Markets are powerful things. Look at how eBay changed the world by creating a market for old stuff. Over a million people reportedly make most of their income from selling stuff on eBay. I have been writing and talking about the market for identities for a year now. I think it is important to point out that this market is the biggest driver in the rise of cyber crime right now.
Now that there is a market for identities (you can buy and sell them online at various forums) every place where identities, especially credit card info, are captured or stored becomes a target. The Stop and Shop case is the most prominent right now. A small gang walked into retail outlets late at night and actually replaced the card swipe machines at the check out counters with their own devices that stored the date from every card swiped, including the PIN number for debit cards.
Stop and Shop's stop-gap solution is to bolt the card swipe devices down which is good but they have to think beyond that. Every retailer has to think through the security of their card swipe systems. It won't be long before video cameras can be used to grab images of the card and watch PIN numbers being entered. Are you ready for that?
Here is a simple way to start adjusting your security thinking when it comes to identities. Think of every single record as one euro hard cash. (Why a euro? It's worth more and is closer to the street price of a credit card record). If you have a database of twenty million credit cards somewhere on one of your servers do you feel comfortable with your data base analysts and accountants sorting through twenty million euros every day? Aren't you worried some or all of them will slip into their pockets?
Start thinking this way and you will start to understand what is needed to to protect identities.
-Network Security Blog, ThreatChaos-