The recurrence of data breaches has escalated to the point where almost every week we are alerted of another mega retailer being hit. The U.S. government has even issued warnings about sophisticated attacks targeting retailers, putting the victims of one specific form of malware at well over 1,000 businesses.
We have heard about Target, Nieman Marcus, PF Changs, Home Depot and Dairy Queen and the list continues to grow. However, the reality is more retailers have been breached and we just have not heard about them yet. In other words, either organizations are still unaware they have been breached, they are currently investigating “suspicious activity,” or they are staying tight-lipped about it.
A question that comes up is if a retailer is not able to detect a breach, how is it that the Secret Service or financial institutions can detect a potential breach when they notify these retailers?
One method is through the monitoring of underground markets where stolen credit cards are sold. Analysts will purchase samples of cards and be able to map the cards to specific retailers based on location and purchase times. Fraud analysts can also identify where a potential breach has occurred by looking at purchases made by stolen cards and then statistically analyzing a common point of purchase at a specific store.
A company that provides this type of information for banks and retailers is Rippleshot, a cloud-based big-data analytics software company. Rippleshot monitors fraudulent transactions directly from card issuers and can identify the source of a potential breach down to a specific store or even point-of-sale device.
Here is a heat map of data they provided from January 1, 2014, to August 31, 2014, showing 4,224 potentially breached stores by state, based on common point of purchase fraud detection:
Have you hugged your fraud analyst today?
By identifying patterns of transactions analysts are able to mitigate much of the damages of these mega breaches preemptively. You may not have experienced any fraudulent charges on your credit card statement but your bank sends you a new credit card anyway. This is usually a sign that your card was either discovered in a batch of stolen credit cards in underground markets or more likely, an analyst saw that your card was used at a store that was compromised based on other stolen card activity.
Here we can see a map of suspicious credit card activity mapped out by county using another dataset provided by Rippleshot:
Not all credit card data compromises are from mega breaches, credit card skimming and smaller compromises occur continuously. So, let’s raise our glasses to the fraud analysts and big data systems that help banks, retailers and consumers contain the damage from stolen credit card fraud. Without these systems, these mega retail breaches would be much more disastrous and costly. It is better to catch breaches before they happen, but it is nice to know we have a backup just in case.
- Backoff POS Malware: Are You Infected and Don’t Know It?
- Evolving Technology for Continuous Diagnostics and Mitigation
- Why Should We Close the Threat Detection Gap?
- 10 Steps for Early Incident Detection
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].