Tag: cybersecurity

The next stage in the evolution of the internet of things? Security.

It’s a whole new world—but only if businesses enact appropriate safeguards.

Cybersecurity and privacy risks of Industry 4.0 (infographic)

From smart factories to connected homes, see how new security and privacy risks affect businesses and consumers.

Three ways to get ahead of IoT cyber-risks

The recent DDoS-fueled internet outage reminds us why an IoT risk strategy is key.

How 3D printing puts manufacturers at risk of cybertheft

The rise of 3D printing provides a new portal for cyberthieves—so you better protect your trade secrets.

Seven secrets of great gamification design

These seven guiding principles can help you succeed in gamification design.

Stop Heartbleed from draining your sensitive data

How to protect your business from the ravages of the Heartbleed bug.

The FBI says you’ve been breached by a nation-state. Now what?

What to do if your company’s network falls victim to hacking by a nation-state.

Anatomy of a Skimmer Attack

Lately it seems every day brings news of a cybersecurity attack in the retail space. How do cyber criminals pull it off? Let’s break down the anatomy of a skimmer attack. Thieves install electronic software “skimmers” on point of sale (POS) terminals. As customers swipe their credit cards, these skimmers collect the track data— the electronically encoded data on the magnetic strip on the back of a credit card. The capture of track data enables a cybercriminal to create counterfeit cards. They do so by encoding the track data onto a new card with a magnetic strip. In addition to the track data, thieves can secure information about the store’s location and zip code. This data enables cybercriminals to enhance the value of the stolen card numbers and evade fraud detection techniques based upon card user zip codes. Some cybercriminals work with insiders. Insiders are unreliable and unmonitored employees, contractors, or vendors with authorized access to the retailer’s POS infrastructure. The insider can use both access and knowledge of the system to install the skimmer, establish the collection and exfiltration process and software, and either disable, circumvent, or otherwise remain under the visibility of security controls. If the thief is …

Contacts

Chris Curran

Principal and Chief Technologist, PwC US Tel: +1 (214) 754 5055 Email

Vicki Huff Eckert

Global New Business & Innovation Leader Tel: +1 (650) 387 4956 Email

Mark McCaffrey

US Technology, Media and Telecommunications (TMT) Leader Tel: +1 (408) 817 4199 Email