- Email to a friend
- Email to Author
- RSS
- Text Size:
Credit card security breach linked to retailers
Mastercard and Visa have produced a standard which details the security steps required from retailers who store card detailsIn this section »
- Merrion Hotel in the red with pretax losses of €1.21m
- Dollar hits five-month high against euro after comments from Trichet
- Belgian bank KBC took €42m hit on Irish Life Permanent
- Legal actions jump 59% for North house repossessions
- Druckenmiller appeal of Desmond hedge fund ruling begins in US
- Profits at green bin operator Oxigen jump 50% to almost €8m
JOHN COLLINS
THE SOURCE of the security breach which has resulted in hundreds of Irish credit cards being cancelled has been narrowed down to three or four online retailers.
It emerged on Wednesday that details of several hundred credit cards had been stolen by cyber criminals. The cards were used to make a number of small purchases of less than €1 from a US website.
It is believed they did this to check whether the card details were still valid, as the actual theft occurred some months ago. The activity triggered the anti-fraud systems of the issuing banks which began to block cards and contact customers.
Last night, Una Dillon, head of card services with the Irish Payment Services Organisation, said that if consumers had not been contacted by their bank they were not at risk.
"This looks like a success story for the banks' fraud management systems," said Ms Dillon. "We have had no reports of major fraudulent activity as a result of this."
She said it might not emerge which retailer was the source of the security breach. The cardholders in question had carried out a large number of small value purchases online, so it was a matter of finding a common denominator. "There are three or four different possibilities at the moment," she said. Technology security experts were highly critical that the incident ever happened at all.
Seán Flynn, a director of Rits, a specialist information security firm, said Irish banks had been slow to insist on retailers implementing latest security standards.
Mastercard and Visa have produced a standard called PCI DSS, which details the security steps required from retailers who store credit card details. Mr Flynn said he expected banks now to start insisting on compliance with PCI DSS and this was likely to have "a big cost impact for retailers", particularly for larger chains which had customised their point of sale systems.
Last month, the ESB announced it would no longer accept credit cards for direct debit payment in part because of the costs of implementing the new standards.
Brian Honan, a computer security consultant, said the incident showed there was a need for breach disclosure laws, which would oblige organisations who are the victims of data theft to make it known. "Without them we may never know what happened and so nothing will be learnt from this," said Mr Honan. The revelation of the theft comes in the same week that 11 people were charged in the US over the theft of 40 million credit cards from a number of American retailers.
Latest
- 23:20Bobsleigh team gets green light
- 22:00Johnson lights up City
- 21:36Sudan, Chad agree to end proxy wars
- 21:25McDonald's sales up 2.6% in January
- 21:04Dublin mayor Bill cleared by Cabinet
- 20:51Kidney delays Ferris decision
- 20:16Cowen assurance to Halifax customers
- 20:09Halifax to shut branches in Ireland with loss of 750 jobs
