PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

In Wake of Confirmed Breach at Home Depot, Banks See Spike in PIN Debit Card Fraud

By Ron Mazursky
September 9, 2014
in Analysts Coverage
0
0
SHARES
0
VIEWS
Share on LinkedIn
remote check deposits

Home Depot has confirmed it has suffered a credit and debitcard data breach involving nearly all of its US and Canadian stores – similarto the Target breach reported in early 2014. Apparently this breach dates backto April 2014.

These account numbers canthen be used to create counterfeit credit and debit cards and used at POS.

Home Depot has claimed that no debit card PIN data wascompromised – yet several financial institutions have reported an increase inthe last few days in fraudulent ATM withdrawals on customer accounts. This raises some concerns that if PIN numberscan be changed on the counterfeit debit cards, then cash can be withdrawn fromATMs using those customers’ accounts at will. It seems that these counterfeiters are taking advantage of weakauthentication methods via some automated bank phone systems that allowcustomers to reset their PINs for their debit cards.

The bad news: the same site that has posted the Home Depotcard data for sale also has the legitimate cardholders full name and city,state and zip of the Home Depot store from which the card data was stolen. The store location information is likely inclose proximity to the cardholder’s home address. With this information, the counterfeiters canthen locate the social security number and date of birth of the cardholder(using criminal services that sell this information). This information can help payment datathieves use a bank’s voice response unit to change their PIN as long as theypass 3 of 5 security checks.

Accordingto Krebs on Security:

“A large number of theseVRU systems allow the caller to change their PIN provided they pass threeout of five security checks. One is that the system checks to see if the callis coming from a phone number on file for that customer. It also requests thefollowing four pieces of information:

the 3-digit code (card verification value)printed on the back of the debit card;

the card’s expiration date;

the customer’s date of birth;

the last four digits of the customer’s SocialSecurity number.”

The good news: Some of the largestbanks have begun moving away from Knowledge-based Authentication for their VRUsystems given how easily they can be tricked. More of the industry needs to do so. Biometrics will also need to be introduced in the near term, unlessother authentication tools will eventually be used.

Banks need to update their VRUcapability and merchants will need to improve their data protectionservices. Together they need toimplement tools to better protect the payment data. This could includetokenization and end-to-end encryption.


Overview by Ron Mazursky, Director, Debit Advisory Service

Read Full Story at Krebs on Security

0
SHARES
0
VIEWS
Share on LinkedIn

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    cyber resilience

    Modern Cyber Risk Is Breaking Longstanding Security Assumptions

    July 13, 2026
    Merchants Real-Time Payments, swipe fees, BNPL

    How Software Turned Payments Into a Seamless Part of Commerce

    July 10, 2026
    credit union data, credit union technology

    Inside the Tech Shift Redefining How Credit Unions Operate

    July 9, 2026
    embedded payments

    What Embedded Payments Can Solve for Small Businesses

    July 8, 2026
    apple tap to pay

    Build Momentum Behind Zelle for Business

    July 7, 2026
    Accredited Payments Risk Professional

    The Growing Importance of Payments Risk Expertise

    July 6, 2026
    account aggregation

    The Dilemma Facing Financial Institutions: Aggregate or Be Aggregated

    July 2, 2026
    contactless payments

    Wherever There’s Friction, Contactless Payments Can Help

    July 1, 2026

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2026 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result