Thursday, February 19, 2009

Wyndham Hotel Hack Followup



Here's a follow-up to the Wyndham Breach

It seems that the criminals not only were able to get guest names, credit card numbers and expiration dates,  but they also were able to steal the data from the card's magnetic stripe, Wyndham said.  That magnetic stripe information contains Track 1 and Track 2 data including the (CVV) code, "which is critical if the thieves want to make fake credit cards, according to Avivah Litan, an analyst with Gartner Research."

"That's the hot information," she said. "You can sell that information for much more on the black market." CVV codes were also taken in the high-profile Heartland Payment Systems and The TJX Companies credit card thefts.

When fraud is perpetrated using fake cards that include the CVV codes, the banks are responsible for the charges;

When they are able to obtain only the card numbers and expiration dates -- for example,online transactions NOT DONE by HomeATM --
then the retailer is responsible for the charges.

"The banking industry is all up in arms whenever bank stripe data is stolen," Litan said.  

As posted in "DumbPhoneded" the retailers should be up in arms everytime a transaction is conducted without the  Track 2 data being swiped.  Not only are they paying up to 100 basis points more, but in the face of increased fraud, they could lose their product and lose the money they thought they got for it.  Call that a double whammy, no cheese.




Reblog this post [with Zemanta]

Disqus for ePayment News