A two-year FBI operation led to the arrest of 24 credit cardholder data thieves from eight different countries – the crime ring, dubbed “Operation Card Shop,” involved the buying and selling of stolen identities, credit cards, counterfeit documents and hacking tools, according to DarkReading.com.
One defendant sold malware with remote access tools that allowed hackers to view and remotely control an infected computer. If the user visited a banking website and logged into their account, the hacker could record and use the information to access their account and resources.
Another hacker stole data from internal databases of banks, hotels and several online retailers, and mistakenly sold the credit cardholder data to an undercover FBI agent. Another defendant had information for more than 50,000 credit card accounts that he used to sell counterfeit encoded credit cards. One hacker sold information he stole by hacking into an online hotel booking site – including cardholder names, addresses, Social Security numbers, birthdates, mother’s maiden names and bank account information.
The massive crime ring exemplifies the need to secure databases and credit cardholder data by using a multi-layered approach – the requirements of PCI DSS compliance address many vulnerabilities and areas that can be secured with the right technology. PCI technical requirements include (but might not be limited to):
If you outsource your application and data hosting to a PCI compliant hosting provider that can prove their attestation of compliance, you can ensure credit cardholder data is safe in PCI compliant data centers. What’s a PCI compliant data center? It’s one that has all of the needed physical and logical security in place, and has been audited and found to be in full compliance.