The value of Payment Card Data

Question 1

Top targeted industries for stealing payment card data

Answer 1

• Retail
• Information/Financial
• Food Services
• Hospitality/ Accommodation

Question 2

What are the methods being used to remove stolen data from the environment?

Answer 2

• use of stolen credentials to access the POS environment
• use of backdoor/ command-and-control (C2)
• The use of default or static vendor credentials/ Brute force
• POS skimming malware being installed on POS controllers
• POI physical skimming devices

Question 3

How Data is Targeted?

Answer 3

• Skimming

- Phishing

Question 4

Skimming

Answer 4

Copying payment card numbers either by tampering with:

• POS Devices
• ATMs
• Kiosks

Or by copying the card’s magnetic stripe manually using handheld skimmers

Question 5

Phishing

Answer 5

1- Reconnaissance
2- Social Engineering
3- Break-In

Question 6

• Information gathering from various online sources and social networking sites.
• Business applications and software

Answer 6

Reconnaissance

Question 7

• Phishing emails or messages coming from a target’s social network
• Phone calla from assumed known entity

Answer 7

Social Engineering

Question 8

• Delivery through email

- Software Vulnerabilities

Answer 8

Break-In

Question 9

Common methods for monetizing stolen card data

Answer 9

• Skimmed full track data and transaction information used to replicate a physical payment card, which can then be used for fraudulent transactions in face-to-face environments, or ATM transactions
• Captured cardholder data is used where not-present transactions are accepted, such as e-commerce or mail-order/ telephone order (MO/TO) transactions
• Stolen cardholder data and sensitive authentication data are sold in bulk to other criminals who perform their own fraud using the stolen data