1998-01-07 - Debit-card program cancelled because of fraud [FWD]

Header Data

From: Steve Schear <schear@lvdi.net>
To: cypherpunks@cyberpass.net
Message Hash: ceae0407d154a07ca48260c0689fbcd20c7736778b322c01cee3249dd7a540ad
Message ID: <v03102801b0d9833d841d@[208.129.55.202]>
Reply To: N/A
UTC Datetime: 1998-01-07 20:42:11 UTC
Raw Date: Thu, 8 Jan 1998 04:42:11 +0800

Raw message

From: Steve Schear <schear@lvdi.net>
Date: Thu, 8 Jan 1998 04:42:11 +0800
To: cypherpunks@cyberpass.net
Subject: Debit-card program cancelled because of fraud [FWD]
Message-ID: <v03102801b0d9833d841d@[208.129.55.202]>
MIME-Version: 1.0
Content-Type: text/plain



Date: Sun, 28 Dec 1997 09:22:45 -0500
From: Steve Bellovin <smb@research.att.com>
Subject: Debit-card program cancelled because of fraud

According to the AP, Burns National Bank (Durango, CO) is cancelling its
debit-card program because of fraud.  The article is maddeningly incomplete
about technical details.

Apparently, the "hackers" (to quote the article) counterfeited plastic cards
and "took account number sequences off software that resides on the Internet
before encoding them in the magnetic strip on the back of the card."  When
the fraud was detected, some customers had new cards issued, with some
unspecified extra security feature.  It didn't work; within a month, the
accounts were penetrated again.

Three other banks have been victimized by a similar scheme.  All four use
the same debit card vendor; Burns blames the vendor for inadequate security,
in some unspecified form.  They're looking for a new supplier; until then,
the entire program is being suspended.  Losses to date -- which are
apparently being absorbed by the banks -- total $300,000.







Thread