Hackers Target Credit Card Processing Companies
In the last few years, a number of cases involving hacking of credit card processing networks of leading corporations have been reported from different parts of the world including the United States.
A similar incident was reported in New Jersey on July 25th, 2013; a group of hackers targeted major credit card processing networks in the US. They managed to steal away as many as 160 million credit card numbers by hacking into systems that were otherwise considered to be highly secure by exploiting some vulnerability. The ‘loss figure’ is yet to be estimated.
This is now being looked upon as the largest incident of its own kind, not just in the United States but the whole world.
This uncovers grim reality that major corporations are not fully safe and forced to operate under the perennial threat of planned attacks. Ultimately, it leads to a substantial increase in costs of doing business.
How hackers target credit card processing networks
It’s has been observed that in almost all the cases, hackers allegedly conspired with the employees responsible for supervising credit card processing transactions and retailers that deal in management of financial data. They got their dirty hands on clients’ credit related information parked with the high risk merchant account providers. While merchant account service providers do their level best, vulnerabilities at any point in the entire system (which includes many players including big banking institutions) can serve as a foundation of a successful system hack. Hackers nowadays employ the latest techniques to rob people of their hard earned money.
How hackers operate
In the New Jersey case, each one in the group specialized in penetrating network security. These hackers used anonymous web-hosting services to hide their activities. They bought considerable amount of information (personal identifying information of individuals) from the employees of the corporations such as credit card processing companies, retailers, financial institutions. They used names, passwords, credit & debit card numbers, and other means of identification.
They were in possession of around 160 million card numbers after hacking various networks.
These men used Structured Query Language (SQL) based injection attack. SQL is programming language, designed to manage data stored in various kinds of databases in computer networks of high risk merchant service providers.
After claiming access to the data base, the accused placed malware on the servers that helped them gain network access. They also installed programs to collect data from the computer netwroks of victims.
The stolen data collected by them was stored in the computer network (spread around the world) which was ultimately sold to others.
The end users decoded the magnetic strip of the blank plastic card and made limitless purchases with the cards.
These cyber criminals were so shrewd that they used special communication channels to avoid a premature bust. Later on, they even altered the networks used by the low and high risk merchant account providers so as to leave as few traces of their actions as possible.
As a result of fraud committed by these individuals, many corporations are believed to have lost millions of dollars. The money spent on reworking the system is likely to be high as well.
Organizations dealing with credit card processing have become all the more vigilant now; highly advanced security features are now being employed to prevent the occurrence of such financial data thefts in future.
