All Top Banking

Wyndham Hotel Hack Followup

Posted by John B. Frank Thursday, February 19, 2009



Here's a follow-up to the Wyndham Breach

It seems that the criminals not only were able to get guest names, credit card numbers and expiration dates,  but they also were able to steal the data from the card's magnetic stripe, Wyndham said.  That magnetic stripe information contains Track 1 and Track 2 data including the (CVV) code, "which is critical if the thieves want to make fake credit cards, according to Avivah Litan, an analyst with Gartner Research."

"That's the hot information," she said. "You can sell that information for much more on the black market." CVV codes were also taken in the high-profile Heartland Payment Systems and The TJX Companies credit card thefts.

When fraud is perpetrated using fake cards that include the CVV codes, the banks are responsible for the charges;

When they are able to obtain only the card numbers and expiration dates -- for example,online transactions NOT DONE by HomeATM --
then the retailer is responsible for the charges.

"The banking industry is all up in arms whenever bank stripe data is stolen," Litan said.  

As posted in "DumbPhoneded" the retailers should be up in arms everytime a transaction is conducted without the  Track 2 data being swiped.  Not only are they paying up to 100 basis points more, but in the face of increased fraud, they could lose their product and lose the money they thought they got for it.  Call that a double whammy, no cheese.




Reblog this post [with Zemanta]

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio