We are making our clients and friends aware of several cybersecurity threats we’ve seen in our recent travels, work with clients, and in our ongoing dialogue with bankers, law enforcement, regulators, and technology services providers.
What Have We Seen?
Significant threats to banks’ ATM, debit card, credit card, and bill payment services that range from:
  1. Massive unauthorized withdrawals from ATMs using fake cards. For example, a Virginia bank was hit with a $2.4 million loss due to two such intrusions over an eight-month period.
  2. Unauthorized access to banks’ debit card processor administrative platforms where hackers have turned off or manipulated controls. See #1.
  3. Credit card fraud using fake cards in foreign countries at willing or bogus merchants. For example, a customer credit card was used for over $80,000 in fraudulent transactions in a 37-minute period, despite the bank having fraud detection in place with the credit card processor and the customer getting an alert on his smartphone and responding that “NO” the transactions were not being initiated by him.
  4. Bill pay fraud where new payees are set up on the banks’ bill pay service and fraudulent transactions are initiated. For example, one case involved an attempted $120,000 in transactions from one customer account.

Why Are We Letting You Know?

Click here for more details.