funsec mailing list archives
RE: What's up with Citibank?
From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Mon, 6 Mar 2006 15:45:02 -0500
Speaking of ATMs in Russia... It doesn't seem like the exact same thing, but I have encountered some strange things when I was in Russia in January (this is something new because it wasn't like that before...). For some reason ATMs (from different banks) would choke on MasterCard Debit/Credit cards (I had a number of those with me). They did accept the pin, but then when I'd try to perform a transaction it would say something about the account being invalid or give me some number code. It wasn't even possible to view account information. Whenever I tried to call the banks they couldn't tell me anything at all... That makes me wonder... if it's a problem with the ATM networks (in those countries), then people using cards other than from Citibank should be noticing something as well. K. -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]On Behalf Of Fergie Sent: Monday, March 06, 2006 3:11 PM To: funsec () linuxbox org Subject: Re: [funsec] What's up with Citibank? More on this today, both on Boing Boing and over on techdirt.com: http://www.boingboing.net/2006/03/06/citibank_live_richly.html http://www.boingboing.net/2006/03/06/citibank_security_br.html http://techdirt.com/articles/20060306/112200_F.shtml - ferg -- "Fergie" <fergdawg () netzero net> wrote: Via Boing Boing. [snip] BoingBoing pal and Citibank customer Jake Appelbaum tried to withdraw some cash with his ATM card on Saturday night. He initiated his bank account long ago in the US, but was in Toronto, Canada yesterday. Jake explains: "To my surprise, the ATM machine rejected the transaction and urged me to contact my financial institution. The machine also reported on the receipt "INELIGIBLE ACCOUNT." Jake called Citibank's international customer support number, and soon learned that the lockout was part of a much larger fraud crisis -- by no means the only data security issue at Citibank in recent months. Jake continues: "The supervisor identified herself as a manager named Carla ID#CRU194. I identified myself as an upset customer whose account was locked for some unknown reason. She asked me a few questions about my location, my issue and then informed me that my card was suspected of fraud. Naturally, I perked my ears up and asked for details of any fraud. She informed me that there had been no direct fraudulent transactions on my account. Rather, she informed me that the ATM networks of Canada, Russia and the United Kingdom have been compromised. I used the term class break as a question and she repeated that there has been a class break of the ATM networks in those countries. The ATM network in Canada has been compromised and as a result, using my ATM card over the Canadian network locked my account automatically. She informed me that this has been an ongoing issue for the last two weeks. When I asked why there was no media attention, she said she wasn't sure. I said it was a pretty big deal and she agreed. "She informed me that I would have to return to the United States to change my pin number before my card would be valid and in a usable state again. When I informed her that I would be traveling outside of the United States for at least a few months, possibly up to six, she repeated that I would have to re-enter the United States to fix the problem." In other words, if you're a US Citibank customer trying to use your ATM card in Canada, Russia, or the UK right now, you are totally fuxx0red. Citibank didn't handle Jake's problem in a customer-friendly way at all, and it appears they're handling all affected customers with exactly the same procedure. Also, it seems this incident is receiving little media attention, which begs the question: for each massive security breach we do hear about at Citibank or other large financial institutions, how many more occur without our awareness? This February 2 Fresno Bee article appears to be tangentially related, and here's a story about a criminal conviction related to another Citibank bogus ATM scheme from 2004. But you'd think a security incident with the potential to leave thousands of customers stranded overseas without cash would get more notice. WTF? [snip] http://www.boingboing.net/2006/03/05/citibank_under_fraud.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- What's up with Citibank? Fergie (Mar 05)
- <Possible follow-ups>
- Re: What's up with Citibank? Fergie (Mar 06)
- RE: What's up with Citibank? Kyle Quest (Mar 06)
- Re: What's up with Citibank? David Lodge (Mar 06)