Hackers broke into the card payment processing service of UAE based banks and theft $45 million. Banks were using card processing service of ElectraCard, company based in Pune and EnStage Inc.
In this ATM Heist, an international criminal gang made two co-ordinated hits of ATMs around the world. They withdraw $5 million on December 21 2012 and then $40 million on February 19 2013. To withdraw this much amount of money from cash machines, hackers hacked into the card processing companies and raised the balances and withdrawal limits on MasterCard prepaid debit cards.
Last week, US federal prosecutors said in a complaint that RAKBANK and Bank of Muscat Oman were hacked in a big cyber crime attack. Both bank outsourced the payment processing work to an Indian company. Hackers first breached the computers of India credit card processor, ElectraCard and then computers of American Processor, EnStage. Officials from both companies do not want to comment on the issue.
RAKBANK has yet to comment on the breach and investigation going on. Name of Infosys has also been dragged into the breach because RAKBANK rolled out the Infosys Finacle Core Banking software back in December But infosys clarifies that Finacle has nothing to do with the breach as it has no payment processing option.
“We would like to point out that Infosys Finacle does not have any credit card processing solutions or products and hence no link to the incident in question (with RakBank),” said Infosys official.
Now CERT is investigating the issue and trying to find the guilty.
“We are investigating the technical aspect,” Gulshan Rai, director general of the Indian Computer Emergency Response Team (CERT), part of the department of electronics and information technology, told Reuters by phone on Sunday.
“What kind of breach has happened in the system, how did it happen, what processes are in place, and the entire technical aspect we will look at,” he said, adding that the agency had started its investigation on Saturday.
ElectraCard and EnStage both accepted the security breach and said that they were investing the issue.
Eddie Schwartz, chief information security officer for RSA Inc, a firm that helps banks fight payment card fraud, said in a statement that it is not surprising that hackers are targeting companies that uses Indian companies for payment processing. Because there is not as much government oversight in India as there is in the United States and Western Europe.
“Hackers view India as a target. It’s got a fast-moving economy, a fast-moving IT infrastructure,” Schwartz said.
Banks are now the primary target of cyber criminals. Most of the banks confirmed that they face cyber attacks and it caused them billion dollars loss each year.
