Lieberman Software says latest card data heist could have been prevented
Philip Lieberman, President and CEO of the privileged identity management specialist said that the newswire report - which details how a European hacker broke into a US firm and downloaded the payment card numbers and security codes of 1,440 customers -shows how easily cybercriminals can access this kind of private data.
"Once the privileged accounts that control access to computers and applications are properly secured, even after a hacker breaches a corporate network it can be almost impossible for him to get control of this sort of private data," Lieberman said.
"The fact that an individual hacker quickly generated over $5,000 from the crime shows how lucrative customer payment card data can be in criminal hands. The hacker may have sold the credentials at $3.50 each, but these stolen card numbers are almost certain to create vastly greater losses for payment processors and merchants," he added.
Lieberman went on to say that locking down this kind of private data - by securing the privileged identities present on every computer, application and network appliance - is exactly what his firm's technology helps customers to achieve.
Unfortunately, he explained, not all firms handling payment card data have the capability to manage potentially thousands of privileged identities present on their networks. As a result, criminal sites like www.CVV2s.in are flourishing - allowing thieves to buy private data just as easily a buying a music track on a shopping portal.
The fact that the criminal websites offer the ability to search by bank identification number - and so select cards from institutions known to have weak security - highlights how specialised this form of cybercrime has become.
The only piece of good news is that a growing number of card issuers are implementing needed safeguards for online purchases - such as the use of multi-factor authentication card readers and 3D-Secure passwords. But the reality, says Lieberman, is that too many issuers have been too slow to adopt this technology.
"Add in the fact that 3D-Secure is not implemented on all sites, especially those operated by smaller firms, and it's clear the cybercriminals are exploiting a gap in the market. And that gap exists because of lax security on the part of the companies that accept cardholder payments," he said.
"Had the victim organization used PIM - privileged identity management - to secure its payment card data, this information would almost certainly not have been accessible to criminals. In this case the stolen customer data represents 1,440 more reasons to look at using PIM technology on corporate networks," he said.
For more on Lieberman Software: http://www.liebsoft.com
For more on the CVV2s.in card credentials portal: http://bit.ly/sc7Cdq
Lieberman Software Corporation
Lieberman Software provides privileged identity management and security management solutions to more than 1000 customers worldwide, including 40 percent of the US Fortune 50. By automatically discovering and managing privileged accounts everywhere on the network, Lieberman Software helps secure access to sensitive systems and data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. The company developed the first solution for the privileged identity management space, and its products continue to lead this market in features and functionality. Lieberman Software is headquartered in Los Angeles, CA with an office in Austin, TX and channel partners throughout the world. For more information, visit www.liebsoft.com.