Around the Web: Backoff, Online Payments, Security

Posted on by Fahmida Y. Rashid

dotsData breaches, point-of-sale malware, and payment card security were among the hottest topics this week.

Information security professionals have to sift through and absorb a lot of information throughout the week, including news reports, survey results, threat advisories, and security warnings. That's just the beginning. Don't forget breaking research, insightful blog posts from other security professionals, practical on-the-job material, and in-depth features about the industry. By the end of the week, it's easy to feel like you've missed something.

Cap off the end of the week with some of the most interesting pieces from around the Web you may have missed, along with some posts from the RSA Conference.

From ThreatPost: President Barack Obama signed an Executive Order mandating chip-and-PIN technology for all federal government payment cards starting January. Under the Order, federal facilities such as national parks and post offices will set up point-of-sale terminals to accept these new cards.

From Reuters: As part of the "Buy Secure" initiative, Obama urged banks and retailers to follow suit in an effort to combat the growing threat of identity fraud. Several major companies who have been breached recently are expected to roll out secure chip-and-PIN card terminals in their retail outlets, most by January, according to the White House.

From the Obama administration, via White House press release: "With over 100 million Americans falling victim to data breaches over the last year, and millions suffering from credit card fraud and identity crimes, there is a need to act—and to move our economy toward stronger, more secure technologies that better secure transactions and safeguard sensitive data."

Back in May, we talked about retail breaches and the problems with the existing payment card system.  The federal government moving towards EMV will help accelerate the roll-out schedules for other companies in the commercial sector.

Five years ago, many of us were worried about using credit cards for online shopping. Fast-forward to 2014, and we are worried about using credit cards in brick-and-mortar stores. That's irony for you.

"The idea that somebody halfway around the world could run up thousands of dollars in charges in your name just because they stole your number, or because you swiped your card at the wrong place in the wrong time, that’s infuriating," Obama said during the ceremony as he signed the Order.

From Dark Reading: It looks like cyber-criminals had a very profitable month, as researchers from security firm Damballa detected a 57 percent increase in infections of Backoff malware from August to September. Backoff is the PoS malware which have been used to compromise PoS terminals in more than 1,000 retail outlets, according to the Secret Service. Victims include the United Parcel Service and Dairy Queen. During the month of September, Backoff infections increased 27 percent, Damballa said.

We talked about PoS malware such as Backoff in our webcast last month. If you missed it, check out the replay

Security expert Rafal Los talks "breach fatigue" on his blog: "If you read the news headlines you would have thought that everyone's bank accounts would be empty by now, and everyone in the United States would have been the victim of identity theft by now. But they haven't. Or they haven't been impacted directly. This leads to the Chicken Little problem." Why are we so surprised with every breach?

Fahmida Y. Rashid

Information Security Journalist, Editor-in-Chief, RSA Conference


Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community