Home Depot Reports Possible Credit Card Breach

Data security experts started weighing in yesterday with their thoughts on the matter.

Daniel Ingevaldson, CTO of Easy Solutions, a security vendor focused on the detection and prevention of electronic fraud, said in a statement that the latest retail breach at Home Depot has turned attention to credit card black markets — i.e., the clearinghouses that sell these stolen cards to the highest bidder. These clearinghouses, however, are becoming less and less of a threat.

“Black market sites used to allow you to 'test' a stolen card, charging a small amount on it before committing to purchase, in order to prove it was a valid card,” Ingevaldson said. “Since the Target breach, banks have improved their detection methods to look for these kinds of charges (as an indication of likely potential new fraud), so these sites no longer offer this service.”

In addition, he said more banks are monitoring the black markets themselves, either on their own or through services, as an early warning system for stolen cards.

Ingevaldson said that he expects “we'll continue to see these large-scale retail breaches continue as a result of wide-open POS devices, combined with the incredible difficulty of discovering a large, sophisticated breach.”

However, banks and retailers are becoming faster to respond to such breaches and are improving their detection methods, “thereby shortening the window of opportunity for these criminals, and reducing the exposure and hassle to consumers,” said Ingevaldson.

Seth Ruden, a senior fraud consultant at payment solutions company ACI Worldwide, said in a statement that the data breach impacting Home Depot “should serve to increase the pressure to migrate to the EMV chip card standard and help to reinforce the need that we have for stepped-up security in payments, especially in the U.S., where we currently lag behind our peers.”