FBI investigates coordinated ATM scam

By Marcia Savage, Features Editor, Information Security magazine 05 Feb 2009 | SearchFinancialSecurity.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

The FBI is investigating a massive, highly coordinated ATM scam involving cloned payment cards that used data stolen from Atlanta-based payment processor RBS WorldPay.

SearchFinancialSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The attack, which occurred in November in several cities across the country including Atlanta, Chicago and Los Angeles, was well-coordinated, said Special Agent Steve Lazarus of the FBI's Atlanta field office.

"The people who did it are very computer savvy," he said.

He would not say how much money was stolen, but according to published reports, the criminal ring made off with $9 million. The thieves used stolen and cloned payroll debit cards and reloadable gift cards, Lazarus said. Payroll debit cards can be used by employers to pay employees.

Data security breach news: First lawsuit filed in Heartland data security breach: A class action lawsuit was filed against Heartland claiming that the payment processor issued belated and inaccurate statements when it announced a security breach of its systems. Payments processor discloses massive data breach Company says an intrusion of its processing system may be part of a broader fraud operation. Data breach study ties fraud losses to Hannaford, TJX breaches: Experts say breach costs are far reaching and could lead banks and merchants to find alternative payment methods.

Lazarus said the fraud ring involved a large number of people but declined to say how many.

The scam started when hackers broke into RBS WorldPay's computer system and worked with "cashers" who took actual cards to ATMs and withdrew money in timed, coordinated attacks, according to the FBI. The attacks, according to published reports, occurred in a short time period on Nov. 8.

RBS WorldPay, the U.S. payment processing arm of the Royal Bank of Scotland, reported on Dec. 23 that personal information of about 1.5 million pre-paid cardholders and other individuals was compromised when its computer system was hacked. The company said that actual fraud was committed on approximately 100 cards.

Another payment processor, Heartland Payment Systems Inc., disclosed in January that criminals broke into its processing system last year.

Tags: Data breaches and prevention strategies,  Emerging security threats and attacks,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data breaches and prevention strategies Bank computer technician indicted in identity theft scheme Survey: Consumers don't trust banks to keep their data secure ChoicePoint settles with FTC over second data security breach Data breach lawsuit puts spotlight on bank's security measures Google ordered to deactivate Gmail account after bank email error Threat of insider fraud growing with bad economy Data breach protection: Implementing vendor breach safeguards Zeus Trojan hitting banking customers hard TJX settles with banks for $525,000 RBS WorldPay agrees to market VeriFone end-to-end encryption Emerging security threats and attacks ACH fraud scams total $100 million, FBI says FDIC warns of rise in "money mule" schemes FDIC warns of bogus emails Bank Trojan used against German accounts evades antifraud systems Wyoming bank sues Google after bank employee email mishap California man sentenced in online brokerage scam Zeus Trojan hitting banking customers hard FDIC: Educate business customers about the need for security How to combat the insider threat ACH fraud on the rise, experts say

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Governance, Risk and Compliance  (SearchFinancialSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary