- Ohio university quiz implies atheists are naturally smarter than Christians
- Rep. Henry Cuellar on border crisis: ‘Playing defense on the one-yard line’
- Activists vow to occupy fast-food restaurants to get higher pay
- Rep. Luis Gutierrez: Senate Dems wary of immigration politics
- Summer camp for 1 percenters: Sushi, limos and shopping at FAO Schwarz
- Colorado gun crackdown law found to be built on faulty data
- Hank Aaron steps to fundraising plate for Democrat Michelle Nunn
- ISIL terrorists blow up burial site of Jonah, vow more of same
- Impeach Obama, say 35 percent in new poll
- Taliban yank 14 Shiites off bus, bind and shoot them on Afghan road
Latest data breach strikes at financial security
Question of the Day
NEW YORK (AP) - Citigroup’s disclosure that the names, account numbers and email addresses of 200,000 of its credit card customers were stolen strikes at the core of modern-day financial life _ the ways people buy groceries and pay the power bill.
It’s only the latest major data breach. In just the past three months, hackers have penetrated 100 million Sony PlayStation accounts, the networks of Lockheed Martin and the customer email databases of a company that does marketing for Best Buy and Target.
But half of all Americans, 154 million people, have a credit card. The Citi attack is a reminder that the technology used to protect their information was built by humans, security analyst Jacob Jegher notes _ and it can be breached by humans, too.
“People rely on the safety net of a bank to take care of their information,” says Jegher, a senior analyst at Celent, a research firm that focuses on information technology in the financial industry. “Unfortunately, that net has a lot of holes.”
Citi says all of the customers whose information was stolen will receive a notification letter, and most of them will get a new card, although it has declined to say exactly how many. The bank says its enforcement division and authorities are investigating.
The victims will have to endure the hassle of updating the credit card numbers on any number of online accounts, but they probably won’t lose any money. For one thing, federal laws protect credit card customers from fraud beyond $50, and in most cases, the bank that issues the card will cover up to that amount.
And the Citi hackers didn’t get to the three-digit numbers that appear on the backs of credit cards, a security feature known as the CVV code. That means the hackers, or whoever they might sell the information to, would have trouble making direct charges.
The danger is that someone might use the information that was compromised to mount a sophisticated “phishing” attack, in which criminals send out convincingly designed emails pretending to be from the bank and gain access to account information.
The relatively small number of accounts taken from Citi, which has 21 million credit card customers in North America, suggests the hackers used spyware that captured the data of customers who logged in to its website to conduct online banking, one expert says.
“The thing in the Citi case which is good is they detected it quickly and shut it down,” says Dave Jevans, chairman of security firm IronKey Inc. and chairman of an anti-phishing nonprofit group made up of 2,000 government agencies and companies, including Citi.
“They’ve got systems that are going to look at the data leaving the network and are able to see that somebody’s sending information out,” he adds. Banks are ahead of most other industries in this regard, he explains, and other businesses will have to catch up.
CVV codes can’t be stored with a simple magnetic swipe of a credit card, and the businesses that process payments are not allowed to store the codes after a transaction, so they provide another defense against fraud.
Deloitte, the audit and consulting firm, said in a report last year that security threats to customer account and other information were on the rise. The good news: Companies are taking notice.
The number of companies that said they didn’t spend enough on security fell to 36 percent in 2010 from 56 percent the year before. The survey found that 67 percent of U.S. banks are making encryption, a process to protect digital information, a top initiative.
Still, Deloitte also reported that of all nations, the United States had the most financial institutions that were still “catching up” on security, as opposed to being ready or “on plan.” And the number of high-profile attacks in recent weeks is frightening.
TWT Video Picks
Second- and third-stringers eye 2016 if front-runner stumbles
- Michelle Obama says money in politics is bad, asks donors for 'big, fat check'
- Presidents of Honduras, Guatemala blame U.S. for border children crisis
- 'We're coming for you, Barack Obama': Top U.S. official discloses threat from ISIL terrorists
- NAPOLITANO: What if our democracy is a fraud?
- EDITORIAL: Detroit's water 'spigot bigots'
- Hamas rejects Kerry's call for cease-fire; Fears grow others could join fight against Israel
- Obama orders Pentagon advisers to Ukraine
- PRUDEN: The Democratic-wannabe mice under Hillary Clinton's feet
- Obama takes aim at 'corporate deserters'
- Crime-ridden U.S. cities differ on ways to fight gun violence
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world
Fighting in Iraq