Exclusive: Cybercrime firm says uncovers six active attacks on U.S. merchants
By Jim Finkle
BOSTON (Reuters) - A cybercrime firm says it has uncovered at least six ongoing attacks at U.S. merchants whose credit card processing systems are infected with the same type of malicious software used to steal data from Target Corp.
Andrew Komarov, chief executive of the cybersecurity firm IntelCrawler, told Reuters that his company has alerted law enforcement, Visa Inc and intelligence teams at several large banks about the findings. He said payment card data was stolen in the attacks, though he didn't know how much.
IntelCrawler's findings are the latest sign that the cyberattacks disclosed by Target Inc and upscale department store Neiman Marcus are part of a wider assault on U.S. retailer customer data security.
On Thursday, the U.S. government and the private security intelligence firm iSIGHT Partners warned merchants and financial services firms that the BlackPOS software used against No. 3 U.S. retailer Target had been used in a string of other breaches at retailers - but did not say how many or identify the victims.
Credit card companies, banks and retailers say that victims of any fraud resulting from the theft of their payment card data bear "zero liability" and will be credited for fraudulent purchases made on their accounts.
"Our rules say five days, but most consumers get (their money) back within 24 hours," Visa spokeswoman Rosetta Jones said.
Yet consumer advocates said that any debit card fraud could result in money being drained from a bank, mutual fund or other cash account at a time when those funds were really needed.
"Even if you are able to recover the money later, that's going to cause you an awful lot of pain and heartburn," said Jamie Court, president of Consumer Watchdog, a nonprofit advocacy group. Continued...