RSS Alerts

Share

More services

Related Stories

  • Credit Card Transactions: Held to a Higher Standard
    There are numerous access points for thieves to make off with credit data, with just as many fraud techniques available. Drew Amorosi surveyed experts in the field to get their opinions on fraud trends, the effectiveness of standards, and what can be done to protect merchants and customers alike, and not just the ‘five families’ of the credit card Cosa Nostra.
  • Data Breach Spring
    Infosecurity’s Drew Amorosi examines three data breach incidents from the past few months that, by their nature, keep security vendors in business, regulators busy, and CISOs up at night. Find out why industry observers think this rash of massive breaches could lead to a ‘PCI for consumer privacy’
  • Tightening the purse strings on information security
    As the recession continues to chew into information security budgets, and cyber criminals see increased opportunity for looting, CIOs must ensure that defenses remain strong and affordable, even if this means a little bargaining. Stephen Pritchard looks at how organizations can negotiate the rough seas ahead.
  • Mysterious Florida ATM heist nets cybercriminals $13 million
    A mysterious ATM heist involving just 22 pre-paid debit cards - and hackers allegedly altering the maximum daily withdrawal limits - has reportedly lost an American bank around $13 million.
  • All Eyes on CSI: Cyberspace
    In an ever-changing world, the way crimes are committed, and subsequently investigated, must also change. Lauren Moraski takes us inside the world of modern-day cybercrime forensic investigation

Top 5 Stories

News

$9m lifted in RBS Worldpay ATM heist

04 February 2009

The FBI is investigating a $9m large-scale ATM fraud using cards cloned from US card processor RBS Worldpay.

On November 8, a co-ordinated attack on 130 ATM machines in 49 cities enabled 'cashers' - low-level operatives probably recruited by higher-level criminals - to take $9m using cloned cards.

The attack happened just two days before the Royal Bank of Scotland subsidiary discovered the data breach, focusing on data from its payroll and open loop giftcard business. The stolen data enabled the criminals to clone the cards. Fraud had been committed on 100 cards, said the company at the time. However, the hackers were able to repeatedly reset the limit on the cards used, so that they could be used to extract large amounts of money in a very short time period. Cashers operated in cities from the US through to Russia and Asia.

Payroll cards can be used just like conventional debit and credit cards, in ATM machines, for point of sale and online purchases, and for paying bills. The cards are pre-loaded with funds by employers as a means of paying employees. The card processor is resetting the PINs on affected cards, although it is worth noting that the chip and PIN technology that would be used to stop physical fraud with the cards by referencing a microchip during a cardholder-present purchase has not yet been widely deployed in the US.

The FBI are trying to find two suspected cashers filmed withdrawing cash in Atlanta.

The breach was discovered almost three months ago, although a letter provided by the company suggests that affected individuals were not notified until six weeks later. The breach could have led to the compromise of 1.5m cardholders' personal information, including 1.1m social security numbers. No identity theft from the breach has yet been discovered, but RBS Worldpay has offered a year's free credit protection to affected parties.

Last month, a class action lawsuit was filed against RBS Worldpay for failing to protect customers' sensitive information.

This article is featured in:
Identity and Access Management  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012