Earlier this week Roman Valerevich Seleznev, a Russian national was arrested in Guam by federal law enforcement officers. He is charged with hacking into cash register systems at various retailers in the United States during the years 2009 through 2011. According to his indictment, Seleznev would scan the computers of retailers throughout the United States looking for vulnerabilities which he would exploit through malware that he would interject into the computer systems of these vulnerable retailers, which would capture credit card data which Seleznev would then sell online to other criminals. The Secret Service says that he stole the data from more than 200,000 credit cards and made more than two million dollars selling this card data on black market websites. Presently he is being held in custody in Guam and will have his next day in court in two weeks. Complicating the situation is that Seleznev is the son of a prominent Russian politician. The Russian government is calling the arrest an illegal kidnapping.
What does this arrest mean to you and me? It is more of a reminder of how large the problem is. Hacking into retailers at point of sale terminals in stores has become a relatively easy task to accomplish and not only is it easy to accomplish, it does not even have to be done at the store. It can be done totally over the Internet by hackers anywhere in the world. Credit card fraud is worse in the United States than in most of the rest of the world because we still have not adopted the smart card technology by which credit cards carry a computer chip that issues a new identifying number every time it is used which makes the stealing of the number used at any particular transaction worthless. The hacking of point of sale terminals will be an exercise in futility when we finally start using smart cards in large numbers. However, it is not expected that this will be done in the United States until October of 2015 when through a change in the rules governing credit card usage, companies whose point of sale terminals are hacked will be responsible for data thefts. Until that time, the best you can do is to refrain from using your debit card for retail purchases so that your bank account is not at risk in a hacking attack. You also should monitor your credit card’s use regularly to note any fraudulent use so that you can limit the damage.