Experts say that reversing the rise in major data breaches would require expensive upgrades, including the adoption of end-to-end encryption, the walling-off of the most sensitive data on separate networks, and the adoption of newer credit card technology that holds customer information on an embedded chip rather than the familiar black magnetic strip now on most American cards.
Credit card chips can communicate with banks in a way that better protects a user’s private information, often requiring a personal identification number to verify a purchase. Such systems are widespread in most of the developed world but are appearing in the United States only gradually.
“Our decades-old payment system was not designed with cybersecurity in mind,” said Christopher Soghoian, principal technologist at the American Civil Liberties Union. “Times have changed. Data breaches now occur on a weekly basis, the result of which is that consumers become victims of fraud and identity theft.”Read the rest of the story HERE and watch a related video below:
If you like what you see, please "Like" us on Facebook either here or here. Please follow us on Twitter here.
No comments:
Post a Comment