PINs in peril: Hackers breached 285 million e-records in '08, report finds[SIZE=-1]A recently released report on data breaches indicates that organizedcrime has fueled a big increase in the hacking of records of banks andother financial service providers. The report says thieves are becomingincreasingly successful at stealing PIN numbers that allow them todrain cash from cardholders? checking, savings or brokerage accounts.
The 2009 Data Breach Investigations Reportis based on firsthand evidence collected during breach investigationsconducted by Verizon Business. A total of 285 million electronicrecords were breached in 2008?more than the previous four yearscombined?with banks and brokerages accounting for 93 percent of thecompromised records.* ?Financial services firms were singled out andfell victim to some very determined, very sophisticatedand?unfortunately--very successful attacks,? the report notes.
Organizedcrime has developed new tools for hacking computer systems at banks,data processors and other links in the financial chain to steal whathas become the Holy Grail for thieves:* PIN data on ATM and debitcards. Thieves no longer are very interested in stealingmagnetic-stripe information from credit cards. Massive data breacheshave increased the supply so dramatically that the black market pricehas dropped from as much as $16 per stolen credit card record inmid-2007 to less than 50 cents now, Verizon investigators say.
?The big money is now in stealing personal identification numberinformation together with associated credit and debit accounts,? thereport states. ?These PIN-based attacks hit the consumer much harderthan typical signature-based counterfeit attacks.?* Indeed, as we have pointed out previously,not only do PIN-attacks allow thieves to quickly drain cash from youraccounts, but recouping your losses is more challenging.* As theVerizon report puts it:* ?PIN fraud typically places a larger share ofthe burden upon the consumer to prove that transactions are fraudulent.This makes recovery of lost assets more difficult than with standardcredit-fraud charges,?
Some of the more sophisticatedcybercriminal methods involve stealing PIN data en masse by hackinginto computer systems used by financial service providers, whichobviously are beyond consumers? control. Nevertheless, there are stepsyou can take to protect yourself:
?Never respond to phone ore-mail requests for your user name, PIN or other account information,even if the inquiry appears to come from your bank or broker.
?Supplyaccount details only when the contact is initiated by you, using thecontact information listed on your account statement.*
?Check your account online regularly to quickly spot any unauthorized withdrawals.**
?Protect yourself against debit-card skimmers by following our advice.?Andrea Rock
[/SIZE] [SIZE=-1]Subscribe now![/SIZE]
Subscribe to [SIZE=-1]ConsumerReports.org[/SIZE] for expert Ratings, buying advice and reliability on hundreds of products. [SIZE=-1]Update your feed preferences[/SIZE]