HomeBlogsakothanath's blog › BankinfoSecurity.com - 39 Breaches in 1st Half of 2010

BankinfoSecurity.com - 39 Breaches in 1st Half of 2010

Submitted by akothanath on Thu, 2010-07-01 07:45

Very interesting article. Read the full article at bankinfosecurity.com.

What is confusing to me is these tow sections:

The good news is that financial services industry does not take the top spot for data breaches reported. Of all the breaches reported so far this year, only 11.1 percent involve financial services. The top three breached industries are:

  • Business - 36 percent;
  • Healthcare - 29.2 percent;
  • Government, military - 16.9 percent

and

The increasing number of credit card-related breaches at businesses, retailers, hotels and restaurants is why the business sector is at the top of the list for breaches in the first half of the year, Foley says. "We're seeing a lot of retail, hotel and restaurants being hacked into somewhere between the point of sale and the card processing server," she says.

So if we consider that the businesses are essentially the conduits for credit card and similar breaches, where the fraudster will be able to acquire a set of these credentials and "use them to conduct fraudulent" transactions - then - a case should be considered where it is still the financial institution behind the actual theft. In other words, it is not worth the trouble of stealing the credit card numbers and then not using it which is through the financial institution.

Which goes back to the situation where no matter where the breach happens, it is incumbent up on the financial industry to put adequate controls to prevent the actual theft, i.e. in this case moving money from point A to point B. Now, we all know it is not fair to keep that burden on to the FIs alone and every one needs to pitch in. I applaud at my credit card provider for immediately canceling and re-issuing me a new credit card when one of their merchant suspected a breach in their system.

But, assuming that every merchant will not be able to sustain a level of service like that, what will be the solution? I believe that where ever the final leg of the transaction where money is involved happens, thats where the most vigilant controls, detection and proactive combats should be deployed.

So, does it mean that the percentages above mentioned should really reflect Financial = Financial + Business i.e. 36+11 = 47 %