Card Data Thefts in Australia

• The Australian Federal Police (AFP) reveals that a group of hackers has been targeting merchants stealing roughly 500,000 card numbers and retrieving 25 million Australian dollars (or about 20 million euros).

• The first pieces of investigation would highlight that the alleged suspects might be located in Eastern Europe and the attacks could have been led by the same fraudsters as those who impacted the US chain Subway last year: in both cases, they had keyloggers installed on the POS devices to retrieve data.

• Australian banks are to pay extra attention to unusual card activity and track the concerned card numbers to spot potentially illegitimate transactions. The AFP has partnered with law enforcement forces from other countries to dismantle the group.

Source: Finextra

• End 2011, a similar attack had been unveiled in the US: since 2008, 80,000 card numbers had been collected and three million dollars stolen through several stores including 150 Subway POSs. Some sources state that the impacted franchises did not comply with the security requirements imposed by their parent company. Most pieces of information had been sold and some numbers had even been used to issue counterfeit cards.

• Besides the need for security measures and control, these facts underline the part played by security audits and updates. Merchants don’t always benefit from trailed tools to fight fraud, often too expensive; failing which, they sometimes opt for weaker solutions exposing them even more that they believe they are protected. Banks might for their part take advantage of this situation to roll out dedicated fraud detection services (acquiring fraud detection tools).