Debit card fraud linked to Global Payments breach

By

Fraudsters hit school cafe.

Debit cards affected by the Global Payments incident have reportedly been used by fraudsters.

Debit card fraud linked to Global Payments breach

Connecticut-based Union Savings Bank told blogger Brian Krebs it had seen an unusual pattern of fraud on a dozen debit cards it had issued, noting that most of the cards had also been used in a café at a nearby school.

When the bank determined that the school was a customer of Global Payments, Union Savings Bank's chief risk officer, Doug Fuller, contacted Visa to alert it of a possible breach at the Atlanta-based processor.

This led to Tony Higgins, then a fraud investigator at a grocery chain in Southern California and Nevada, to detect that fraudsters were buying low-denomination pre-paid cards from the stores and encoding debit card accounts issued by Union Savings Bank onto their magnetic strips.

Those cards were then used to purchase additional pre-paid cards with much higher values, which were then used to buy electronics and other high-priced goods from retailers.

Higgins told Union Savings Bank that the fraud was located mostly in Las Vegas, with other activity in neighbouring states.

Fuller said Visa has alerted Union Savings Bank that around 1000 debit accounts it issued were compromised in the Global Payments breach, including the accounts that initially prompted Union Savings Bank to investigate.

Officials at the bank said it has suffered approximately $US75,000 in fraudulent charges and had spent close to $US10,000 in reissuing customer cards.

Higgins also reported fraud against the Bank of Oklahoma and Fulton Bank of New Jersey to the tune of about 1000 stolen card accounts a week.

Global Payments said the breach could have persisted for eight months and was believed to have originally impacted around 1.4 million cards.

Earlier this month, Global Payments confirmed that it was revalidating its PCI-DSS status after "some card brands" removed it from their lists of PCI-compliant processors.

Initially, Global Payments claimed that only Track 2 data was taken, not including cardholder names, addresses and other data, but Krebs said the Union Savings Bank experience shows that Track 2 data alone is enough for fraudsters to encode the card number and expiration date onto magnetic strips.

These cards can then be used at any merchant that accepts transactions that do not require the cardholder to enter their PIN.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
fraudsecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?