Your credit card got hacked…how did it happen?

We read every day stories about people’s credit cards that were “hacked”.  We put the word hacked in quotes because it’s really not the correct term.  The better word is breached.

Regardless of the what you call it, the bad guys got your credit card number and now you have to jump through a bunch of hoops in order to fix it, from calling the credit card provider, to looking over your statements to see where all the bad guys used your card.

But how did you get here?  Where did the bad guys get your card?  When did it happen?  What method did they use?

First thing’s first.  It most likely didn’t happen recently.  Unless you lost your card, chances are your card was compromised weeks, if not months ago.  So don’t blame the last place that you used your card.  Not only did they probably not have anything to do with it, but you’re also making possibly a slanderous statement against that company and could find yourself in legal trouble.

The card may have been compromised at a merchant who was not PCI Compliant, a requirement for any merchant who takes credit cards.  Unfortunately, many merchants don’t have a clue that they need to be compliant, or under the assumption that they already are, based on wrong information they are receiving from their credit card processor.  Here’s some simple facts:

  •   No breach has ever occurred at a merchant who was 100% PCI Compliant.
  •  All breaches that have occurred were at merchants who were not PCI Compliant.  

The card may have been breached at a gas station or ATM that had a skimmer installed.   This method collects card information for a period of weeks or months.  The bad guys (and girls) then take the numbers and encode them on pre-paid credit cards they purchase at a drug store, and go on shopping sprees.  The length of time between the skimmed cards and the using of the accounts could be a few months.

Banks have become smarter when it comes to compromised accounts.  Many years ago when a card was compromised, the victim would find charges that were made in other states or even other countries.  Today, if there’s suspicious activity on an account, often times the bank will call the account holder and ask them if they are in another state.  If they are not, they will not authorize the transaction.

Because the banks are now monitoring accounts, the bad guys are adapting.  Usually, if a card holder is based in a particular ZIP code, the bad guys will harvest all of the account numbers for that area, then descend on that area and begin to use the compromised accounts in that area.  That raises less suspicion with the banks.  However, the time between the breach and the using of the account can be weeks or months.

Here’s a great article that gives you a very detailed view on credit card breaches.

If you’re a merchant who takes credit cards and are not sure if you’re PCI Compliant, contact PC Medics of Alabama today at 205-201-0389 or via e-mail a for a free consultation.  Our PCI Compliance experts will go over your network and give you recommendations on how to become compliant.

And the most vulnerable software of 2015 is…Apple OS X

In what must come as a shock to many Apple fans, a list of the most vulnerable software of 2015 was just released and Apple OS X led the pack with 384, followed closely by Apple iOS with 375.

The list includes any and all software that is installed on a computer.  A computer is defined here as any device capable of processing data.  This includes, but is not limited to, computers, PCs, smartphones, laptops, servers, tablets, etc.

Operating systems (what makes the device run – like Windows, OS X, Android, Chrome, Linux) were obviously included.

In the past, Microsoft was often been criticized for making software that was vulnerable to attacks, yet in 2015 the first Microsoft entry on the list was Internet Explorer, which has been replaced on the Windows 10 operating system by Microsoft Edge (although IE will still run on Windows 10).

Linux fans have also been big critics of Windows OSs, yet Ubuntu Linux (#11)comes in ahead of Microsoft’s first entry of a PC OS (Windows 8.1 #12).

You’ll see from the list that many programs you use on a daily basis (yet may not be aware that you’re using, since many run in the background allowing you to do certain tasks) like Adobe Flash Player (#2) and Oracle Java RE (#29).

So what exactly does this mean?  It means that you need to keep your system updated, patched, backed up and protected against vulnerabilities like malware.

All of the companies on the list release updates and patches for their software on a regular basis.  Microsoft does it on “Patch Tuesday”, the second Tuesday of the month, or, in the event of a zero-day vulnerability, they may release it sooner.

Apple has their updates, which can be installed automatically, as do Adobe and Google.

But that just addresses patches and updates.  You also need to keep your files backed up.  There are plenty of programs and services out there that help you back up, most automatically.  Don’t know if you need to backup your device?  Just ask yourself one question:  “Is there anything on this device that I can absolutely, positively not live without?”.  If the answer is Yes, then you need to have a backup.  If you’re a business, you don’t have a choice but to backup.

Everything listed is something you can do yourself and it takes only a couple of hours per month if you’re a home user.  If you’re a business user, it might require an IT professional to make sure you’re patched and backed up.  PC Medics of Alabama services both residential and business clients, so contact us today for a free estimate if you don’t want to tackle this yourself.  You can reach PC Medics of Alabama via phone at 205-201-0389 and via e-mail at .