3Qs: How hacking will affect credit-card holders

Apr 05, 2012 By Brenna Eagan
William Robertson (left), assistant professor in the College of Engineering and the College of Computer and Information Science, is seen here at a congressional briefing on cybersecurity last month in Washington that was led by a Northeastern University team of experts. Credit: Paul Morigi

Last Friday, a major Atlanta-based payment card processor, Global Payments, announced a server security breach that could affect more than 1 million accounts. We asked William Robertson, a cybersecurity expert and professor in both the College of Computer and Information Science and the College of Engineering, to explain how hackers penetrated the company and the impact this will have on credit-card holders.

How did the Global Payments security breach occur?

The breach was only made public on Friday, and the story is still developing. Nevertheless, it seems clear that cybercriminals have had illicit access to the internal networks of Global Payments since January 2012, and possibly as far back as January 2011. The company has stated that at most 1.5 million accounts have been breached, although this number may increase as the investigation proceeds and more details become public.

From what we do know, it appears that hackers successfully penetrated a subset of the servers that comprise Global Payments' card processing system. From this vantage point inside the company's internal networks, the hackers were able to exfiltrate sensitive credit-card data, including sufficient information to clone new, illegitimate credit cards. The intrusions themselves could have been a result of poor password selection, exploitable network services or even targeted attacks against highly privileged employees. At this point, however, there is no way to be sure what the exact vector was.

Can hacks like this be prevented? If so, what measures is the cybersecurity industry or even government putting in place?

While we do not yet know the specifics of this case, it is clear that our current computer systems and networks are fundamentally insecure in the sense that we have little assurance that they are free of . And, even if they were perfectly secure, cybercriminals could still attack the human elements of the system, for instance through social engineering. The Systems Group at Northeastern is actively researching ways to detect and prevent attacks against existing systems, as well as designing new systems that are invulnerable or resilient to classes of attacks. But there is still much work to be done.

For their part, industry and government are not idle. In particular, the Payment Card Industry Data Security Standard establishes a set of requirements that must be followed by companies that handle cardholder information. This standard includes measures for attack prevention and detection, as well as guidelines for security incident response. It is important to recognize, however, that adopting these measures is in no way a guarantee that your credit-card information will not be stolen by cybercriminals. Rather, their purpose is to reduce liability when breaches do occur. Incidentally, Visa has removed Global Payments from the list of the Security Standard-compliant service providers as a response to the reported breach.

What does this incident mean for the average credit-card holder? Do you have any tips for how cardholders can protect themselves from fraud?

Most cardholders will probably not be affected in any way. For those whose card information was accessed as part of the breach, you will receive a notification from the bank that issued your card with instructions that you should follow immediately. Of course, you should not be held liable for the security failures at Global Payments.

The unfortunate reality is that no level of vigilance on your part can fully protect your card information from attacks such as the one that occurred at Global Payments. Regardless, it is very important to: a) regularly monitor your bank and credit-card statements and report irregularities; b) scan your computers and watch for signs of malware; and c) be careful how and to whom you divulge sensitive information. Best practices such as these will help to reduce the risk and keep your sensitive safe

Explore further: Ex-Apple chief plans mobile phone for India

add to favorites email to friend print save as pdf

Related Stories

Data breach put 1.5M numbers at risk

Apr 02, 2012

(AP) -- A company that processes credit card transactions said Monday that as many as 1.5 million card numbers were compromised in a data breach early last month.

Visa, MasterCard scramble after massive data breach

Mar 30, 2012

Credit card giants Visa and MasterCard were scrambling on Friday to thwart cyber crooks who looted a massive trove of precious account data, evidently from a payment processor in New York.

Citigroup says 360,000 affected by hackers

Jun 16, 2011

Hackers stole account information of more than 360,000 of Citigroup Inc.'s U.S. credit card customers in a recent data breach, the bank said Wednesday, almost double the number initially thought.

NTT to Launch 'iD' Credit Card Brand for Mobile Payments

Nov 08, 2005

NTT DoCoMo announced today its new iD™ credit card brand for card issuers, which will enable DoCoMo customers to make credit card payments with the "Osaifu-Keitai" mobile phone equipped with wallet functions. The brand ...

Latest data breach strikes at financial security

Jun 11, 2011

(AP) -- Citigroup's disclosure that the names, account numbers and email addresses of 200,000 of its credit card customers were stolen strikes at the core of modern-day financial life - the ways people buy ...

Recommended for you

Ex-Apple chief plans mobile phone for India

11 hours ago

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Apr 19, 2014

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

US venture investments highest since 2001 (Update)

Apr 18, 2014

Funding for U.S. startup companies soared 57 percent in the first quarter to a level not seen since 2001, as venture capitalists piled more money into a growing number of deals, according to a report due out Friday.

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...