Media Release: Seven arrested in Australia’s largest credit card data theft investigation

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.afp.gov.au/media-centre/news/afp/2012/november/seven-arrested-in-australias-largest-credit-card-data-theft-investigation.aspx

Release Date: Thursday, November 29 2012, 09:30 AM

This is a joint media release between the AFP, ABA and Abacus

A joint international criminal investigation has yesterday resulted in
seven people being charged in Romania for the largest credit card data
theft in Australia’s history.

The criminal syndicate had access to 500 000 Australian credit cards
and approximately 30 000 credit cards have been used for fraudulent
transactions amounting to more than $30 million.

The investigation codenamed Operation Lino, started in June 2011 when
the Australian Federal Police (AFP) received a referral from an
Australian financial institution related to suspicious credit card
transactions.

Stolen credit card data was being used to create false credit cards,
enabling thousands of counterfeit transactions to be carried out in
numerous overseas locations including Europe, Hong Kong, Australia and
the United States.

After the AFP identified the cause of the data compromise, the
investigation grew to involve numerous international law enforcement
partners and the Australian banking and finance sector also provided
strong support.

The operation came to resolution yesterday in Romania when 16 people
were detained across Romania, seven of which were arrested and as a
result, the criminal syndicate was successfully shut down. The AFP
worked closely with Romanian authorities throughout the resolution and
will continue to provide support during the prosecution phase in
Romania.

No Australian credit card holders lost money as a result of these
fraudulent transactions. Australian financial institutions reimbursed
the financial losses of cardholders.

AFP Manager for Cyber Crime Operations, Commander Glen McEwen said
that today’s arrests are the result of significant cooperation across
law enforcement and the financial industry.

“This is the largest data breach investigation ever undertaken by
Australian law enforcement.

“Without the cooperation of 13 other countries, along with Australia’s
banking and finance sector, we would not have been able to track these
illegal transactions to the criminal network in Romania. Today’s
successful outcome is a culmination of 17 months of hard work with
these partners.”

“Following initial inquiries, the AFP entered into a joint
investigation with the Romanian National Police in March of this year,
leading to these arrests,” said Commander McEwen.”

Steven Münchenberg, Chief Executive of the Australian Bankers’
Association (ABA), said, “We congratulate the police on their efforts
on this fraud investigation.”

“Banks have advanced monitoring systems to prevent fraud and in this
case, they contacted customers when suspicious transactions occurred.
Often banks will take immediate action to protect the account, stop
transactions and cancel cards when it is confirmed that fraud may have
been perpetrated,” Mr Münchenberg said.

Abacus Australian Mutuals CEO Louise Petschler said today’s
developments show that cyber crime is a global enterprise.

“It underlines how a coordinated approach by law enforcement agencies,
financial institutions, merchants and consumers can help fight card
fraud. We all have a role to play to ensure credit card transactions
are safe and secure,” Ms Petschler said.

“Policing is only one part of the solution to stop data compromises –
credit cards should be kept in a secure place, ATMS should be checked
for any unusual attachments, personal details including PIN numbers
should be protected, financial statements should be checked
continuously, mail boxes should be secured and if possible, ‘chip and
pin’ security implemented on credit cards,” Commander McEwen said.

For more about security and fraud prevention, visit the ABA’s website:
http://www.bankers.asn.au/Consumers/Security-and-Fraud-Prevention.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.