Tuesday, August 30, 2011
In a May 3, 2011, earnings call and first quarter 2011 financial statement, prepaid card processor Fidelity National Information Services Inc. (FIS) approximated the loss from a data breach at $13 million. The breach involved one client and 22 prepaid card accounts on its Sunrise platform, FIS said.
The financial statement added that FIS identified 7,170 prepaid card accounts that may have been affected and information from three individual cardholders' accounts may have been improperly disclosed as a result of the breach. FIS blocked and reissued cards for the affected accounts, the processor said.
According to blog KrebsonSecurity and based on information blogger Brain Krebs obtained from sources he said are close to the investigation, cyber thieves hacked into the FIS network and pilfered 22 open-loop, reloadable prepaid debit card accounts. Krebs reported the hackers apparently changed the withdrawal limits on the accounts, cloned the accounts onto blank cards and distributed the cards to colleagues in cities in Europe, Russia and Ukraine.
Using the cloned cards in a coordinated attack on March 5, 2011, the crime ring withdrew approximately $13 million in cash from dozens of ATMs in Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom, Krebs reported. With unauthorized access to FIS' Sunrise platform, the fraudsters were able to reload the cards remotely for repeated withdrawals from the ATMs on that day, Krebs added.
Krebs called the FIS hack "eerily similar" to the 2008 RBS WorldPay Inc. breach that reportedly netted fraudsters $9 million.
In a statement to SellingPrepaid, Marcia Danzeisen, Senior Vice President of Global Marketing and Communications at FIS, said the company considers the matter closed. FIS continues to work with federal law enforcement as appropriate, she noted.
The KrebsonSecurity blog post can be accessed at www.krebsonsecurity.com/2011/08/coordinated-atm-heist-nets-thieves-13m/ .
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.