Monday, November 26, 2007

Got Sopranos? Yet another thing I did not know as much about

The recent trip to the RSR conference gave me another nugget (from Mike Dahn of the Aegenis group) that I knew peripherally about, but did not understand to its full extent. One of the common misconceptions about breaches is that most are the handiwork of some lonely, Mountain Dew guzzling teenager – bored of playing video games and looking for some real kicks. Well, there are some of those no doubt, but it seems that hacking has become the new organized crime. It may not be as widely known as drug cartels or the arms dealers, but information is becoming the new “dust.”
Credit card numbers, card swipe data, etc., are selling for a prince’s ransom in the marketplace. You saw this recently on 60 minutes. There are websites that provide you with specific cards such as “Visa Gold” and you can bid on them! You shut one down and another pops up in its stead. Some of these are run eBay-style with members providing ratings on the “trustworthiness” of the seller! There is every reason to believe that terrorist organizations are using these methods to finance their nefarious goals.
The point to note here is this : there is a lot of money at stake. This makes cardholder data a target in this illegal and very organized crime business. For companies handling cardholder data, being fully PCI compliant in spirit and letter is the best way to foil this.
There still will be breaches, but let’s at least make the risk/reward and amount of work/reward ratios skewed enough to make it not worth their while.


Mike said...

Hey, I was a presenter at the RSR event in Vegas. Was it my presentation on credit card fraud you are referencing? Just curious.

Manu Namboodiri said...

Yes, it indeed was your presentation! Glad you posted a comment - I did not have a blog to reference (which is now solved). Updating my blog...