In Brian Krebs' most recent blog, he touches on the false positive problem, something that has plagued those of us in intrusion detection since the very beginning.
However, in the shadow of massive card thefts like the one that occurred at Target, false positives abound, Sartin said. The problem of false positives often come from small institutions that may not have a broader perspective on how far a breach like Target can overlap with purchasing patterns at similar retailers.
And that can lead to a costly and frustrating situation for many retailers, particularly if enough banks report the errant finding to Visa, MasterCard and other card associations. ...
I wonder if these banks and retailers use (or should use) honeypot credit cards – cards swiped every day by employees at retailers but only used at a single retailer. If the card information shows up anywhere, they'll know the exact path where the compromise could have happened.