Payment card processors hacked in $45 million fraud
U.S. federal prosecutors indicted eight people accused of running a vast carding scheme
IDG News Service - A vast debit card fraud scheme that allegedly netted US$45 million has been linked to the hacking of credit card processors in the U.S. and India.
Federal prosecutors in New York indicted eight men on Thursday whom they accuse of a scheme centered on raising the limit on prepaid debit cards and then withdrawing the cash from ATMs.
"In such operations, hackers manipulate account balances and in some cases security protocols to effectively eliminate any withdrawal limits on individual accounts," the indictment reads.
"As a result, even a few compromised bank account numbers can result in tremendous financial loss to the victim financial institution," it said.
Payment card processors are typically expected to comply with the Payment Card Industry Data Security Standard (PCI-DSS), a code of best practices created by the card industry designed to prevent hackers from obtaining card details.
In one example, the hackers raised the limit on 12 accounts at the Bank of Muscat, based in Oman. The account details were obtained through a U.S. credit card processor, which handles Visa and MasterCard prepaid debit cards. It was not identified in the indictment.
The account numbers were distributed to people in 24 countries, who encoded the account details onto dummy payment cards that could then be used in ATMs. Around Feb. 19, the Bank of Muscat lost $40 million in less than 24 hours as the people made withdrawals.
A single card's details was used around New York City for an astounding 2,904 withdrawals, amounting to $2.4 million, according to the indictment. The same number was used in other withdrawals worldwide for another $6.5 million.
The Indian credit card processor, which was also not identified, held the details for prepaid Visa and MasterCard debit accounts with the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates.
The limits for five of those accounts were increased, and the card details send to people in 20 countries. More than 4,500 ATM withdrawals were made, causing $5 million in losses, the indictment said.
The defendants are charged in U.S. District Court for the Eastern District of New York with conspiracy to commit access device fraud, money laundering conspiracy and two counts of money laundering.
Those arrested are Jael Mejia Collado, Joan Luis Minier Lara, Evan Jose Pena, Jose Familia Reyes, Elvis Rafael Rodriguez, Emir Yasser Yeje and Chung Yu-Holguin.
An eighth defendant, Alberto Yusi Lajud-Pena, is believed to have been murdered in the Dominican Republic on April 27.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
NSA: Riding on Facebook's horse tail.
The U.S. National Security Agency (NSA) is once again close to denying reports that it is indiscriminately monitoring every computer on planet Earth. This time, the freshest, newest, most recent report of NSA mass-surreptitiousness (courtesy Edward Snowden -- ta) alleges the sneaky agency infects computers with malware via a fake Facebook (NASDAQ:FB) login page.
In IT Blogwatch, bloggers play keep-away with the man-in-the-middle.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Architecting the Network of the Future
- Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- System and Data Protection, Recovery and Availability
- This white paper describes how ARCserve works and the benefits it can provide IT environments of all sizes.
- Simplifying Data Protection, Reducing Risk of Data Loss and System Downtime
- This white paper outlines what IT organizations should look for in a data protection solution, including simplicity and ease of deployment, comprehensive protection,...
- Complexity Ate My Budget
- When it comes to data protection, having multiple point solutions is not the answer. Find out how to gain a holistic view of... All Government IT White Papers
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
- Top 8 Communications Tools for Small Businesses Powerful technology is available to help your small business improve its communications with customers, employees and suppliers. View this free On-Demand Webcast produced...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- All Government IT Webcasts