Main Menu
MENUMENU
  • Home
  • TPG Electronics
  • Solutions
    • Information Technology Solutions
    • Cybersecurity
      • Awareness & Training
      • Cloud Security & Compliance
      • Information Security Consulting
      • Managed Security Operations Services
      • Penetration Testing Services
      • Governance, Risk, and Compliance
      • Risk Management
        • Understand Your Risk
        • Risk Remediation
        • Monitor Your Risk
        • Security Technology Implementation
      • Secure Software Development Life Cycle (SSDLC) Solutions
      • SMB Security
  • Services
    • Audio Design & Installation
    • Lighting Design & Implementation
    • Video Design & Implementation
  • About
    • Core Values
    • Leadership Team
    • Careers
    • Blog
  • Free Consultation
The Penn Group, LLC Columbus Ohio Logo
MENUMENU
  • Home
  • TPG Electronics
  • Solutions
    • Information Technology Solutions
    • Cybersecurity
      • Awareness & Training
      • Cloud Security & Compliance
      • Information Security Consulting
      • Managed Security Operations Services
      • Penetration Testing Services
      • Governance, Risk, and Compliance
      • Risk Management
        • Understand Your Risk
        • Risk Remediation
        • Monitor Your Risk
        • Security Technology Implementation
      • Secure Software Development Life Cycle (SSDLC) Solutions
      • SMB Security
  • Services
    • Audio Design & Installation
    • Lighting Design & Implementation
    • Video Design & Implementation
  • About
    • Core Values
    • Leadership Team
    • Careers
    • Blog
  • Free Consultation
  • Phone (614) 741-5306
  • Email sales@thepenn.group
  • Address 6986 Norton Crossing St. New Albany, Ohio 43054

Your Debit Card Number Got Stolen. So What?

Home  ›  Cybersecurity  ›  Your Debit Card Number Got Stolen. So What?

Your Debit Card Number Got Stolen. So What?

Recently, my friend Scott sent me a text message that read “my debit card number got stolen and they [cybercriminals] spent $800”. As the President & CEO of The Penn Group, I hear about this kind of fraudulent activity often. With 78% of Americans living paycheck to paycheck, it isn’t difficult to draw the conclusion that these type of losses are not sustainable by nearly 4 in 5 people in America. The troubling thing is, these losses not only continue to happen, but their frequency is on the rise.

Austin_Harman, President & CEO, The Penn Group
Austin Harman, CEO

In 2018, the Federal Trade Commission processed 1.4 million fraud reports totaling $1.48 billion in losses. 33,000 bank accounts were compromised, with $78 million in losses. Credit card compromises clocked in at 50,000 incidents, with $150 million in losses. In the first half of 2019 alone, 23 million cards have been compromised worldwide. With these staggering figures, you might be wondering how this type of fraud occurs.

Credit Card and Debit Card numbers are very valuable to cybercriminals. For obvious reasons, access to someone else’s funds can provide a quick theft that is difficult to disrupt. In order to perform this type of fraud, a criminal usually resorts to one of the following tools:

Skimmers

What is a skimmer? A skimmer is a discreet device that is attached to a card reader in a high traffic location such as a gas pump. These devices are patched together, using components from other devices, to surreptitiously scrape the PAN (personal account number) from a card as its swiped. Skimmers can be incredibly difficult to detect and, in some cases, contain advanced technology that increase their effectiveness with spectacular results. Skimmers have been found with cellular internet technology, Bluetooth, and advanced WIFI capabilities, all in the name of capturing the not-so-elusive account number. Now, before you fire off hate mail and tell me that EMV solves the problem of skimmers, that isn’t true. Cybercriminals are innovative and continue to find ways to exploit the technology. EMV, by the way, is an acronym for EuroPay, Mastercard, and Visa. These companies originally developed and implemented the Chip and Pin or Chip and Swipe authentication mechanisms. If you have ever went to a store and tried to swipe your card, and instead had to insert the chip, these people are responsible for your annoyance.

POS Malware

For the less MacGyver type, cybercriminals have long resorted to a far easier way of obtaining a victim’s account information. Why go through the trouble of creating a specialized device or spending thousands on the Dark Web? Instead, from the comfort of the cybercriminal’s evil lair, they could remotely install malware onto the cash register of a local business and instantly begin to offload card numbers to a server in the cloud. This is so easy, in fact, that it happens with shocking frequency. Although it is nearly the year 2020, many large organizations still employ largely antiquated technology that is easier to hack than a wet paper bag. Irrespective of the age of the technology, even new technology still requires a complex concoction of patches and updates to ensure their security. In specific industries, such as those who leverage franchise models, the complexity of defending these critical systems only becomes more complicated. Ultimately, many resign to the reality that there is too much work to be done, and just not enough people to get the job done.

Websites

If a skimmer or POS malware wasn’t enough to cut up your credit cards and switch to a cash only with an emphasis on pennies lifestyle, then you might be shocked to learn that even the “secure” websites that you purchase items from could be compromised. With basic networking security getting much better in the latter half of this decade, cybercriminals have turned to a much easier target. Application security is a rather tricky area of security. While among the most important, little attention has been paid to application security with the exception of the largest organizations. The result has been a stunning uptick in the amount of security vulnerabilities that are discovered specifically related to application security. Here is how easy it is to hack a payment form.

The Biggest Security Mistakes Organizations Make

Who is Responsible?

Who is responsible for ensuring my card is protected from these threats? Well, unfortunately the organizations responsible for protecting your personal account numbers are also the same organizations that have dominated headlines for eye popping data breaches. The PCI DSS (Payment Card Industry, Data Security Standards) is a set of rules that are enforced by the major card brands to ensure data security of customer’s card numbers. The sad reality is, while organizations with large transaction volumes can be severely penalized in the event of a card breach, the vast majority of organizations fall into a level of the requirements that required little action up until the past few years. Even now, the majority of the SMB continues to fall into the self-assessment category of the requirements. Meaning, it is the responsibility of the organization to self-regulate, even though the PCI Council doesn’t have any regulatory authority. Other than the threat of lawsuit or fines, there isn’t a lot of incentive for an organization to spend millions of dollars a year on security. In another unfortunate reality, most senior executives today grew up in a time where computers did not play a prominent role in society. The reality is, cybersecurity is an extremely complicated subject. It’s a tough ask to tell someone to spend money on something they do not understand, especially when nothing has happened before. Scott lost $800 due to cybercriminals. When he called his bank to label the charges as fraudulent, the charges went through anyway. He was out $800 for 2 weeks until the bank finally reversed course.

How can I stop this?

From a security standpoint, it is recommended to purchase as much as you can on credit cards as opposed to debit cards. While the difference between the two may seem obvious, the terms are synonymous in culture today. Debit cards make a direct withdraw from your bank, using your real cash as tender. Credit cards use the bank’s money to pay for the transaction. At the end of the month, you’re presented with a bill for the balance. This distinction is critical from a security standpoint. When purchasing with a credit card, the bank is on the line for 100% of any fraud, not you. A lot of large banks have improved their fraud policies in recent years to cover 100% of fraudulent activity, but this process takes an unusually long time. It is highly recommended to make all day-to-day transactions on a credit card opposed to a debit card. Watch your credit card statements carefully, and always pay it in full at the end of each month.

Join our mailing list.

facebookShare on Facebook
TwitterTweet

Post navigation

« Ransomware is Owning Our Cities. Here is Why.
Cybersecurity Lessons From Coronavirus »

Leave a reply

Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Applications

  • Technology Integration
  • Audio Design & Implementation
  • Lighting Design & Implementation
  • Video Design & Implementation
  • Network Design & Engineering
  • Cybersecurity

 

  • Industry Experience
  • House of Worship
  • Enterprise
  • Small Business
  • Non-Profit

Our Commitment To You

You are not a number, but a partner

One of The Penn Group’s core values is Excellence. Our customers deserve our best, and nothing short. We are on a mission to create integrated experiences that just work. We are obsessed with delighting and inspiring through excellence. We bring out best. We develop the best people, and we deliver the best results, anything less is unacceptable.

Austin Harman, President & CEO

We’d Love To Connect With You

Search

Get in Touch

Find Us

Address
6986 Norton Crossing St.
New Albany, Ohio 43230

Hours
Monday—Friday: 9:00AM–5:00PM

The Penn Group, LLC Logo Footer

Unite Your Technology and Beat The Competition

  • Audio Design & Installation
  • Video Design & Implementation
  • Lighting Design & Implementation
  • Information Technology Solutions
  • Free Consultation
  • Contact The Penn Group

© 2022 The Penn Group, LLC.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. The Penn Group does not and will not sale your data. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT