Heartland Aftershocks: Still at Risk?

Institutions, Customers May Continue to See Fraud
Heartland Aftershocks: Still at Risk?
Earlier this week, First National Bank of Durango, CO came forward to reveal that as many as 5,000 of its customers were at risk because of new fraudulent transactions tied to the Heartland Payment Systems data breach.

The incident begs the question: Are banking institutions and customers still at risk of similar aftershocks from this historic case?

Fraud Scenario: 'Lie Low and Wait'

What happened to First National Bank of Durango is not unusual, says Avivah Litan, Gartner distinguished analyst. "Typically the crooks will use stolen cards right after a heist until the looting is discovered and publicized in the media," she says. "At that point, the crooks will lie low and not use them because of heightened alerts that will flag and stop their use (e.g. because the cards are on watchlists)."

Then when time passes and the heat is off, "The crooks will rear their ugly heads and start using them again, as has happened here," Litan says.

Debra Geister, Senior Director, AML and Compliance Services at LexisNexis Risk Solutions, says this scenario is really no different from a sleeper scam, where the fraudsters sit back and wait until an opportune time to strike. "Keep in mind, in the fraudster's world, this [credit card] data is their asset. It is how they generate income."

Who's at Risk?

At least one fraud and security expert is surprised that the criminals were able to use payment card accounts that were compromised a year and a half to two years ago.

"It's standard practice for the card companies to immediately block accounts when they're known (or even suspected) to be compromised," says Tom Wills, Security, Fraud & Compliance Senior Analyst at Javelin Strategy and Research. "If they didn't do so, I'm guessing that's because of the large number of accounts (and associated expense) involved - but it was clearly a mistake in this case."

Should other institutions be on alert for additional Heartland-related fraud? "Absolutely there is going to be more fraud," says Dave Shackleford, Risk and Compliance Director at Sword & Shield Enterprise Security, Inc. "There's definitely going to be more fallout from a breach that large. For example, some of those cards will be in use with institutional customers, or others who may have had larger limits on the accounts."

Geister also sees fraud loss continuing. "Once a card number is compromised, even though a small percentage typically suffer loss, I think you need to consider the card exposed and act accordingly," she says. "Fraudsters will continue to hold and manage the data to try to extract value from it."

Recover Future Fraud Losses?

Should institutions see further fraud due to the Heartland compromised cards, Litan says, she imagines that there was money set aside for future "unrealized" costs. She doubts that this is the last such fraud the industry will see as a result of the Heartland breach.

Shackleford says it is tough to say whether institutions will be able to recover fraud losses now. "Visa and the other card brands can't anticipate all the fallout from these breaches, so I'm not sure whether they're likely to extend settlements or not," he says. "I don't know what recourse the banks may have for now, though - I hate to say they might just end up 'eating it' if they've already settled, but time will tell."


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.