Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:54 AM
Connect Directly

Hackers Exploit Prepaid Payroll Cards

The long arm of the law caught up with eight Russian and Eastern European hackers. The U.S. Department of Justice alleges they were part of a crime ring that broke into ATMs in hundreds of cities worldwide and stole $9 million in a matter of hours, says The Wall Street Journal.

Prosecutors in Atlanta indicted the hackers, saying this was perhaps the most brazen and damaging electronic bank heist to date. One of the criminals is awaiting extradition from Estonia, while the others remain at large.

At stake in this heist was the encrypted RBS WorldPay computer system, the U.S. payment processing division of Royal Bank of Scotland. The hackers cloned prepaid ATM cards, raised the account limits on the compromised accounts and then used them to withdraw cash from 2,100 ATMs from nearly 300 cities around the world. The operation began Nov. 8, 2008 and took just 12 hours.

Kate Monahan, an analyst with Boston-based Aite Group sees payroll debit cards as an emerging tool for criminals to exploit, just as banks are increasing their use of them to court underbanked consumers. Monahan made some recommendations for banks to keep in mind to further protect their ATM networks. First, she said in a statement, banks need to be more mindful of evolving ATM fraud types and how they much alter the security around their ATM channel.

She also recommended keeping in touch with the ATM vendors.

"Stay in constant contact with your ATM vendors," Monahan said. "Vendors are working with law enforcement officials behind the scenes and are constantly working on improving hardware and software security to better enable their products to withstand potential attacks from criminals."

Marc DeCastro, research manager at Financial Insights, tells BS&T that analytics will be a key weapon for banks as they fight this type of fraud.

"There seems to be no end in the supply of bad guys trying to access bank networks, whether it is the ATM, credit card, or soon probably even mobile. The key will be on analytics to properly identify when breaches have taken place as well as continued efforts on prevention," he says. "Most prevention methods, generally speaking, keep out those that are tempted, but unable to get access--true organized crime networks will likely be able to circumvent most of today's technology over time."

Things will only get worse as the recession drags on, DeCastro comments. "In particular, finding hackers to try and stick it to western financial institutions, for many, seems like a good career path as the opportunities in their home countries are limited," he says. "It is a good sign that indictments have been handed down, but this does not mean that it will slow the attempts by the bad guys. It's just perhaps a short hiccup."

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.