03:07 PM
Connect Directly

How the Global Payments Data Breach Affects Banks

With yet another high-profile attack against a third party, banks are reminded that security vigilance extends well past their own walls.

With the recent news that Atlanta-based credit card processing company Global Payments Inc. suffered a massive data breach, fraud and security concerns are back in the headlines -- never a good thing for financial institutions.

[Security Checklist: 10 Ways to Avoid Data Loss]

Initial reports said that 10 million MasterCard and Visa accounts could have been affected in the breach. However, this week Global Payments said the "unauthorized access to its processing system," which occurred in early March, affected no more than 1.5 million card accounts. The company said it believes that the affected portion of its processing system is confined to North America and that only Track 2 card data -- which includes account numbers -- was compromised, but that cardholder names, addresses and social security numbers were not obtained by the fraudsters.

While this particular data breach was not directed at a bank itself, experts say there are many lessons banks can learn from this and similar attacks.

One thing banks have been forced to become increasingly aware of in recent years is cyber attacks against third-party entities that aren't financial institutions but store account data, says Ben Knieff, senior director, head of fraud product management for New York-based NICE Actimize. Data attacks such as the recent Global Payments one, or last year's data breach of Sony PlayStation's online network, "is certainly not something confined to the traditional financial services ecosystem," he notes.

Knieff notes that there are increasingly less attacks directly perpetrated against financial institutions, with fraudsters instead targeting these third parties that are perceived to less-stringent security measures.

"Financial institutions tend to have extremely robust network intrusion security," Knieff notes.

Though fraudsters have been targeting third-party vendors with increasing alacrity, Knieff notes that banks have made a concerted effort to work with vendor partners to stem attacks. "Financial institutions have gotten very good at extending their controls and protections to vendors and auditing them," he says.

However, the problem is that "in the U.S. in particular, the chain of payments is substantially more complex and there are more parties involved," Knieff notes. Though initiatives like PCI compliance help somewhat, it is not a cure-all.

And though financial institutions and their partners have become more sophisticated in repelling attacks, criminals have in turn become more sophisticated in perpetrating them, says Mike Urban, director of financial crime solutions at Fiserv.

[Check out The Top 9 Most Costly Financial Services Data Breaches by Wall Street & Technology.]

"The level of cybercrime going on is very high," he says. "All of these organizations are getting hit by attacks constantly and most are repelled. But every day there are automated attacks criminals have going out just pinging to see where a weakness is or if a defense mechanism has adjusted or changed."

Another problem banks face in fighting fraud is attacks against merchants, Urban notes. Unlike the vendors banks work with, merchants, especially small business, may be easier to hack. For this reason, most financial institutions deploy "around-the-clock" monitoring for potential point of sale fraud and are often successful using tactics such as employing data analytics to identify transaction risk based on a person's past purchasing behavior.

But banks can only do so much, says Urban. "They have people constantly monitoring and identifying any kind of breach so they can take action on those accounts as quickly as possible," he says. "But it's sort of like trying to find a needle in a haystack."

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.