California DMV compromised, credit cards breached

[Pardus]

http://www.neowin.net/news/california-dmv-compromised-credit-cards-breached

The California Department of Motor Vehicles has been the victim of a wide-ranging security breach which may have affected thousands of citizens, according to sources.

Earlier this week, MasterCard issued an alert noting that credit cards used online in transactions with California's DMV may have resulted in the theft of data and personal information - including credit card numbers, expiration dates, and three-digit security codes.

The number of cards stolen is still unconfirmed, but according to security blogger Brian Krebs, at least five different financial institutions have confirmed the data breach. Krebs says the potentially compromised transactions all occurred in a range of six months, from August 2nd, 2013 to January 21st, 2014.

Statistics from California's DMV show that nearly 12 million online transactions with the DMV were conducted in 2012, an increase of 6 percent from 2011 - an ominous number when considering the potential range of the breach.

California's DMV isn't the only institution to be compromised, as just months ago popular retailer Target confirmed that over 110 million of its customers credit cards were compromised in a massive breach. The FBI later issued a statement warning of more potential attacks, and while the focus has predominantly been on Point Of Sale (POS) machines such as cash registers, credit card data is a target highly valued by many would-be hackers for its huge potential, both in financial and personal information.

 

[zerocool84]

No matter where you go you're never safe using a credit card. We need to get our new system implemented ASAP. How many of these attacks do we hear about in outside countries?

 

[tortillasoup]

how is chip and pin suppose to help online transactions?

 

[NutBucket]

Still need to enter a pin to authenticate? Not sure either but it's a decent guess.

 

[Leyawiin]

Well that's just wonderful - that's how I've paid my fees the last three years (and was intending to with the renewal I just got a few weeks ago).

 

[bradly1101]

Well that's just wonderful - that's how I've paid my fees the last three years (and was intending to with the renewal I just got a few weeks ago).

Me too.

 

[Mark R]

how is chip and pin suppose to help online transactions?

It isn't. It isn't used for online transactions.

It is purely for "card present" transactions where it can reduce the use of stolen physical credit cards or cloning of cards by "skimming".

It is very difficult to clone the "chip" component of a chip and pin card, whereas a magstripe card can easily be cloned with readily available equipment. In addition, the requirement of a PIN prevents opportunistic fraud, e.g. where someone finds a wallet with a credit card and practices writing the signature a few times, so that it is good enough to get past an unsuspecting retailer.

It also closes allows the card companies to close a potential loophole, and because a chip and PIN transaction proves the genuine card was used by the authorized user, no chargebacks are permitted on a chip and PIN transaction.

 

[Kneedragger]

Man I'm really getting sick of this shit.