Back in March there was a good deal of news about a Feb attack on a retailer that exposed many debit cards:
a total of eight banking companies — Citigroup Inc., Bank of America Corp., JPMorgan Chase & Co., Wachovia Corp., Wells Fargo & Co., Washington Mutual Inc., National City Corp., and PNC Financial Services Group Inc. — have confirmed their customers may have been compromised and all said they would reissue debit cards to some customers. […] sources close to the matter said they believe the lead theory is that hackers “accessed servers at about 30 stores belonging to a large, national retailer and stole data from the cards’ magnetic stripes, encrypted customer PINs (in a format known as PIN blocks), and the keys to decode the PIN blocks. “The criminals used the magnetic stripe information to create counterfeit cards, and the decrypted PINs to withdraw cash from automated teller machines, the sources said.â€? […] Customers are asked to monitor their accounts for suspicious activity and immediately report anything out of the ordinary. Silvestri [the spokesman for Wachovia] said he is a frequent debit card user. He said he likes to check his account online at least once a day.
One might almost think about getting a link to your phone so every transaction has to be approved via cell. Imagine if an ATM sent your phone an SMS message asking for confirmation…or if your cell-phone had a random number generator that you had to type into the ATM along with your PIN.
Apparently the breach is still newsworthy as banks continue to replace cards, almost five months later, and the reporters are starting to hint that an ATM processor was the real source of problems:
Charlotte, N.C.-based Wachovia issued the card replacements last week as an antifraud measure, said bank spokeswoman Mary Beth Navarro. She declined to explain the circumstances that triggered the action after several months. […] Visa has encountered security problems with other contractors besides the ATM processor that triggered the February alert.