Nytro Posted November 20, 2014 Report Posted November 20, 2014 Brazilian banks lost a great chance to be ahead in Security The biggest Brazilian TV channel, presents on last Sunday, a story about carders gang responsible for the “first EVM clone” case. According reporter, the gang had a hacker, called “director” by a member of gang, which was responsible for technology. Then the other members changed electronic circuits on point-of-sales machines to store pin and card during a transaction. After some days, carders collect data using Bluetooth and then clone chip information to blank cards. That is enough to begin to take money on ATM and buying at some electronic stores.The gang members bought electronics goods, spent money on nightlife and bought a house with estimated value of USD 500,000.00 on Rio de Janeiro, using money raised on frauds. The victims that claimed for the items not bought had reimbursement denied because according banking the pin and chip combination “cannot” be violated.During story, the FEBRABAN director said this situation only occurs with bank institutions that did not implement full security features, available on EVM technology. Also affirmed that in 2014, all Brazilian banks has implemented full security.Why you did not implemented this before?That is a good question and we probably know the response. It is not because they did not have knowledge about that security features. It is probably because it is faster and cheaper to implement without all features. That is what we called “Security by obscurity”, when they think it is safe just because the common people does not know how that stuff works.Another dictate says “Cheap is Expensive” and this kind of frauds has been classified as money loss. Unfortunately, accountants cannot calculate the client loss with time calling customer center and angry to take care on an issue that is not his responsibility.This formula is repeatedly used in many places, where they prefer to delivery something fast and unsafe or with minimal security. Sometimes, the absence of human resources to do the job may be the reason for some enterprises.Cyber Manifesto for Security ChangesOne of items listed on Cyber Manifesto for Security Changes, is to call business administrators for security governance. Looks like obvious, if you run a business, you should care with security of your customers and business but the daily reality is different as we can see with this TV story.The absence of security, alarms US bank institutions that is planning the deliverable of EVM cards on next year. A fraud seen in Brazil, can be quickly used in Europe or North America, faster than the solution to solve it. In terms of fraud, the Brazilians are on top of list, because as well said by Fabio Assolini – “Brazil has some of the most creative and active criminals specializing in credit card cloning” – in his article called Tips for using ATMs and avoiding credit card cloning.Brazil has some of the most creative and active criminals specializing in credit card cloning – Fabio AssoliniConclusionOne more time, companies lost opportunity to protect itself before bad things happens. Many times, we, security professionals avoid treating business like a lotto or a casino roulette, but sometimes we need to take risks due a small budget. Pay attention when we alert about fraud risk and let Information Security help the business to grow healthy.Image Credit:Claran McGuigganSursa: https://www.linkedin.com/today/post/article/20141118004108-8638059-brazilian-banks-lost-a-great-chance-to-be-ahead-in-security Quote
