The recent rash of retail breaches reveals a number of weaknesses in point-of-sale systems and payment gateways. Failures in PCI DSS and security practices in retail industry as a whole provided a number of opportunities for organized criminal syndicates to take advantage and exploit weaknesses. However, the blame is not solely on the retailers, but also the credit card industry itself for making these breaches and related credit card fraud so easy and lucrative for criminals. The ease of fraud increased demand for stolen credit cards and in turn increased resources allocated to attack US retailers.
This presentation will take a systemic look at not only the technical factors of how these retailers were breached and weaknesses of PCI DSS, but also how underground economies, fraud and geo politics empowered and emboldened criminal syndicates to help created a perfect storm. I will also discuss how the Secret Service and law enforcement knew about breaches before the compromised retailers and how chip and PIN technology will only have a limited impact on fraud once implemented.