March 8, 2018
While most of the recent high-profile data breaches have targeted massive troves of personal information (the kind suited for perpetrating account takeover, account creation and synthetic fraud), two recent breaches illustrate that fraudsters have not abandoned good, old-fashioned card fraud, fueled by stolen credit card numbers.
RMH Franchise Holdings, a major operator of Applebee’s franchises, said POS malware discovered at 167 locations in 15 states mostly in the southeast and Midwest U.S. has compromised payment card information of consumers who made purchases at those stores. At the same time, the American unit of Japanese video game developer Nippon Ichi Software acknowledged its online users’ payment card information also was exposed to hackers.
While the reported breaches presumably are more modest than the September breach at credit bureau Equifax by number of records exposed, they highlight recent findings by security company Trustwave: Most breaches still target payment card information. So, while ATO and other types of fraud attacks that target companies at the account level are surging, fraudsters are still leveraging stolen credit cards to commit all kinds of fraud.