Thursday, January 22, 2009

Heartland Payment Systems - Quick Point...

A quick point here, and this is frustrating me so much I had to write about it... why is everyone focusing on the data breach rather than the possibly massive resultant fraud? I haven't read a single good article that does anything more than mention 100MM accounts stolen and can't seem to get past the vastness of the numbers in this case... but everyone I've read today (and that is a lot) completely neglects to mention the sheer economics of it!

For your consideration:
  • 100,000,000 account records
  • 3% fraud, guessing conservatively
  • $500/incident of fraud
(100,000,000 x 0.03) x $500 = $1,500,000,000 -->$1.5Bn

So, guessing conservatively* this is potentially a $1.5Bn security incident... why is no one focusing on this?

*In case you wonder where I'm getting my numbers, I'm using statistics I've picked up from the 3 years I worked in IT Security & Risk for one of the largest card private-brand issuers on the planet... and although they are >1yr old, I suspect these statistics will hold true. If someone out there has a better guess, more accurate that is, please correct me.

1 comment:

Nick Bell said...

Ouch...looking forward to seeing the full outcome of the investigation!