By Linda McGlasson
Bank Info Security
March 4, 2010
Earlier this week, First National Bank of Durango, CO came forward to
reveal that as many as 5,000 of its customers were at risk because of
new fraudulent transactions tied to the Heartland Payment Systems data
The incident begs the question: Are banking institutions and customers
still at risk of similar aftershocks from this historic case?
Fraud Scenario: 'Lie Low and Wait'
What happened to First National Bank of Durango is not unusual, says
Avivah Litan, Gartner distinguished analyst. "Typically the crooks will
use stolen cards right after a heist until the looting is discovered and
publicized in the media," she says. "At that point, the crooks will lie
low and not use them because of heightened alerts that will flag and
stop their use (e.g. because the cards are on watchlists)."
Then when time passes and the heat is off, "The crooks will rear their
ugly heads and start using them again, as has happened here," Litan
Debra Geister, Senior Director, AML and Compliance Services at
LexisNexis Risk Solutions, says this scenario is really no different
from a sleeper scam, where the fraudsters sit back and wait until an
opportune time to strike. "Keep in mind, in the fraudster's world, this
[credit card] data is their asset. It is how they generate income."
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!