Women and DUIs, Storybook houses, FLOTUS in China, On the Lot

DMV investigating possible credit card data breach

dmv

Robyn Beck/AFP/Getty Images

People wait in line outside of the State of California Department of Motor Vehicles (DMV) in Los Angeles, California on February 13, 2009. The DMV announced that a possible credit card breach may have taken place with its online payment system.

Standing in line at the DMV may seem a little more appealing today.

If you've ever made an online payment with the DMV-- maybe to register your car or buy a custom license plate-- you may have cause for concern.

Over the weekend, the California Department of Motor Vehicles said it's investigating a possible credit card data breach involving its online payment system.

RELATED: MasterCard investigates report of California DMV breach

KrebsOnSecurity.com was the first to report the possible breach, which it says involved online payments from Aug. 2, 2013, to Jan. 31, 2014.

DMV officials said that while so far there's no evidence that the department's computer system has been hacked, they are investigating the possibility of a data breach from the outside vendor they use to process online credit card payments or from the credit card companies themselves.

To talk about the potential security breach, William J. Kresse, a fraud and identity theft expert at St. Xavier University in Chicago, joined Take Two. 

INTERVIEW HIGHLIGHTS

What did the alert say?

There is a possibility that numerous credit cards issued by various banks had been compromised. The banks monitor credit card activity and there are also firms that monitor what are essentially black market sites on the Internet where credit card data is bought and sold. And when they find numbers or cards have been compromised they look at the activity on those cards and try to trace them back to a common denominator. And what they found was they had all been used on the California DMV website to renew licenses, etc.

So, essentially, there’s nothing to worry about but there might be?

We don’t know how they broke in or how they hacked the site or even what site got hacked. Was it the DMV site or was it the vendor that they use to process their credit card transactions? The DMV seemed to be indicating that it was their outside credit card processor, a division of US Bank, but we’re really not sure yet.

The DMV has a lot of other info: Driver’s License number, address, SSN. Any chance that might be compromised too?

Right now there’s no indication that has occurred but I will caution you that with the Target data breach there was first a report of stealing of the credit card data and then it was during the conduct of the forensic investigation that they realized someone broke into the Target database and stole names, addresses, email addresses, etc. Hopefully that won’t occur. In my opinion it hasn’t because if somebody had broken into the DMV’s database we’d see a lot more activity on these black market websites than we currently are seeing.

On where the breach originated:

Well the DMV seems to be pointing their finger at the credit card servicing firm they use and that might be it. It’s Elavon, a division of US Bank. If that’s where the problem is that would get the DMV a little off the hook, but if it’s Elavon, they service credit cards for lots of folks out there. So maybe an actual bigger problem than anyone anticipated.

So maybe it’s good to stand in line at the DMV once in a while?

You know, it’s funny, I’m ‘Professor Fraud’ the identity theft expert and I’ve been paying in cash a lot more lately. 


blog comments powered by Disqus