Debit card fraud linked to Global Payments breach

Powered by SC Magazine
 

Fraudsters hit school cafe.

Debit cards affected by the Global Payments incident have reportedly been used by fraudsters.

Connecticut-based Union Savings Bank told blogger Brian Krebs it had seen an unusual pattern of fraud on a dozen debit cards it had issued, noting that most of the cards had also been used in a café at a nearby school.

When the bank determined that the school was a customer of Global Payments, Union Savings Bank's chief risk officer, Doug Fuller, contacted Visa to alert it of a possible breach at the Atlanta-based processor.

This led to Tony Higgins, then a fraud investigator at a grocery chain in Southern California and Nevada, to detect that fraudsters were buying low-denomination pre-paid cards from the stores and encoding debit card accounts issued by Union Savings Bank onto their magnetic strips.

Those cards were then used to purchase additional pre-paid cards with much higher values, which were then used to buy electronics and other high-priced goods from retailers.

Higgins told Union Savings Bank that the fraud was located mostly in Las Vegas, with other activity in neighbouring states.

Fuller said Visa has alerted Union Savings Bank that around 1000 debit accounts it issued were compromised in the Global Payments breach, including the accounts that initially prompted Union Savings Bank to investigate.

Officials at the bank said it has suffered approximately $US75,000 in fraudulent charges and had spent close to $US10,000 in reissuing customer cards.

Higgins also reported fraud against the Bank of Oklahoma and Fulton Bank of New Jersey to the tune of about 1000 stolen card accounts a week.

Global Payments said the breach could have persisted for eight months and was believed to have originally impacted around 1.4 million cards.

Earlier this month, Global Payments confirmed that it was revalidating its PCI-DSS status after "some card brands" removed it from their lists of PCI-compliant processors.

Initially, Global Payments claimed that only Track 2 data was taken, not including cardholder names, addresses and other data, but Krebs said the Union Savings Bank experience shows that Track 2 data alone is enough for fraudsters to encode the card number and expiration date onto magnetic strips.

These cards can then be used at any merchant that accepts transactions that do not require the cardholder to enter their PIN.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition


Debit card fraud linked to Global Payments breach
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1783

Vote
Do you support the abolition of the Office of the Information Commissioner?