Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Payment card processors hacked in $45 million fraud

US federal prosecutors indicted eight people accused of running a vast carding scheme

A vast debit card fraud scheme that allegedly netted $US45 million has been linked to the hacking of credit card processors in the US and India.

Federal prosecutors in New York indicted eight men on Thursday whom they accuse of a scheme centered on raising the limit on prepaid debit cards and then withdrawing the cash from ATMs.

"In such operations, hackers manipulate account balances and in some cases security protocols to effectively eliminate any withdrawal limits on individual accounts," the indictment reads.

"As a result, even a few compromised bank account numbers can result in tremendous financial loss to the victim financial institution," it said.

Payment card processors are typically expected to comply with the Payment Card Industry Data Security Standard (PCI-DSS), a code of best practices created by the card industry designed to prevent hackers from obtaining card details.

In one example, the hackers raised the limit on 12 accounts at the Bank of Muscat, based in Oman. The account details were obtained through a U.S. credit card processor, which handles Visa and MasterCard prepaid debit cards. It was not identified in the indictment.

The account numbers were distributed to people in 24 countries, who encoded the account details onto dummy payment cards that could then be used in ATMs. Around Feb. 19, the Bank of Muscat lost $40 million in less than 24 hours as the people made withdrawals.

A single card's details was used around New York City for an astounding 2,904 withdrawals, amounting to $2.4 million, according to the indictment. The same number was used in other withdrawals worldwide for another $6.5 million.

The Indian credit card processor, which was also not identified, held the details for prepaid Visa and MasterCard debit accounts with the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates.

The limits for five of those accounts were increased, and the card details send to people in 20 countries. More than 4,500 ATM withdrawals were made, causing $5 million in losses, the indictment said.

The defendants are charged in U.S. District Court for the Eastern District of New York with conspiracy to commit access device fraud, money laundering conspiracy and two counts of money laundering.

Those arrested are Jael Mejia Collado, Joan Luis Minier Lara, Evan Jose Pena, Jose Familia Reyes, Elvis Rafael Rodriguez, Emir Yasser Yeje and Chung Yu-Holguin.

An eighth defendant, Alberto Yusi Lajud-Pena, is believed to have been murdered in the Dominican Republic on April 27.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Visa
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Criminal, security, Bank of Muscat, legal, data breach, Identity fraud / theft, cybercrime
Latest Blog Posts
Whitepapers
  • MAM Evaluation Guide: 10 Must Haves
    Your employees demand more apps, more data, more convenience—which places a major strain on IT. Satisfy both sides with a Mobile App Management (MAM) solution. Here’s a guide to help you understand the critical success factors before getting started.
    Learn more »
  • How to Successfully Select an ERP System
    An Enterprise Resource Planning (ERP) system is a series of software applications that collect and compiles data from different departments to enhance collaboration and co-ordination within the business. If you’re looking to implement your first ERP system, or to upgrade from an existing system, this whitepaper offers eight simple steps for selection that will lead to long-term strategic success.
    Learn more »
  • Transform IT, Transform the Enterprise
    Existing IT operational models and an ageing infrastructure are CIOs back from their full potential. This paper reveals the three IT imperatives for a CIO-led transformation, and details how CIOs are adopting strategies to change IT and assert their organisations as business leaders and innovators.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Latest Jobs
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments