Just got off the phone from our corporate card provider to reset my card after a fraud block. Their words: “a number of customer card details were copied from where they were used recently and are being used to make fraudulent transactions”. So presumably at least one of the promised Christmas POS malware attacks came off. Wonder who it was? It’s another reminder that we badly need a disclosure law to force merchants to tell customers when their security has been compromised.
Of course, that assumes that the retailer in question knows they’ve been breached. There’s no mileage for a cybercriminal in exposing the source of the stolen cards they’re hawking on the Darknet – not while they can happily carry on exfiltrating data.
So, as a consumer, best keep a close eye on your card transactions; your card provider may have a less sensitive trigger finger than ours.
And as a merchant, if you haven’t done a thorough security audit recently, perhaps that should be your belated New Year’s Resolution…