Hackers get $9.4 million in just 12 hours

Eight charged in elaborate theft of debit card data

By Byron Acohido, USA TODAY

 

A U.S. grand jury on Tuesday indicted eight foreigners on charges stemming from an elaborate cyberheist that began by hacking debit card data from Atlanta-based payments processor RBS WorldPay, then using the data to extract millions from ATMs around the world in just 12 hours.

 

Acting U.S. Attorney Sally Quillian Yates called it "perhaps the most sophisticated and organized computer fraud attack ever conducted." She credited "unprecedented cooperation" between the U.S. and Estonia for cracking the case.

....Viktor Pleshchuk, 28, of St. Petersburg, Russia; Sergei Tsurikov, 25, of Tallinn, Estonia; and Oleg Covelin, 28, of Chisinau, Moldova, were charged with wire fraud, computer fraud and identity theft, along with five others.

In November 2008, the trio allegedly hacked into RBS WorldPay's computer network, then cracked the encryption codes protecting account numbers and PINs for 44 prepaid payroll accounts. Companies use such accounts to distribute salaries via debit cards, which employees use at ATMs to withdraw their pay.

Yates says the thieves raised the payroll account limits, then arranged to have the stolen account numbers embedded on the magnetic stripes of blank payment cards. Finally, they set into motion an army of "cashers" in 280 cities worldwide.

In just 12 hours, using the counterfeit cards, the cashers withdrew $9.4 million from more than 2,100 ATMs in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada, says Yates....(full story at www.usatoday.com)

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Heartland Data Breach: Visa Sets Deadline for Issuers to File Fraud Claims

Heartland Data Breach: Visa Sets Deadline for Issuers to File Fraud Claims

Heartland, RBS WorldPay Removed from Visa's Compliant Service Providers List

March 16, 2009 - Linda McGlasson, Managing Editor

Heartland Payment Systems (HPY) has been removed from Visa's list of compliant service providers, and banking institutions affected by the Heartland data breach have until May 19 to file their fraud claims with Visa.

This news emerged late last week from a public statement by Visa, as well as from a letter sent by the credit card company to card-issuing banking institutions.

In the statement, Visa confirmed that both Heartland and RBS WorldPay as a result of their recent data breaches, have been removed from the company's Payment Card Industry Data Security Standard (PCI DSS) Compliant Service Providers list. This list represents the service providers that Visa has validated as being PCI DSS compliant for merchants and other businesses to run their credit card transactions.

Heartland and RBS WorldPay are now considered to be "on probation," and can apply to be relisted once they revalidate PCI DSS compliance and meet other security stipulations.

...Visa says:

• Heartland is now "in a probationary period" and subject to several risk conditions, including "more stringent security assessments, monitoring and reporting."

• Heartland's sponsoring banks will be assessed undisclosed fines as a result of the data breach.

• Card issuers can recover an unspecified portion of losses connected to the Heartland breach, but they face a May 19 deadline to file their claims with Visa.

So far, neither MasterCard nor any other credit card company has issued similar statements about Heartland's status or how/if institutions can recover money losses from the breach. (Full story at www.bankinfosecurity.com)

If you were a victim, you had better circle May 19th on your calendar in red.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

RBS Worldpay Breach - 1.5 million victims

This is probably the largest security breach at the end of 2008. RBS WorldPay (formerly RBS Lynk), the U.S. payment processing arm of The Royal Bank of Scotland Group, announced on 12/23/08 that it had an unauthorized access to its system and about 1,5 million people may have had certain information taken with 1.1 million possibly having their social security numbers accessed. The event actually occurred on 11/10/08.

1.5 million individuals affected in RBS WorldPay breach
Angela Moscaritolo

Electronic payment processing service, RBS WorldPay, last week disclosed a data breach affecting 1.5 million cardholders.

Atlanta-based RBS WorldPay processes electronic payments, such as debit, credit and ATM transactions. It also processes gift card and payroll card transactions.

An unauthorized user accessed the company's computer system, and personal information of 1.5 million gift card and payroll cardholders may have been compromised, a company spokesman told SCMagazineUS.com on Monday. Personal information of payroll cardholders – including names, addresses, dates of birth, Social Security numbers – may have been accessed....

...Since the breach, identified Nov. 10, there have been approximately 100 instances of actual fraud, where cards were used to conduct fraudulent transactions. Victims will not be held financially responsible for fraudulent withdrawals, the spokesman said.... (Full text at SCMagazine.com)

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com