November 2009

Identity Fraud: Why the companies affected are just as criminal


Christmas is approaching fast, but the World's fraudsters don't seem to be in a festive spirit. The payment fraud juggernaut continued to build momentum with a flurry of incidents recorded across Europe and America. There's nothing new or extraordinary in the reported crimes either. Instead, a familiar pattern of ineptitude, carelessness and sheer stupidity on behalf of the authorities and companies remain in question.

We'll start closest to home. The T-Mobile customer records scandal was well publicized in the UK media and drew criticism from the phone operator's customers. Allegedly, a former employee sold the personal details of thousands of customers, including information about when their contracts expired, to a number of 'brokers' who passed the data onto rival networks and other phone retailers.

The Information Commissioner's Office (ICO) announced it was actively investigating the case which involved 'substantial amounts of money changing hands'.

T-mobile claim they are free of any guilt, since they 'approached' the watchdog themselves. A cynic might suggest they were just pre-empting the inevitable onslaught of media criticism when the story emerged. So have T-mobile issued a whole-hearted apology to their customers? Have they promised to assist fully with the investigation or compensate furious clients? Of course not. Instead, a company spokesman expressed 'surprise' that the ICO had gone public with the story. It seems they would have rather swept this unfortunate incident under the carpet and forgot about it.

This isn't the first time a company's staff has sold sensitive data to others in the UK. Fear not though, the Police are investigating all cases. Whether they will solve the mystery in which an unnamed Scotland Yard employee illegally accessed personal details from the Police national computer remains to be seen.

In the USA, they like to go the extra mile and give fraud criminals a helping hand. A Boston-based security consultant found he could purchase second-hand ATM machines containing sensitive transaction data on eBay and Craigslist. For less than $800 (479.003 GBP) Robert Siciliano bought an ATM and extracted a log of hundreds of credit and debit card numbers as well as account details. Siciliano was able to make the purchase anonymously online and even managed to barter down the asking price.

And just in case an inexperienced fraudster gets a little bit confused, there's a manual supplied alongside the machine giving clear instructions on how to access the sensitive data stored inside. Scary, isn't it? In Spain, German authorities recalled more than 100,000 credit cards, the largest retraction in their history, amid fears that crooks had obtained sensitive data via an unnamed payment processing firm. Holidaymakers who used their Visa or Mastercard in Spain could be at risk of fraud following the security breach. Holders of cards issued by Barclays, DKB-Bank and Karstadt-Quelle were among those at risk.

The Volks and Raiffeisenbank banking group recalled as many as 60,000 potentially compromised credit cards as a precautionary measure. However, in a typical fashion, Visa and Mastercard deny any mishaps on their part, and pointed the blame elsewhere in the payment chain.

In a statement, the German Central Credit Card Commission (ZKA) convinced the public saying that the affected cardholders would be notified by their banks and any card fraud case will be properly addressed. Cardholders were advised to check their statements for suspicious transactions. The German banks and savings banks have already started exchanging potentially compromised cards free of charge.

But all hope is not lost. The eight members of an Eastern European crime ring have been charged for their part in the hacking of RBS WorldPay last year. After stealing more than $9m (5,388,786 GBP) in half a day, the men dispatched cashers in 280 cities worldwide to withdraw the money. The suspects were charged with computer fraud, identity theft, conspiracy and device fraud. They could face more than 50 years behind bars as well as being forced to pay back the stolen amount.

It seems as fraudster's methods become increasingly sophisticated, the defence systems in place to thwart them are getting more and more primitive. As long as nobody accepts responsibility, or agrees to do anything about this problem, the crisis will continue to grow. Expect similar reports next month. And even the month after that. Payment fraud is here to stay - we'd better get used to it.

Tom Tainton, – Smartcard & Identity News


17/01/2019 Headlines

Mining Bitcoin Takes More Energy than Extracting Gold or Platinum

Digital currencies, as in so-called cryptocurrencies like Bitcoin and Ethereum, may represent the future of our monetary system, but so far, they've been terrib.....Read More

$1M in Crypto Disappears after SIM Swapping by US Hacker

California authorities have indicted New York citizen on 21 felony charges of cryptocurrency hacks, including the theft of $1 million in virtual coins. The defe.....Read More

Biometric Tech Used by Banks Leads to Rise in Money Mules

The use by banks of biometrics (fingerprint identification) to verify account holders has brought greater security to minimise identity theft and impersonation,.....Read More

Cyber Attacks on Major Banks have DOUBLED in a Year Due to Mistakes by 'Overconfident' Bankers

Technology disasters at banks and finance firms have more than doubled amid an unprecedented wave of cybercrime, the City watchdog has warned.

Overconfid.....Read More

Eight Arrested Following Takedown of Multi-Million Dollar Online Ad Fraud

A giant ad-fraud campaign that resulted in losses of tens of millions of dollars to companies has been taken down. According to a report by Google and cybersecu.....Read More

Sirin to Ship its First Blockchain-enabled Smartphone

Swiss-based Sirin Labs plans to ship its first blockchain-enabled smartphone on Thursday; the device will give users a secure method to access cryptocurrency ex.....Read More

Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication