Banks block thousands of cards: Fraudsters hacked Spanish ATMs for accounts and PINs

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.praguepost.com/business/2921-banks-block-thousands-of-cards.html

Clients of four major Czech banks could find their accounts blocked at
their next visit to the ATM as a result of the largest bank-card
security breach in Czech history.

ČSOB, Raiffeisenbank, Česká spořitelna and Volksbank CZ have begun
blocking thousands of bank cards for customers who made transactions
in Spain in spring and summer this year after it was reported that
fraudsters had stolen information necessary to access these accounts,
including account numbers and pin codes. Approximately 100,000
accounts in the Czech Republic could be affected by the blockages,
according to the Bank Card Association.

"In the spring and summer months this year in Spain, there was a
relatively extensive data leakage concerning payment cards, probably
from a system processor such as an ATM," said Roman Kotlán of the
Czech Bank Card Association. "There have been reports of the misuse of
stolen data to manufacture counterfeits and make payments to merchants
in different parts of the world."

Banks will be notifying affected customers over the next days if their
accounts have been blocked and will then replace their bank cards at
no cost, said Tomáš Kofroň, a spokesman for Raiffeisenbank. According
to Kofroň, the bank has blocked hundreds of cards and is now dealing
with fewer than 10 clients who have been "more significantly
affected," but clients will not be responsible for stolen funds.

"The whole process of blocking the account and re-issuing a new card
will take about a week," he said.

Thieves are alleged to have hacked ATM systems in Spain with software
that allowed them to record the pin code and account number of cards
entered on the machines, thus allowing them to make reproductions of
the card or simply use the information to make purchases elsewhere.
Kofroň said the fault of the security breach seems to rest with
Spanish ATM companies rather than Czech banks. As a result, the bank
is not planning any significant changes in the way it approaches card
security, he said.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php