Cardholder data has and still is the largest target for data thieves. However, hackers are beginning to build diversified portfolios. More and more of data breaches are involving data other than cardholder data.
The U.S. is the prime location for hackers because it still uses 43-year-old technology in payment cards with magnetic strips. According to ISO – Industry News, 42% of all malwares reside in the U.S. The U.S. is making the transition to EMV chip-based cards soon, with a deadline of October 2015. After that date, there will be a fraud liability shift affecting those who are unprepared for EMV payments.
Data thieves are looking to diversify. Hackers are now creating fake persona on networks in order to become “friends” with people who are linked to a targeted person or company. They then use this to hack the targeted person or company with the intention of obtaining sensitive information.
The biggest key for data thieves continues to be passwords. People are creatures of habit. With so many things requiring passwords in the world we live in, it is hard to keep up with them all. Because of this, people tend to use the same or similar passwords. The password you use for social media may be the same as the one you use in the work place and/or for banking and financial sites.
Unfortunately, hackers are more than aware of this fact. According to David Heun’s article for ISO & Agent, almost half of the data thefts that occurred in 2013 involved non-payment-cards data. The combination of using weak passwords and lack of discipline in handling email messages continues to be a very large gap in data security.
Since a hosting country (the origination point for the malware attack) is not necessarily where the criminal actually resides, someone overseas can hack into an individual or a company in the U.S. and further their attacks from their system. A decade ago, security experts were adamant that passwords should never be written down for fear of someone using them to access your information. However, at this point in time, it would be safer to do so. For example, a password on a piece of paper cannot be read from someone that lives in Europe or Russia.
As the deadline for EMV implementation continues to approach, data thieves will begin looking elsewhere. Most likely, they will continue to hack card data as long as there is something left to be had. But, as is already being seen, they will begin to diversify.
For more information on setting up a merchant account, click on the button below