Page 2 of 2 Previous
Mass card replacements would add to the overall cost of the breach, which is expected to rise to hundreds of millions of dollars in combined fraud losses, litigation and other expenses.
“I don’t think any of the issuers want to be the bank that stole Christmas, the Grinch, even though that’s probably what they should do,” said data security expert Brian Krebs, who broke the news of the breach last week on his blog Krebsonsecurity.com.
Canceling cards isn’t terribly practical, said Pascual of Javelin Strategy & Research. “If we had to replace a card for every breach, you’d get a new card every month,” he said.
Krebs and others who monitor black market card activity reported stolen cards flooding the underground market in recent weeks and commanding high prices because of the amount of data about the accounts, such as ZIP codes.
Krebs reported Sunday that there has been another huge batch of stolen cards trading on the digital black market, this time cards issued by non-U.S. banks. Easy Solutions Inc., an anti-fraud company in Miami that also monitors black market card activity, also blogged about new “world dumps.”
Daniel Ingevaldson, Easy Solutions’ chief technology officer, said many of the cards in the latest batch were issued by banks in Latin America. Krebs said he thinks they were from all over the world. Both said the latest batch appears to be linked to the Target breach.
“All the hallmarks are the same,” Ingevaldson said.
The stolen cards issued by non-U.S. banks may be more valuable now to crooks as U.S. cardholders and banks cancel their cards and clamp down on potential fraud, they said.
“This is going to be a process where unfortunately the lion’s share of the work falls on the banks,” Ingevaldson said.
Jennifer Bjorhus • 612-673-4683