http://www.bankinfosecurity.com/articles.php?art_id=2264



By Linda McGlasson

Managing Editor

Bank Info Security

March 4, 2010 



Earlier this week, First National Bank of Durango, CO came forward to 

reveal that as many as 5,000 of its customers were at risk because of 

new fraudulent transactions tied to the Heartland Payment Systems data 

breach.



The incident begs the question: Are banking institutions and customers 

still at risk of similar aftershocks from this historic case?





Fraud Scenario: 'Lie Low and Wait'



What happened to First National Bank of Durango is not unusual, says 

Avivah Litan, Gartner distinguished analyst. "Typically the crooks will 

use stolen cards right after a heist until the looting is discovered and 

publicized in the media," she says. "At that point, the crooks will lie 

low and not use them because of heightened alerts that will flag and 

stop their use (e.g. because the cards are on watchlists)."



Then when time passes and the heat is off, "The crooks will rear their 

ugly heads and start using them again, as has happened here," Litan 

says.



Debra Geister, Senior Director, AML and Compliance Services at 

LexisNexis Risk Solutions, says this scenario is really no different 

from a sleeper scam, where the fraudsters sit back and wait until an 

opportune time to strike. "Keep in mind, in the fraudster's world, this 

[credit card] data is their asset. It is how they generate income."



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Fri Mar 05 2010 - 00:44:38 PST