Online credit card theft worse than ever

Retail customers will be in for a harder ride in the future if security is not tightened up at every point in the chain, with research showing a 43 percent increase in retail-focused attacks from the same time last year.

Dell claims SecureWorks managed to stop 91,500 attacks per retail customer in January to September 2011, compared to 63,581 from April through December 2010. CTO Jon Ramsey said in a statement that the web is an ideal attack vector for clients and servers.

One of the biggest threats is the SQL injection. Ramsey said it’s no surprise it proves a popular method. In fact, for criminals, it’s a no-brainer – because it works so well. He mentions the Georgia hacker who recently confessed to pinching 675,000 credit card details.  Exploit kits and Trojans, as usual, also proved popular.

Dell says there are a couple of things retailer CIOs really must do to keep their customer data secure.

First, they’ll need to have a centralised plan in place to keep patch management and security up to date, including on both the servers and the workstations.

Another good idea for a CIO to think about is an authenticated proxy server, Dell said, so the admin can figure out which users have an infected machine or are visiting dodgy web pages.

Again, there’s an element of the obvious, but Dell says employees shouldn’t be downloading executable files, using P2P at work or checking out warez or porn websites.

Meanwhile, security outfit Imperva has stumbled on a forum where credit card details are going for a pittance. 

The credit card numbers come with full details, claims the forum post, including name, address, city, state, zip code, email, expiry date and date of birth.

UK Mastercards details are going for as little as $4 a pop, while a US Visa card sells for $2.