BreachExchange mailing list archives
Banks block thousands of cards: Fraudsters hacked Spanish ATMs for accounts and PINs
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Fri, 27 Nov 2009 14:56:01 -0500
http://www.praguepost.com/business/2921-banks-block-thousands-of-cards.html Clients of four major Czech banks could find their accounts blocked at their next visit to the ATM as a result of the largest bank-card security breach in Czech history. ČSOB, Raiffeisenbank, Česká spořitelna and Volksbank CZ have begun blocking thousands of bank cards for customers who made transactions in Spain in spring and summer this year after it was reported that fraudsters had stolen information necessary to access these accounts, including account numbers and pin codes. Approximately 100,000 accounts in the Czech Republic could be affected by the blockages, according to the Bank Card Association. "In the spring and summer months this year in Spain, there was a relatively extensive data leakage concerning payment cards, probably from a system processor such as an ATM," said Roman Kotlán of the Czech Bank Card Association. "There have been reports of the misuse of stolen data to manufacture counterfeits and make payments to merchants in different parts of the world." Banks will be notifying affected customers over the next days if their accounts have been blocked and will then replace their bank cards at no cost, said Tomáš Kofroň, a spokesman for Raiffeisenbank. According to Kofroň, the bank has blocked hundreds of cards and is now dealing with fewer than 10 clients who have been "more significantly affected," but clients will not be responsible for stolen funds. "The whole process of blocking the account and re-issuing a new card will take about a week," he said. Thieves are alleged to have hacked ATM systems in Spain with software that allowed them to record the pin code and account number of cards entered on the machines, thus allowing them to make reproductions of the card or simply use the information to make purchases elsewhere. Kofroň said the fault of the security breach seems to rest with Spanish ATM companies rather than Czech banks. As a result, the bank is not planning any significant changes in the way it approaches card security, he said. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Banks block thousands of cards: Fraudsters hacked Spanish ATMs for accounts and PINs Jake Kouns (Nov 27)