Weekly News Roundup: August 2, 2013

The news this week was about fraud, fraud, fraud. Be sure to compare your card PIN number to the list of the top 10 most common combinations; evidently fraudsters crack about 25 percent of cards within 20 attempts by simple guessing.

Continue on to get a first-hand account of how one man was duped into helping the bad guys to facilitate fraud against his own card. The scam is more clever than you may think.

Lastly, the UK is following Australia in considering a set of more comprehensive data breach disclosure laws that would force organizations to notify the public when they lose personal data or credit card details. The UK is following the model set by the U.S., which is known for pioneering robust disclosure laws in the early 200s.

TIME – The 10 Worst ATM PINS to Choose – Each year about 7 percent of Americans have their debit cards hacked or stolen and 10% fall victim to credit card fraud. The result is more than $5.5 billion in theft attributed to credit card fraud each year. A new study from DataGenetics, shows that credit and debit card thieves are able to successfully guess more than 25 percent of stolen card PINs within 20 attempts. As it turns out, many people use numeric sequences like “1234″ or “1111″ as their PINs, which makes them vulnerable to hacking. Other popular choices for PINs include birth years, the same digit repeated four times and years made famous by a movie title such as 2012. The least common PIN? 8068.

New Statesman – Why I willingly handed over my credit card and PIN to a fraudster – A first person account of how one man was skimmed, duped and defrauded out of more than £5,500 by a group of scammers in the UK. A clever combination of technology and social engineering helped fool the author to willingly hand over his card and personal details after the fraudsters convinced him they were operating on behalf of his bank.

BobsGuide – Mandatory reporting of cyber-crime needed say MPs – At the moment in the UK banks share data about fraud via the Payments Council and Cifas, meaning they can report the level of fraud and trends can be tracked, but there is no obligation to inform police of attacks and repetitional damage is avoided because there is anonymity. But more public disclosure is being called for, in-line with the mandatory data breach reporting laws that originated in California, and are now seen elsewhere around the world. The same level of openness is now expected from corporate cyber-attack victims. The House of Commons Home Affairs Select Committee cyber-crime report wants to do away with the present cosy arrangement because it believes it leads to significant under-reporting of the cyber-crime problem in the UK and went as far as to recommend that the government “publicly distances itself” from a cyber-crime report commissioned by the Cabinet Office and run by Detica that estimates the cost of online criminality at ‘only’ £27bn.