Thursday, January 05, 2012

[czhvsvlu] Honeypot credit cards in customer databases

If you have a database of customer's credit cards, consider also peppering it with honeypot cards which exist nowhere else other than in the database.

Then if any charges show up on such a credit card, you know your database has been compromised, perhaps by hacking.

Maybe make this required by law.

A criminal might circumvent such measures by obtaining two compromised lists of credit cards, and using only those which appear on both lists.   But then, customers could supply unique credit card numbers to each store (CC companies should provide such an ability).  But then, thieves might correlate by name, billing address, and phone number.

No comments :