January 31, 2017
While the attention garnered by CNP fraud and security issues center mainly around e-commerce, companies should remember they are just as vulnerable through their call centers. Late last week, researchers at security software provider MacKeeper said 400,000 audio calls were made available online by hackers. The breach reportedly originated at a Largo, Fla.-based telemarketing company called VICI Marketing—a company that was fined $350,000 by the state of Florida in 2009 for using stolen information in their sales efforts. Most of the hacked files, according to a post on MacKeeper’s corporate blog, were cold calls that did not produce much information, but more than 17,000 are believed to contain personal and payment card information. MacKeeper, it should be noted, has also experienced a significant loss of sensitive customer data via a network breach discovered in 2015 and has been accused of misleading and aggressive online marketing tactics.
“There is enough information in each call to provide cyber criminals with all they need to steal the credit card information or commit a wide range of crimes,” researchers said in the post. “There is no suspected wrongdoing at this time other than leaking as many as 17,649 audio recordings with credit card numbers and private customer files.”
CNP merchants are particularly vulnerable because they can be victimized on both sides of the data theft. Not only is customer information vulnerable to breach if merchants don’t meet certain security conditions, but also, once stolen information is available “in the wild,” they are vulnerable to the fraudsters trying to monetize it through a growing number of fraud types.
“We’ve been emphasizing this message for some years, urging businesses to keep pace with the evolving secure card payment solutions to avoid security breaches and fraud,” said Cam Ross, director of payments strategy at Eckoh, a U.K-based business that focuses on securing call centers through a kind of tokenization specific to the telephone. “Contact centers are notoriously difficult environments to secure, but there are solutions available that avoid these sorts of incidents occurring. By making data meaningless, useless or not available at all to criminals, your customers remain protected.”