Thursday, June 18, 2009

DOJ warns of escalating criminal assault on the payment system

Kimberly Peretti, Senior Counsel, Computer Crime Division, Department of Justice recently spoke at the MasterCard Global Risk Management Conference. Among the highlights of her presentation:
  • Criminals are now targeting HSM’s. With this, they could easily decrypt PIN's
  • DUKPT has been breached. In one case, criminals stole the data in 2004, but it took them 2 years to crack DUKPT. They were aided by having the full Track 2 data which includes the Pin Verification Value (PVV). Having done this once, they are more sophisticated now and should be able to crack encrypted PINS less time if they try it again.
  • The group that is targeting processors is still targeting retailers.
  • There has been a huge explosion of breached retail and financial industry networks in the last three years. There are numerous examples of network breaches without card data compromise. Its like exploring for oil but not drilling until the price is right, criminals are doing the same thing.

0 comments:

Post a Comment