Vision Direct say the data was not extracted from the VE database but captured as customers typed the data into the web site. This could be done by a Javascript keylogger running on the web site activated by a fake Google Analytics script.
Vision Direct also say that they hold no payment card data, which is held at their payment providers.
Sounds like this is not a PCI-type breach.
19 Nov 2018 17:03 Read comment
Is this the same deal that LINK announced back in 2009?
http://www.link.co.uk/media/news-releases/news-releases-archive/link-announces-that-over-18-billion-china-unionpay-cards-are-now-usable-in-uk-cash-machines/
16 May 2016 22:25 Read comment
The second chip passed through the EMV commands and data between the terminal and genuine chip apart from the command to the chip to verify the PIN. The terminal generated the VERIFY command correctly but the second chip intercepted this command without forwarding it to the genuine chip. The second chip automatically responded with SW1 SW2='9000' whatever PIN was entered to indicate to advise the terminal that PIN verification was successful. The PIN was not exposed in the fraud.
This attack would not be successful in an online environment where the PIN is verified by the issuer. It would not be successful with Combined Data Authentication (CDA) cards and one would hope that US issuers are not sending out Static Data Authentication (SDA) cards.
If these had been Chip and Signature cards, the fraudsters would not have had to go to all the trouble of transplanting chips from one card to another and attaching second chips. They could have simply used the stolen cards and signed for the transactions confident that the signature would not be checked thoroughly by the retailer.
21 Oct 2015 19:04 Read comment
Sorry, but I think that reporting rape, or any violent crime, by ATM is a hairbrain scheme thought up by a politician who has no idea how ATM systems work or the police are organised. Apart from the impracticality, who would pay for the development and operation?
And yes DK, alerting the police by keying in your PIN backwards is an urban myth.
20 Mar 2015 16:39 Read comment
Perhaps she will now press for the USA to move to EMV chip cards?
06 Sep 2011 16:15 Read comment
Nor does EMV
29 Oct 2010 15:01 Read comment
Marite, I have downloaded the anti-fraud documentation that MasterCard, Visa and Moneris in Canada issue to merchants and there is no mention of additional ID checks. If a retailer is suspicious of a card or cadholder they are supposed to do what is called a Code 10 Authorisation. This involves phoning the merchant acquirer who can then contact the issuer. The nearest I have had to recognition of additional cardholder identification is a statement from Visa that merchants are not allowed to decline a transaction because the cardholder is unable or unwilling to provide additional identification.
17 Feb 2010 11:54 Read comment
Many apologies for all the formatting information in my previous comment. I pasted from Word and didn't realise all that would be published!
16 Feb 2010 17:27 Read comment
<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin-top:0cm; margin-right:0cm; margin-bottom:10.0pt; margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;} p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing {mso-style-priority:1; mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;} .MsoPapDefault {mso-style-type:export-only; margin-bottom:10.0pt; line-height:115%;} @page Section1 {size:612.0pt 792.0pt; margin:72.0pt 72.0pt 72.0pt 72.0pt; mso-header-margin:36.0pt; mso-footer-margin:36.0pt; mso-paper-source:0;} div.Section1 {page:Section1;} -->
In 2008, the most recent year for which figures are currently available (www.ukpayments.org.uk), losses due to counterfeit card fraud for UK-issued cards were £170m, 18% up on 2007. Of this, £37m was done in the UK and £133m abroad. Total card fraud committed abroad amounted to £230m, 11% up on 2007. The top 5 countries where UK-issued cards or card details were used fraudulently were:
USA £31.7m
Canada £10.8m
Australia £10.8m
Spain £10.1m
Italy £8.3m.
As EMV rolls out in Canada and Australia the losses in the USA are bound to increase.
Marite, I am not convinced about putting dual card readers on unattended terminals. The ATM industry is regularly advising the public to look out for false card readers and PIN pads at ATMs to prevent card skimming. A proliferation of additional card readers on ATMs will cause customer confusion. I’m interested in your comment about US retailers requesting additional identification before accepting credit cards, but that should be a separate blog …
16 Feb 2010 17:24 Read comment
John FoulleyDirector at Oracle
John ReganDirector at Platform Black
Grace Anim-YeboahDirector at Absa Bank Ghana
Jan MarcinkowskiDirector at JM
Steve PontingDirector at Software AG
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.