A bank in Colorado has temporarily blocked all point of sale purchases on issued debit cards following the breach at Heartland Payment Systems last year.
In a statement on its website, the First National Bank of Durango said that debit cards issued may have been compromised following the breach. It stated that there was not a security breach at First National Bank of Durango, and that its systems remain secure.
The bankinfosecurity website claimed that as many as 5,000 of its customers were at risk after several customers reported that their debit cards had fraudulent transactions on them. However the bank reported that fewer than 20 customers had reported fraudulent charges a week ago.
Ed Rowley, product manager at M86 Security, believed that even with fewer than 20 customers affected so far we will see more reports of fraudulent transactions on compromised cards.
He said: “There is no reason why we should not see compromises for the next six to eight months. I was initially surprised to see it come to light so late, but then thought that any criminals may well have sat on the information for a while until the heat was off or indeed they may well have sold the details on and somebody else is trying to use the stolen information again: criminal recycling.”
Steve Moyle, co-founder and CTO at Secerno, said: “This has been going on for a very long time, and I heard the CEO of Heartland talking about locking down and how to protect it. Someone was tipped off from outside using a side window system, they worked out the security devices on the network and got Russian hackers to write malware code and they used it to install a network sniffer.
“When the attack was deployed, Heartland was PCI DSS certified and it was tipped off from the outside, so they got in a security firm as auditors who did not find anything, so they got a second lot of auditors in and they found the little bit of software. So even if you are looking for it, it can be very difficult to find. The ramifications can take months to become public.
“Banks have decided to put legal pressure on payment processors to cover the legal costs of fraud, you have to show that you have incurred a loss and prove it. How many Durango cards have been compromised?”