Eastern Europe gets a bad rap when it comes to payment card data security, but the region does not experience considerably more hacking-attack incidents than do other parts of the world. But it is a main source of such incidents, an industry analyst contends.
Though Visa Europe and Romania’s state-owned CEC Bank continue to investigate a payment card security breach reported last week, hackers do not view Eastern European banks as relatively easy prey, Zil Bareisis, a London-based senior analyst for research firm Celent, tells PaymentsSource.
“If anything, the recent breach being investigated by Visa demonstrates that all countries and regions are susceptible to data breaches,” he says.
However, Eastern Europe has a reputation that most other parts of the country would not want, Bareisis adds. “Eastern Europe does stand out as an originator and a source of hacking attacks,” he notes.
A recent Verizon Communications data-breach report for 2010 found that external agents (those outside of the organization being attacked) commit 92% of all data breaches, and Eastern Europe accounts for 65% of all external breaches, Bareisis notes.
Recent advances in Internet Protocol address geolocation technology has helped pinpoint where the actual hackers reside, resulting in a “striking jump” in the percentage of incidents originating from Eastern Europe, the Verizon study stated.
The increase was not surprising because widespread and prolific cyber attacks on card data long were suspected to originate from organized crime in Eastern Europe, the report indicated.
Neither Visa Europe nor Bucharest-based CEC have said which countries were affected by the most recent breach.
After the Romanian Banks Association informed media of the breach on Dec. 14, CEC issued a statement on its website informing cardholders of the bank’s plan to block 17,000 cards that possibly were compromised and to reissue new cards and PINs at no cost to bank customers.
The cards issued by banks in Romania and abroad may have been compromised through an international database, according to CEC, which specializes in commercial and investment banking.
CEC assured its customers that the bank’s security system was not compromised, and Visa Europe reportedly advised the bank that hackers likely breached the system of a European payment processor.
Visa Europe did not name the processor and said it could not comment about the incident because it is using a third party to investigate the matter. In a statement last week, the card association said it was working closely with its member banks to ensure cardholder data are protected.
European media and bloggers were quick to speculate last week that the European Union would impose big fines on Visa Europe for the security breach at a time when the region is preparing to introduce stricter guidelines and more governing power for itself in the area of combating data-security attacks.
