November 2009

Identity Fraud: Why the companies affected are just as criminal


Christmas is approaching fast, but the World's fraudsters don't seem to be in a festive spirit. The payment fraud juggernaut continued to build momentum with a flurry of incidents recorded across Europe and America. There's nothing new or extraordinary in the reported crimes either. Instead, a familiar pattern of ineptitude, carelessness and sheer stupidity on behalf of the authorities and companies remain in question.

We'll start closest to home. The T-Mobile customer records scandal was well publicized in the UK media and drew criticism from the phone operator's customers. Allegedly, a former employee sold the personal details of thousands of customers, including information about when their contracts expired, to a number of 'brokers' who passed the data onto rival networks and other phone retailers.

The Information Commissioner's Office (ICO) announced it was actively investigating the case which involved 'substantial amounts of money changing hands'.

T-mobile claim they are free of any guilt, since they 'approached' the watchdog themselves. A cynic might suggest they were just pre-empting the inevitable onslaught of media criticism when the story emerged. So have T-mobile issued a whole-hearted apology to their customers? Have they promised to assist fully with the investigation or compensate furious clients? Of course not. Instead, a company spokesman expressed 'surprise' that the ICO had gone public with the story. It seems they would have rather swept this unfortunate incident under the carpet and forgot about it.

This isn't the first time a company's staff has sold sensitive data to others in the UK. Fear not though, the Police are investigating all cases. Whether they will solve the mystery in which an unnamed Scotland Yard employee illegally accessed personal details from the Police national computer remains to be seen.

In the USA, they like to go the extra mile and give fraud criminals a helping hand. A Boston-based security consultant found he could purchase second-hand ATM machines containing sensitive transaction data on eBay and Craigslist. For less than $800 (479.003 GBP) Robert Siciliano bought an ATM and extracted a log of hundreds of credit and debit card numbers as well as account details. Siciliano was able to make the purchase anonymously online and even managed to barter down the asking price.

And just in case an inexperienced fraudster gets a little bit confused, there's a manual supplied alongside the machine giving clear instructions on how to access the sensitive data stored inside. Scary, isn't it? In Spain, German authorities recalled more than 100,000 credit cards, the largest retraction in their history, amid fears that crooks had obtained sensitive data via an unnamed payment processing firm. Holidaymakers who used their Visa or Mastercard in Spain could be at risk of fraud following the security breach. Holders of cards issued by Barclays, DKB-Bank and Karstadt-Quelle were among those at risk.

The Volks and Raiffeisenbank banking group recalled as many as 60,000 potentially compromised credit cards as a precautionary measure. However, in a typical fashion, Visa and Mastercard deny any mishaps on their part, and pointed the blame elsewhere in the payment chain.

In a statement, the German Central Credit Card Commission (ZKA) convinced the public saying that the affected cardholders would be notified by their banks and any card fraud case will be properly addressed. Cardholders were advised to check their statements for suspicious transactions. The German banks and savings banks have already started exchanging potentially compromised cards free of charge.

But all hope is not lost. The eight members of an Eastern European crime ring have been charged for their part in the hacking of RBS WorldPay last year. After stealing more than $9m (5,388,786 GBP) in half a day, the men dispatched cashers in 280 cities worldwide to withdraw the money. The suspects were charged with computer fraud, identity theft, conspiracy and device fraud. They could face more than 50 years behind bars as well as being forced to pay back the stolen amount.

It seems as fraudster's methods become increasingly sophisticated, the defence systems in place to thwart them are getting more and more primitive. As long as nobody accepts responsibility, or agrees to do anything about this problem, the crisis will continue to grow. Expect similar reports next month. And even the month after that. Payment fraud is here to stay - we'd better get used to it.

Tom Tainton, – Smartcard & Identity News


21/03/2019 Headlines

France Fines Google $57 Million for European Privacy Rule Breach

Google lacked transparency and clarity in the way it informs users about its handling of personal data and failed to properly obtain their consent for personali.....Read More

New Payment Services Laws Passed in Singapore

New payment services laws have been passed by Singapore's parliament in a move that will streamline existing laws while bringing many new fintech providers into.....Read More

Twitter Warns that Private Tweets were Public for Years

Private tweets sent by users of Twitter's Android app could have been exposed publicly for years.

Twitter said it had discovered a security flaw which me.....Read More

Exchange Loses Big over Airdrop Miscue

Computer glitches are never fun, but when they result in the loss of money, they can be completely debilitating. Coinnest, a cryptocurrency exchange out of Sout.....Read More

Name and Shame Firms with Poor Cyber Security, Government Told

The government should name and shame companies whose cyber security measures fail to protect consumers' data and firms should implement Active Cyber Defence, an.....Read More

Sirin Labs Opens First Blockchain Smartphone Store in London

Sirin Labs has opened the first blockchain smartphone store located in London. The intention is to attract crypto enthusiasts passionate for blockchain and dece.....Read More

Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication