Contact 2: Schnucks Cyber Attack
(KPLR) – The cost of cyber attacks is astronomical. The recent security breach at Schnucks will cost financial institutions millions. Some people wonder if enough is being done to prevent cyber attacks. Are credit and debit cards safe to use? If nothing else it’s clear a breach hurts everyone. Schnucks estimates 2.4 million credit and debit card numbers may have been stolen over a three month period. That simply means they`ve that many customers were exposed during the time period that the bad guys had access to the numbers.
Among those whose card was used fraudulently is a Webster Groves woman. She uses a Wal Mart pre-loaded money card. Thieves used Rochelle Henderson`s card number spending seventeen hundred dollars in Nashville TN. ‘I had to borrow money to pay my rent and my utilities. My blood pressure went sky high. I felt like I had been violated to be honest about it.’
Hackers violated Schnucks as well. But the breach proves to be a teachable moment for business students at the University of Missouri St. Louis. Vicki Sauter, Professor of Information Systems explains.
‘What this event has done is brought to the forefront, how pervasive this can be.’
Dr. Sauter says the interconnectedness of businesses also make it possible for thieves to break into a system. She explains it this way. ‘The more companies are working together, supply chains, partnerships of some kind, they will share at least parts of their computer system. Or they may do some outsourcing. So again they would share with the outsource people. You can control your network; you can`t necessarily control their networks.’
In the case of a merchant it could be someone in the card processing company that opens the door to the bad guys. Dr. Sauter says it could be intentional. Or an unsuspecting employee opens an email that allows malware to enter the system and the bad guys have their point of entry.
The Secret Service Electronic Crimes Task Force was created in response to the growing problem. If a merchant`s security system is compromised, the swipe of your card could send key information directly to thieves and their computers according to Special Agent Brian Gant. It shows up on the thief`s computer. ‘The first two tracks are basically your name and other identifying characters on your card.’
Mandiant is a cyber forensics business. Here is their illustration of what happens in a breach. Attackers compromise the system….steal numbers. Even your pin numbers. And the stolen numbers are sold around the world. Heavy sales occur in Eastern Europe, Russia and China. Special Agent Gant says these shady deals work best on the internet. ‘And just like you go on a regular website to purchase something, e commerce, you can go onto this carding portal and actually buy these stolen credit card numbers or credit card information.’
Bad guys print the information onto blank cards which are then sold as valid and usable cards. Which allow for fraudulent purchases. The carding portals can be tracked but Special Agent Gant says as quickly as you identify a carding portal, and action is taken to bring the portal down, another case pops up.
Financial institutions know that the numbers can be held for days, weeks or even months before they are bought. So the 2.4 million Schnucks customers who’s account numbers were at risk should ask for new credit card numbers. In some cases banks and credit unions were proactive. A spokesperson for Arsenal Credit Union says five thousand members were compromised. But only one hundred and six found fraudulent charges made in other cities. Spokesperson Ken Moser explains, ‘We saw the states that had the most fraudulent activity were in Texas, California and Georgia. And it was mostly at gas stations and Wal Marts.
Arsenal like some local institutions can get new cards made quickly. Personal bankers take the consumers information and via computer send it to the printer behind the tellers. A new card is printed in three minutes.
We called a couple of financial institutions including master card trying to determine how many customers were impacted. Three of them declined comment on specific numbers. The Secret Service says if you think you’ve been a victim file a police report. The Secret Service then follows those complaints. And you should track your account regularly.
If you have consumer issues call us at Contact 2. The toll free number is 800-782-2222. Volunteers take calls Monday through Thursday between 11:00 am and 1:00 pm.