Part II - EMV a Culprit in Breaches?


Fraud Series 2A few weeks after we flipped the calendar to 2014, while security still dominated the headlines, the FBI quietly circulated a report among retailers warning them to prepare for the worst. The law enforcement agency said attacks like the ones disclosed in December (and subsequent intrusions at arts-and-crafts retailer Michael’s and White Lodging Services, a hotel management company that runs Hilton, Marriott, Sheraton and Westin hotel properties nationwide) “will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it.” The FBI estimated in the report that there are at least 20 undisclosed security breaches funneling data into the hands of cybercriminals waiting to profit from it.

In Part I of this series, we detailed how an antifraud technology provider was able to see sharply growing amounts of fraudulent transaction attempts on its e-commerce merchants that indicated the availability of high-quality stolen payment-card information flooding the black market. While they did not know the source of the information, this turned out to coincide with the massive breaches at Target and Neiman Marcus. And, when news of the FBI report became public, fraud and risk-management executives were not surprised by the headline number.

“It looks like there are several other big ones that just haven’t been announced yet. We’ve seen evidence of it,” says Rich Stuppy, vice president of operations for Boise, Idaho-based Kount. “We can't exactly tell where it's draining out of. But, we can tell who's taking it and weaponizing it and using it to steal from customers. Based on this information, our prediction is that there are several more breaches that will be announced soon.”

By D.J. Murphy, Editor-in-Chief,