View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 14, 2014

The reason one IT security expert refuses to use debit cards

The personal data of as many as 70 million Americans was breached in December.

By Duncan Macrae

An IT security specialist has revealed he refuses to use debit cards with PINs due to his fear of malware attacks.

Chris Wysopal, co-founder and CTO at application security tester Veracode, made the comments following the revelation that Target retail businesses suffered a data breach in December. And, more recently, it was revealed that the personal details of nearly a third of US adults thought to have been stolen.

As many as 70 million people are believed to have had their phone numbers, email and home addresses taken – almost double the 40 million credit and debit cards initially thought to be affected.

Wysopal said: "I don’t use debit cards with PINs because I fear this type of attack compromising my card and PIN. Customers need to scrutinise their bank statements."

"This was obviously a very sophisticated attack given the timing which is perfect for collecting the most amount of card data in a short period of time."

He surmised that the malware was likely customised for the type of POS terminals Target uses.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

He added: "We don’t know yet how the malware got on the terminals. At least part of Targets network must be compromised. For the TJX attack the attackers got in through insecure wireless networks. That’s not likely how they did it here. More likely it was a phishing attack or they got in through an insecure web application."

Sam Maccherola, VP and general manager EMEA/APAC at Guidance Software, thinks Europeans should be reasonably safe from such attacks, though.

He explained: "This attack should not cause undue concern in Europe, where chip and pin is in place. Nor should it cause undue anxiety around online purchasing – the security around your web browser and the credit card processors is strong, well understood and the information sent is usually insufficient to allow a card to be cloned for any other purpose than online use. For this purpose, many credit card issuers now offer single use numbers for online use.

"Much will be learnt from this attack, both by retailers and POS system providers. Hopefully it will result in a more proactive stance in identifying Advanced Persistent Threats using policy lockdowns, baseline deviation analysis and using the operational assumption that their network is already breached."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.