SlideShare una empresa de Scribd logo

Recent PCI Hacks

Descargar como PPT, PDF
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master

Recent Payment Card Industry Hacks

Economía y finanzasEmpresariales
1 de 29
Recent Payment Card Industry Hacks Techniques used; & possible Defense Muhammad Faisal Naqvi CISSP, CISA, ISO27K LA & MI, ISO20K I, AMBCI ACMA inter, MS E-Commerce (Gold)
Agenda • MOM Analysis (Motives, Opportunities & Means) • International Incidents • Regional Incidents • Statistics about Payment Card Industry Hacks • Who are the Culprits? • What are the Motives? • What are the Means? • Which Assets are under Attack? • What could be Possible Defense?
International Incidents
Banking data stolen from Millions • News Date: 04 April 2012 • Country: UK • Means: Trojans e.g. Zeus & Spyeye to collect personal details • Opportunity: Social Engineering • Motive: Fun, curiosity, or pride ($3,800 in 20 Months) • Source: www.theregister.co.uk
Attack on one-time-passwords on mobile • News Date: 15 March 2012 • Country: USA • Means: 1. Used Gozi Trojan to steal IMEI # of Account Holder 2. Report about lost/ stolen device & new SIM request 3. All one-time-passwords will come on new SIM • Opportunity: partner’s weak processes • Source: www.computerworld.com
Millions customers of famous Bank at risk NFC attack • News Date: 23 March 2012 • Country: UK • Means: Contactless readers in mobile phones to extract card data even through wallets or bags • Opportunity: • Excessive card details • Weak merchant process • Motive: Online Shopping • Source: www.channel4.com
Gang of 50 steals at least $7 million • News Date: 11 May 2012 • Country: Canada • Means: Installing Skimmers on stolen POS Machines in < 1 Hr. • Opportunity: • Physical Security • Lack of Monitoring • Motive: $7 million • Source: www.wired.com
111 Arrested In Identity Theft Probe • News Date: 10 October 2011 • Country: USA • Means: bank tellers, retail workers, waiters • Opportunity: Weak processes • Motive: $13m in 16 Months • Source: www.bbc.co.uk Thermal Image showing sequence of keys pressed
Hackers Skim Customers’ Credit Cards via Self-Checkout • News Date: 7 December 2011 • Country: USA • Means: Skimmers • Opportunity: Physical Security • Motive: Financial gain • Source: news.cnet.com
Gang Used 3D Printers for Skimmers • News Date: 20 September 2011 • Country: USA • Means: 3D Printed Skimmers • Opportunity: Physical Security • Motive: $400,000 • Source: krebsonsecurity.com
Adult web site breached 40,000 Cards data • News Date: 12 March 2012 • Country: USA • Means: Server Hack • Opportunity: ? • Motive: 40,000 CC numbers, expiry dates, security codes along with user IDs, email addresses, passwords. • Source: www.scmagazine.com
More than 10 million cards may have been compromised • News Date: 30 March 2012 • Country: USA • Means: Servers Hacked • Opportunity: ? • Motive: Track 2 data (card's primary account number, expiration date, service code, PIN and CVV number) • Source: www.bbc.com
Gang stole $13 million in a day • News Date: 26 August 2011 • Country: USA, Greece, Russia, Spain, Sweden, Ukraine, UK • Means: Remote Access to prepaid cards database update cards set bal = 10000 where ccno=12345678910 • Opportunity: Stolen credentials • Motive: $13 million • Source: www.msnbc.msn.com
Simple URL manipulation affected over 360,000 cards & $2.7M • News Date: 27 June 2011 • Country: USA • Means: script • Opportunity: Insecure Direct Object References https://www.onlinebank.com/user?acct=6065 • Motive: $2.7M • Source: www.informationweek.com
Regional Incidents
Saudi (claimed) Hackers Expose 15,000 Israelis' Credit Cards • News Date: 01 January 2012 • Country: Israel • Means: Sports Web Site • Opportunity: ? • Motive: Hacktivism • Source: www.israelnationalnews.com • Hacker died just after 2 days of getting Govt. Job • www.emirates247.com
Two hospital employees arrested on credit card fraud charges • News Date: April 10, 2012 • Country: UAE • Means: Online Shopping • Opportunity: Visible Credit Card Information • Motive: Dh9,300 • Source: gulfnews.com
Police arrest suspect for credit card forgery • News Date: 26 April 2011 • Country: UAE • Means: Expired cards, card copier, card data from web • Opportunity: • Motive: Financial • Source: gulfnews.com
Statistics about Payment Card Industry Hacks Source: 2012 Data Breach Investigation Report
Culprits Source: 2012 Data Breach Investigation Report
External Culprits Source: 2012 Data Breach Investigation Report
Internal Culprits Source: 2012 Data Breach Investigation Report
Motives Source: 2012 Data Breach Investigation Report
Means Source: 2012 Data Breach Investigation Report
Assets Source: 2012 Data Breach Investigation Report
Hacks Possible Defense • Social engineering • Automated social pen testing • Fake Online Transactions • Balance between Business & Security • POS Skimming • Disconnection logs Bar-coded tamper evident seals • ATM Skimming • Anti skimming solutions • Servers/Applications/DBs • Information Security, Pen testing & Audits
Questions faisal.naqvi@msn.com http://ae.linkedin.com/in/mfaisalnaqvi
Thank You

Recomendados

Identity Theft and How to Prevent Them in the Digital Age
Identity Theft and How to Prevent Them in the Digital Age Identity Theft and How to Prevent Them in the Digital Age
Identity Theft and How to Prevent Them in the Digital Age Maven Logix
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
 
The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlinePhishLabs
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in PakistanMustufain Ahmed Ansari
 
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksGathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksSurfWatch Labs
 
Hacking phishing
Hacking phishingHacking phishing
Hacking phishingdhanyadhanya121
 
Identity thefts
Identity theftsIdentity thefts
Identity theftsHHSome
 
Phishing
PhishingPhishing
PhishingAjit Yadav
 

Recomendados

Identity Theft and How to Prevent Them in the Digital Age
Identity Theft and How to Prevent Them in the Digital Age Identity Theft and How to Prevent Them in the Digital Age
Identity Theft and How to Prevent Them in the Digital Age Maven Logix
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the HumanPhishLabs
 
The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlinePhishLabs
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in PakistanMustufain Ahmed Ansari
 
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksGathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksSurfWatch Labs
 
Hacking phishing
Hacking phishingHacking phishing
Hacking phishingdhanyadhanya121
 
Identity thefts
Identity theftsIdentity thefts
Identity theftsHHSome
 
Phishing
PhishingPhishing
PhishingAjit Yadav
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereGoutama Bachtiar
 
How the Stolen Credit Card Black Market Works
How the Stolen Credit Card Black Market WorksHow the Stolen Credit Card Black Market Works
How the Stolen Credit Card Black Market WorksTripwire
 
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)Kate Dalakova
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystemamiable_indian
 
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...Vivastream
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedVidaB
 
8 Types Of ID Theft
8 Types Of ID Theft8 Types Of ID Theft
8 Types Of ID Theftwitsowitz
 
Identity Theft
Identity TheftIdentity Theft
Identity TheftSimpletel
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
Cybercrime: A Primer
Cybercrime: A PrimerCybercrime: A Primer
Cybercrime: A Primerfwscholl
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...Jeremiah Onaolapo
 
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGAN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGijmnct
 
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGAN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGijmnct
 
Godfather 2.0
Godfather 2.0Godfather 2.0
Godfather 2.0Asian School of Cyber Laws
 
Digital Identity:Threats and Prevention
Digital Identity:Threats and PreventionDigital Identity:Threats and Prevention
Digital Identity:Threats and PreventionQuatrro Processing Services (QPS)
 
Compilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacksCompilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacksArrayShield Technologies Private Limited
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)DCIT, a.s.
 
Chapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenChapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenVidaB
 
A Big Data Analytic Identity Management Expert System for Social Media Networks
A Big Data Analytic Identity Management Expert System for Social Media NetworksA Big Data Analytic Identity Management Expert System for Social Media Networks
A Big Data Analytic Identity Management Expert System for Social Media NetworksAPNIC
 
Role of Certification Authority in E-Commerce
Role of Certification Authority in E-CommerceRole of Certification Authority in E-Commerce
Role of Certification Authority in E-CommerceMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
態度
態度態度
態度nonnon
 

Más contenido relacionado

La actualidad más candente

Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereGoutama Bachtiar
 
How the Stolen Credit Card Black Market Works
How the Stolen Credit Card Black Market WorksHow the Stolen Credit Card Black Market Works
How the Stolen Credit Card Black Market WorksTripwire
 
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)Kate Dalakova
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystemamiable_indian
 
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...Vivastream
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedVidaB
 
8 Types Of ID Theft
8 Types Of ID Theft8 Types Of ID Theft
8 Types Of ID Theftwitsowitz
 
Identity Theft
Identity TheftIdentity Theft
Identity TheftSimpletel
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
Cybercrime: A Primer
Cybercrime: A PrimerCybercrime: A Primer
Cybercrime: A Primerfwscholl
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...Jeremiah Onaolapo
 
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGAN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGijmnct
 
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGAN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGijmnct
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)DCIT, a.s.
 
Chapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenChapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenVidaB
 
A Big Data Analytic Identity Management Expert System for Social Media Networks
A Big Data Analytic Identity Management Expert System for Social Media NetworksA Big Data Analytic Identity Management Expert System for Social Media Networks
A Big Data Analytic Identity Management Expert System for Social Media NetworksAPNIC
 

La actualidad más candente (20)

Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
 
How the Stolen Credit Card Black Market Works
How the Stolen Credit Card Black Market WorksHow the Stolen Credit Card Black Market Works
How the Stolen Credit Card Black Market Works
 
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystem
 
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
 
8 Types Of ID Theft
8 Types Of ID Theft8 Types Of ID Theft
8 Types Of ID Theft
 
Identity Theft
Identity TheftIdentity Theft
Identity Theft
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
 
Cybercrime: A Primer
Cybercrime: A PrimerCybercrime: A Primer
Cybercrime: A Primer
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
 
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
 
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGAN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
 
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGAN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
 
Godfather 2.0
Godfather 2.0Godfather 2.0
Godfather 2.0
 
Digital Identity:Threats and Prevention
Digital Identity:Threats and PreventionDigital Identity:Threats and Prevention
Digital Identity:Threats and Prevention
 
Compilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacksCompilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacks
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
 
Chapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenChapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce Jen
 
A Big Data Analytic Identity Management Expert System for Social Media Networks
A Big Data Analytic Identity Management Expert System for Social Media NetworksA Big Data Analytic Identity Management Expert System for Social Media Networks
A Big Data Analytic Identity Management Expert System for Social Media Networks
 

Destacado

態度
態度態度
態度nonnon
 
Generations atworkmodernsamplefinal
Generations atworkmodernsamplefinalGenerations atworkmodernsamplefinal
Generations atworkmodernsamplefinalAndrew Schwartz
 
Dreams Movie Ppt Version Sample
Dreams Movie Ppt Version SampleDreams Movie Ppt Version Sample
Dreams Movie Ppt Version SampleAndrew Schwartz
 
B24 t043 performance_testing
B24 t043 performance_testingB24 t043 performance_testing
B24 t043 performance_testingGlen Gatin
 
Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...
Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...
Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...John Newton
 
Stress Movie Ppt Version Sample
Stress Movie Ppt Version SampleStress Movie Ppt Version Sample
Stress Movie Ppt Version SampleAndrew Schwartz
 
Leadership Movie Ppt Version Sample
Leadership Movie Ppt Version SampleLeadership Movie Ppt Version Sample
Leadership Movie Ppt Version SampleAndrew Schwartz
 
China PowerPoint Content
China PowerPoint Content China PowerPoint Content
China PowerPoint Content Andrew Schwartz
 
AOD Workplace Modern Sample Final
AOD Workplace Modern Sample FinalAOD Workplace Modern Sample Final
AOD Workplace Modern Sample FinalAndrew Schwartz
 
Open Source Bridge Opening Day
Open Source Bridge Opening DayOpen Source Bridge Opening Day
Open Source Bridge Opening DaySelena Deckelmann
 
マッシュアップアワードに応募するまで
マッシュアップアワードに応募するまでマッシュアップアワードに応募するまで
マッシュアップアワードに応募するまでDaisaku Yamamoto
 
Wilsonlo.Ppt
Wilsonlo.PptWilsonlo.Ppt
Wilsonlo.Pptnonnon
 

Destacado (20)

Role of Certification Authority in E-Commerce
Role of Certification Authority in E-CommerceRole of Certification Authority in E-Commerce
Role of Certification Authority in E-Commerce
 
態度
態度態度
態度
 
Generations atworkmodernsamplefinal
Generations atworkmodernsamplefinalGenerations atworkmodernsamplefinal
Generations atworkmodernsamplefinal
 
Education Projects
Education ProjectsEducation Projects
Education Projects
 
Dreams Movie Ppt Version Sample
Dreams Movie Ppt Version SampleDreams Movie Ppt Version Sample
Dreams Movie Ppt Version Sample
 
B24 t043 performance_testing
B24 t043 performance_testingB24 t043 performance_testing
B24 t043 performance_testing
 
Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...
Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...
Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...
 
Stress Movie Ppt Version Sample
Stress Movie Ppt Version SampleStress Movie Ppt Version Sample
Stress Movie Ppt Version Sample
 
Leadership Movie Ppt Version Sample
Leadership Movie Ppt Version SampleLeadership Movie Ppt Version Sample
Leadership Movie Ppt Version Sample
 
China PowerPoint Content
China PowerPoint Content China PowerPoint Content
China PowerPoint Content
 
AOD Workplace Modern Sample Final
AOD Workplace Modern Sample FinalAOD Workplace Modern Sample Final
AOD Workplace Modern Sample Final
 
Constr spb2015
Constr spb2015Constr spb2015
Constr spb2015
 
Open Source Bridge Opening Day
Open Source Bridge Opening DayOpen Source Bridge Opening Day
Open Source Bridge Opening Day
 
マッシュアップアワードに応募するまで
マッシュアップアワードに応募するまでマッシュアップアワードに応募するまで
マッシュアップアワードに応募するまで
 
Wilsonlo.Ppt
Wilsonlo.PptWilsonlo.Ppt
Wilsonlo.Ppt
 
Rab0809
Rab0809Rab0809
Rab0809
 
Nieuwe Marketing En Communicatieconcepten Arnhem November 2007
Nieuwe Marketing En Communicatieconcepten Arnhem November 2007Nieuwe Marketing En Communicatieconcepten Arnhem November 2007
Nieuwe Marketing En Communicatieconcepten Arnhem November 2007
 
Mathematics Of Life
Mathematics Of LifeMathematics Of Life
Mathematics Of Life
 
Ppt For Symp
Ppt For SympPpt For Symp
Ppt For Symp
 
Intro Webct
Intro WebctIntro Webct
Intro Webct
 

Similar a Recent PCI Hacks

Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysisnullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysisn|u - The Open Security Community
 
Protecting Personal Privacy
Protecting Personal PrivacyProtecting Personal Privacy
Protecting Personal PrivacyDoubleXDS
 
PROTECTION PERSONAL PRIVACY
PROTECTION PERSONAL PRIVACYPROTECTION PERSONAL PRIVACY
PROTECTION PERSONAL PRIVACYDoubleXDS
 
How to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsHow to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsGabor Szathmari
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUResilient Systems
 
Cybersecurity for Marketing
Cybersecurity for Marketing Cybersecurity for Marketing
Cybersecurity for Marketing Alert Logic
 
Cyber breach at target.pptx
Cyber breach at target.pptxCyber breach at target.pptx
Cyber breach at target.pptxVarunLala2
 
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008ID Theft and Computer Security 2008
ID Theft and Computer Security 2008Donald E. Hester
 
How To Catch A Fraudster Live Webinar
How To Catch A Fraudster Live WebinarHow To Catch A Fraudster Live Webinar
How To Catch A Fraudster Live WebinarKount
 
Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsStephen Cobb
 
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...Investments Network marcus evans
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyFirst Atlantic Commerce
 
Common Fraud Schemes - Presentation
Common Fraud Schemes - PresentationCommon Fraud Schemes - Presentation
Common Fraud Schemes - PresentationChristopher Hoina
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Techsylvania
 
Identity Theft nigerian fraud cyberbullying
Identity Theft nigerian fraud cyberbullyingIdentity Theft nigerian fraud cyberbullying
Identity Theft nigerian fraud cyberbullyingMatt Smith
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 

Similar a Recent PCI Hacks (20)

Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 
IT Security Awareness Posters
IT Security Awareness PostersIT Security Awareness Posters
IT Security Awareness Posters
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysisnullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
 
Protecting Personal Privacy
Protecting Personal PrivacyProtecting Personal Privacy
Protecting Personal Privacy
 
PROTECTION PERSONAL PRIVACY
PROTECTION PERSONAL PRIVACYPROTECTION PERSONAL PRIVACY
PROTECTION PERSONAL PRIVACY
 
How to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsHow to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scams
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
 
Cybersecurity for Marketing
Cybersecurity for Marketing Cybersecurity for Marketing
Cybersecurity for Marketing
 
Cyber breach at target.pptx
Cyber breach at target.pptxCyber breach at target.pptx
Cyber breach at target.pptx
 
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008ID Theft and Computer Security 2008
ID Theft and Computer Security 2008
 
How To Catch A Fraudster Live Webinar
How To Catch A Fraudster Live WebinarHow To Catch A Fraudster Live Webinar
How To Catch A Fraudster Live Webinar
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber Criminals
 
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your Enemy
 
Common Fraud Schemes - Presentation
Common Fraud Schemes - PresentationCommon Fraud Schemes - Presentation
Common Fraud Schemes - Presentation
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
 
Identity Theft nigerian fraud cyberbullying
Identity Theft nigerian fraud cyberbullyingIdentity Theft nigerian fraud cyberbullying
Identity Theft nigerian fraud cyberbullying
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 

Más de Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master

Más de Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master (11)

Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies Army
 
E commerce Security for end Users
E commerce Security for end UsersE commerce Security for end Users
E commerce Security for end Users
 
Online Security
Online SecurityOnline Security
Online Security
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Application Security
Application SecurityApplication Security
Application Security
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
 
Information Security Challenges & Opportunities
Information Security Challenges & OpportunitiesInformation Security Challenges & Opportunities
Information Security Challenges & Opportunities
 
Integrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsIntegrating Multiple IT Security Standards
Integrating Multiple IT Security Standards
 
Asset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & ControlAsset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & Control
 
Response To Criticism On E Crime Law
Response To Criticism On E Crime LawResponse To Criticism On E Crime Law
Response To Criticism On E Crime Law
 

Último

Hello this ppt is about seminar final project
Hello this ppt is about seminar final projectHello this ppt is about seminar final project
Hello this ppt is about seminar final projectninnasirsi
 
What is sip and What are its Benefits in 2024
What is sip and What are its Benefits in 2024What is sip and What are its Benefits in 2024
What is sip and What are its Benefits in 2024prajwalgopocket
 
Gender and caste discrimination in india
Gender and caste discrimination in indiaGender and caste discrimination in india
Gender and caste discrimination in indiavandanasingh01072003
 
Overview of Inkel Unlisted Shares Price.
Overview of Inkel Unlisted Shares Price.Overview of Inkel Unlisted Shares Price.
Overview of Inkel Unlisted Shares Price.Precize Formely Leadoff
 
The Inspirational Story of Julio Herrera Velutini - Global Finance Leader
The Inspirational Story of Julio Herrera Velutini - Global Finance LeaderThe Inspirational Story of Julio Herrera Velutini - Global Finance Leader
The Inspirational Story of Julio Herrera Velutini - Global Finance LeaderArianna Varetto
 
Stock Market Brief Deck FOR 4/17 video.pdf
Stock Market Brief Deck FOR 4/17 video.pdfStock Market Brief Deck FOR 4/17 video.pdf
Stock Market Brief Deck FOR 4/17 video.pdfMichael Silva
 
Market Morning Updates for 16th April 2024
Market Morning Updates for 16th April 2024Market Morning Updates for 16th April 2024
Market Morning Updates for 16th April 2024Devarsh Vakil
 
Uae-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
Uae-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Uae-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
Uae-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 
2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGeckoCoinGecko
 
Kempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdfKempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdfHenry Tapper
 
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.ppt
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.pptAnyConv.com__FSS Advance Retail & Distribution - 15.06.17.ppt
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.pptPriyankaSharma89719
 
Financial Preparation for Millennia.pptx
Financial Preparation for Millennia.pptxFinancial Preparation for Millennia.pptx
Financial Preparation for Millennia.pptxsimon978302
 
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...Amil baba
 
Uae-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakist...
Uae-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakist...Uae-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakist...
Uae-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakist...Amil baba
 
Global Economic Outlook, 2024 - Scholaride Consulting
Global Economic Outlook, 2024 - Scholaride ConsultingGlobal Economic Outlook, 2024 - Scholaride Consulting
Global Economic Outlook, 2024 - Scholaride Consultingswastiknandyofficial
 
The top 4 AI cryptocurrencies to know in 2024 .pdf
The top 4 AI cryptocurrencies to know in 2024 .pdfThe top 4 AI cryptocurrencies to know in 2024 .pdf
The top 4 AI cryptocurrencies to know in 2024 .pdfJhon Thompson
 
Liquidity Decisions in Financial management
Liquidity Decisions in Financial managementLiquidity Decisions in Financial management
Liquidity Decisions in Financial managementshrutisingh143670
 
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...Amil baba
 
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...beulahfernandes8
 
Financial analysis on Risk and Return.ppt
Financial analysis on Risk and Return.pptFinancial analysis on Risk and Return.ppt
Financial analysis on Risk and Return.ppttadegebreyesus
 

Último (20)

Hello this ppt is about seminar final project
Hello this ppt is about seminar final projectHello this ppt is about seminar final project
Hello this ppt is about seminar final project
 
What is sip and What are its Benefits in 2024
What is sip and What are its Benefits in 2024What is sip and What are its Benefits in 2024
What is sip and What are its Benefits in 2024
 
Gender and caste discrimination in india
Gender and caste discrimination in indiaGender and caste discrimination in india
Gender and caste discrimination in india
 
Overview of Inkel Unlisted Shares Price.
Overview of Inkel Unlisted Shares Price.Overview of Inkel Unlisted Shares Price.
Overview of Inkel Unlisted Shares Price.
 
The Inspirational Story of Julio Herrera Velutini - Global Finance Leader
The Inspirational Story of Julio Herrera Velutini - Global Finance LeaderThe Inspirational Story of Julio Herrera Velutini - Global Finance Leader
The Inspirational Story of Julio Herrera Velutini - Global Finance Leader
 
Stock Market Brief Deck FOR 4/17 video.pdf
Stock Market Brief Deck FOR 4/17 video.pdfStock Market Brief Deck FOR 4/17 video.pdf
Stock Market Brief Deck FOR 4/17 video.pdf
 
Market Morning Updates for 16th April 2024
Market Morning Updates for 16th April 2024Market Morning Updates for 16th April 2024
Market Morning Updates for 16th April 2024
 
Uae-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
Uae-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Uae-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
Uae-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko
 
Kempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdfKempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdf
 
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.ppt
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.pptAnyConv.com__FSS Advance Retail & Distribution - 15.06.17.ppt
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.ppt
 
Financial Preparation for Millennia.pptx
Financial Preparation for Millennia.pptxFinancial Preparation for Millennia.pptx
Financial Preparation for Millennia.pptx
 
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...
 
Uae-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakist...
Uae-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakist...Uae-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakist...
Uae-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakist...
 
Global Economic Outlook, 2024 - Scholaride Consulting
Global Economic Outlook, 2024 - Scholaride ConsultingGlobal Economic Outlook, 2024 - Scholaride Consulting
Global Economic Outlook, 2024 - Scholaride Consulting
 
The top 4 AI cryptocurrencies to know in 2024 .pdf
The top 4 AI cryptocurrencies to know in 2024 .pdfThe top 4 AI cryptocurrencies to know in 2024 .pdf
The top 4 AI cryptocurrencies to know in 2024 .pdf
 
Liquidity Decisions in Financial management
Liquidity Decisions in Financial managementLiquidity Decisions in Financial management
Liquidity Decisions in Financial management
 
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...
 
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...
 
Financial analysis on Risk and Return.ppt
Financial analysis on Risk and Return.pptFinancial analysis on Risk and Return.ppt
Financial analysis on Risk and Return.ppt
 

Recent PCI Hacks

  • 1. Recent Payment Card Industry Hacks Techniques used; & possible Defense Muhammad Faisal Naqvi CISSP, CISA, ISO27K LA & MI, ISO20K I, AMBCI ACMA inter, MS E-Commerce (Gold)
  • 2. Agenda • MOM Analysis (Motives, Opportunities & Means) • International Incidents • Regional Incidents • Statistics about Payment Card Industry Hacks • Who are the Culprits? • What are the Motives? • What are the Means? • Which Assets are under Attack? • What could be Possible Defense?
  • 4. Banking data stolen from Millions • News Date: 04 April 2012 • Country: UK • Means: Trojans e.g. Zeus & Spyeye to collect personal details • Opportunity: Social Engineering • Motive: Fun, curiosity, or pride ($3,800 in 20 Months) • Source: www.theregister.co.uk
  • 5. Attack on one-time-passwords on mobile • News Date: 15 March 2012 • Country: USA • Means: 1. Used Gozi Trojan to steal IMEI # of Account Holder 2. Report about lost/ stolen device & new SIM request 3. All one-time-passwords will come on new SIM • Opportunity: partner’s weak processes • Source: www.computerworld.com
  • 6. Millions customers of famous Bank at risk NFC attack • News Date: 23 March 2012 • Country: UK • Means: Contactless readers in mobile phones to extract card data even through wallets or bags • Opportunity: • Excessive card details • Weak merchant process • Motive: Online Shopping • Source: www.channel4.com
  • 7. Gang of 50 steals at least $7 million • News Date: 11 May 2012 • Country: Canada • Means: Installing Skimmers on stolen POS Machines in < 1 Hr. • Opportunity: • Physical Security • Lack of Monitoring • Motive: $7 million • Source: www.wired.com
  • 8. 111 Arrested In Identity Theft Probe • News Date: 10 October 2011 • Country: USA • Means: bank tellers, retail workers, waiters • Opportunity: Weak processes • Motive: $13m in 16 Months • Source: www.bbc.co.uk Thermal Image showing sequence of keys pressed
  • 9. Hackers Skim Customers’ Credit Cards via Self-Checkout • News Date: 7 December 2011 • Country: USA • Means: Skimmers • Opportunity: Physical Security • Motive: Financial gain • Source: news.cnet.com
  • 10. Gang Used 3D Printers for Skimmers • News Date: 20 September 2011 • Country: USA • Means: 3D Printed Skimmers • Opportunity: Physical Security • Motive: $400,000 • Source: krebsonsecurity.com
  • 11. Adult web site breached 40,000 Cards data • News Date: 12 March 2012 • Country: USA • Means: Server Hack • Opportunity: ? • Motive: 40,000 CC numbers, expiry dates, security codes along with user IDs, email addresses, passwords. • Source: www.scmagazine.com
  • 12. More than 10 million cards may have been compromised • News Date: 30 March 2012 • Country: USA • Means: Servers Hacked • Opportunity: ? • Motive: Track 2 data (card's primary account number, expiration date, service code, PIN and CVV number) • Source: www.bbc.com
  • 13. Gang stole $13 million in a day • News Date: 26 August 2011 • Country: USA, Greece, Russia, Spain, Sweden, Ukraine, UK • Means: Remote Access to prepaid cards database update cards set bal = 10000 where ccno=12345678910 • Opportunity: Stolen credentials • Motive: $13 million • Source: www.msnbc.msn.com
  • 14. Simple URL manipulation affected over 360,000 cards & $2.7M • News Date: 27 June 2011 • Country: USA • Means: script • Opportunity: Insecure Direct Object References https://www.onlinebank.com/user?acct=6065 • Motive: $2.7M • Source: www.informationweek.com
  • 15.
  • 17. Saudi (claimed) Hackers Expose 15,000 Israelis' Credit Cards • News Date: 01 January 2012 • Country: Israel • Means: Sports Web Site • Opportunity: ? • Motive: Hacktivism • Source: www.israelnationalnews.com • Hacker died just after 2 days of getting Govt. Job • www.emirates247.com
  • 18. Two hospital employees arrested on credit card fraud charges • News Date: April 10, 2012 • Country: UAE • Means: Online Shopping • Opportunity: Visible Credit Card Information • Motive: Dh9,300 • Source: gulfnews.com
  • 19. Police arrest suspect for credit card forgery • News Date: 26 April 2011 • Country: UAE • Means: Expired cards, card copier, card data from web • Opportunity: • Motive: Financial • Source: gulfnews.com
  • 20. Statistics about Payment Card Industry Hacks Source: 2012 Data Breach Investigation Report
  • 21. Culprits Source: 2012 Data Breach Investigation Report
  • 22. External Culprits Source: 2012 Data Breach Investigation Report
  • 23. Internal Culprits Source: 2012 Data Breach Investigation Report
  • 24. Motives Source: 2012 Data Breach Investigation Report
  • 25. Means Source: 2012 Data Breach Investigation Report
  • 26. Assets Source: 2012 Data Breach Investigation Report
  • 27. Hacks Possible Defense • Social engineering • Automated social pen testing • Fake Online Transactions • Balance between Business & Security • POS Skimming • Disconnection logs Bar-coded tamper evident seals • ATM Skimming • Anti skimming solutions • Servers/Applications/DBs • Information Security, Pen testing & Audits