Digital Transactions Authoritative, insightful and timely information for payments professionals
Security experts warn that the recently exposed case of widespread debit card fraud could jeopardize the growth of PIN debit. Debit card transactions secured by PINs have been growing by 20% or more annually in recent years, more than twice as fast as credit cards. “I think it is a major blow to consumer confidence in PIN debit,” says Jenna Hutt, director of developer support at Mercury Payment Systems LLC, a Durango, Colo.-based independent sales organization. Debit card holders have been victimized by fraudsters overseas who used their card data, including PINs, to make ATM withdrawals. Some 600,000 accounts may have been tapped for anywhere from $100 million to $1 billion, according to one expert (Digital Transactions News, March 13). The data were reportedly stolen by hackers working in the U.S. who not only swiped PIN blocks but also the keys required to decipher them. Although a major retailer has been identified in various press accounts as the victim of the breach, Hutt says that, from what she's read about the case, the likely place where the hack occurred was at the acquirer/processor level rather than at a merchant. Processors typically control the de-encryption keys, she notes. Indeed, the retailer, OfficeMax, issued a statement on Tuesday in an attempt quell reports that its point-of-sale system had been breached. In the statement, the chain said an independent security expert had examined its systems and found no evidence of an intrusion. Meanwhile, a prosecutor in New Jersey this week announced the arrest of 14 people in connection with the case. Hudson County prosecutor Edward DeFazio said the suspects, all U.S. citizens, had used stolen data to make fake cards for use in the scheme. The arrests, most of which occurred in the last two weeks but began in December, capped a nine-month investigation.
