Read more articles in Web Application Security Insights
|
 |
| March 25, 2009 | | The PIN Cash Out Conspiracy is the latest hacker attack on banks | Financial institutions beware – there’s new scam hackers are using against your Websites and databases called the "PIN Cash Out Conspiracy". And it’s costing you millions of dollars. It works like this: - A hacker uses SQL Injection techniques to break into a database-driven Website which resides on a financial institution's network
- Then, they use their access to the bank's systems to locate the ATM database
- If necessary, the hacker alters the PIN for credit / debit cards they are planning on cashing out
- Then the hacker sells the card data to other criminals
- Those criminals create ATM cards using the hacker's information, and drain the accounts
- The hacker receives a percentage of the proceeds – around 10-20%
Call me greedy, but if I was the hacker, I’d ask for a larger cut. During January and February 2008, the US Secret Service revealed they were investigating two such breaches involving this scam and the suspected hacker, Tenenbaum. He was believed to have used this scam against OmniAmerican Credit Union (Fort Worth, Texas), and Global Cash Card (Irvine, California). In April and May of 2008, it is also known that there were breaches of this nature against Symmetrex, a transaction processor in Florida, and First Source Bank in Indiana. Symmetrex cards were used by MetaBank - with branches in Iowa and South Dakota. Actual losses of more than $4 Million were experienced just by those brands. by
Douglas Simpson, Security Engineer
DSimpson@cenzic.com | | |
|
|
