GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

New moves for more mojo in '09

News

Industry Update

Online shoppers stay the course

Morgan Stanley sues Discover

TARP eases AmEx woes

Is TALF on target?

RBS staves off hackers

Shift4 podcast available

Features

Mt. Snow clear for summit

Getting smart about contactless

Industry Leader

Paul Martaus –
The go-to guy

Selling Prepaid

SellingPrepaid now in print

Prepaid in brief

Going boldly into m-commerce

Achieve wellness with rewards

A new outlook for the unbanked

Views

How to preserve self-regulation

Biff Matthews
CardWare International

A countertop tonic for recession blues

Bulent Ozayaz
VeriFone

Changes afoot, challenges ahead

George Sarantopoulos
The Access One Group

Education

Street SmartsSM:
Become an enterprising networker

Jason Felts
Advanced Merchant Services Inc.

The new age in customer retention

Christian Murray
Global eTelecom Inc.

Rising above recession: 10 tips

Curt Hensley
CSH Consulting

PCI, an aspect of PII

Ross Federgreen, Ken Musante and Theodore Svoronos

PCI: What to hope for in 2009

Tim Cranny
Panoptic Security Inc.

Weathering the coming payment storms

Jeff Fortney
Clearent LLC

Company Profile

Charge Card Systems LLC

New Products

Seek profitable harbor with POS

Harbortouch POS Systems
Company: United Bank Card Inc.

Securing data on the edge

Cipher Security Module
Company: Semtek Corp.

Inspiration

Beyond resolutions

Beyond resolutions

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

January 12, 2009  •  Issue 09:01:01

previous next

RBS staves off hackers

RBS WorldPay, the U.S. payment processing division of The Royal Bank of Scotland Group, reported on Dec. 23, 2008, that its computer system had been improperly accessed by hackers and that the personal, financial information of approximately 1.5 million cardholders may have been affected; of this group, 1.1 million "may have had their Social Security numbers improperly accessed as well," according to an RBS press release. However, only 100 consumer cards had been fraudulently used before RBS discovered its system had been hacked on Nov. 10, 2008. The company told InternetNews.com that compromised prepaid gift cards still on retailer shelves have been removed and destroyed. Consumers who currently own RBS prepaid cards can continue using them.

But Graham Cluley, senior technology consultant for anti-virus vendor Sophos PLC, suggested the delay in the announcement is suspicious, given that the attack happened more than a month prior to the press release. "I'm sure that, if my confidential information had been compromised, I would want to know about it as soon as possible," Cluley said.

"And I can't help but think that making a public statement just before the holidays might fulfill regulatory requirements, but the fact that they buried the news from reporters and released the information around the holidays tells me they would rather go unnoticed."

Remedial action

RBS notified law enforcement and federal regulators shortly thereafter and immediately took steps to mitigate risks of further thefts. RBS WorldPay's internal security staff and outside security experts are investigating the situation with federal and state authorities.

"Privacy is important to RBS WorldPay, and we regret any inconvenience this may cause affected individuals," said Ben Barone, President and Chief Executive Officer of RBS WorldPay.

"We have taken important and immediate steps to mitigate risk, and none of the affected cardholders will be responsible for unauthorized activity on their account resulting from this situation.

"We are working closely with leading computer security firms to further safeguard our system and with law enforcement agencies to assist them in seeing these criminals brought to justice." RBS WorldPay have notified affected individuals by letter and have offered a free one-year credit monitoring subscription with all three major credit reporting agencies.

Victims will not be held financially liable for the fraudulent withdrawals, a company spokesman said. PIN numbers for all PIN-enabled cards have been reset in order to prevent any future misuse. Assistance information for affected individuals is posted on RBS WorldPay's Web site, www.rbsworldpay.us.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios