Topic: Credit card frauds (Read 1646 times)

In first post I wrote about personal savings accounts of those people who appeared on Indian Blomberg channel.

If am correct, these were the pre-paid debit cards. These work differently than the regular credit / debit cards. In this particular incident, customers didnot loose money but instead banks did. I know this since the some members of the gang were based out of New York.

Usually, in the era of outsourcing as well, all the account details of a credit card customer including customer's PII (personally identifiable information) max withdrawal limit, account status etc etc is stored within the bank's network infrastructure. If at all any part of it is outsourced to any third party, then it would be just card manufacturing (but within a high security and cctv'ed location) and customer support services.

However, it is not the case in the pre-paid cards (atleast until this attack). Since pre-paid cards were seen as a low margin secondary market to credit cards, banks wanted to be in the market of pre-paid cards but the overhead to maintain that offering was more than their profits. So they outsourced everything to the companies like electracard. (Like how SBI cards has outsourced it to GE in India)
Now all the account details of a pre-paid card customer including customer's PII (personally identifiable information) max withdrawal limit, account status etc was stored on the servers of the outsourced company.

Since it is far more difficult to get into a bank network than the network of companies like these, the hackers took advantage of this loophole and what they did was.

They was a team operating from cayman islands or puerto rico or some island where extradition to US is not possible.
They had already hacked into electracard long ago and had a backdoor access.
The team in New York and other parts of USA brought a few hundred pre-paid cards, the hacking team went and increased the withdrawal limit of those cards into a very high number allowing the guys in USA to have literally unlimited withdrawal.
Then these guys changed locations and kept withdrawing the money from ATM's, shopped for things like ARMANI, GUCCI and SAKS products in New York's costly 5th Avenue (Just so that you don't know 5th Ave, here handbags and other accessories for women start from around ~$4,000.00 USD) and these products were then sold on international ebay by others or exported to other countries.

This attack showed everyone a loophole in outsourcing. AFAIK, none of the customer's account / cards were compromised or misused. The only entity that lost money was the banks (or their insurance companies if they had them insured). And am sure, VISA / MasterCard will impose fine on these banks as this process had to be checked as per PCI guidelines (Payment Card Industry) which the banks didn't.

Just my 2 satoshi's 

Have you seen the company that the bank outsourced to?

Makes you wonder if anyone does any due diligence.

http://english.samaylive.com/business-news/676529569/-45m-global-atm-heist-cyber-cheats-hacked-pune-bangalore-compani.html

never heard of that

yup banks  get hacked  all the time.
What about that case of $45mill stolen in credit cards from the payment processing  company in Bangalore.

Banks have good PR guys  covering their  asses. 

    Some times ago there was program on Indian Bloomberg channel showcasing different people from different Indian cities whos accounts been cleaned for lakhs of rupees. Scenario all the same, for example credit card of person in Chennai been used in far away land of Brazil to withdraw money in ATM.  All those people never been in those wonderful far away lands and filed complains with respected banks (HDFC, Standard Chartered, City bank) and did what they can to get their money back. Non of them succeed.

    Banks issued standard reply, because correct PIN been used to withdraw money, it is your fault and we will not give you your money back. What they trying to say, keep your PIN secret dont reveal to strangers, colleges or even your kids. That mean banks did everything to keep your PIN safe and if your PIN been stolen from you and you lost money it is your fault.

And this statement is not correct!!!

Fact is that credit card information as well as PIN been stolen from BANK ITSELF!!!

Banks know that of course, but covering up and putting responsibility and losses on customers.

Think well if you keeping money in banks, your account can be next. I just hope it will be unlimited withdrawal. Unlimited withdrawals it is when limits on withdrawal from some account become unlimited and perpetrators can withdraw any amount what they can practically only manage in reasonable time frame.

That is a big case in favor of bitcoins. There is some official documents available on Internet describing this kind of frauds in great detail.