English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Thousands of European cards blocked following payment processor breach

Stefan Tanase
Kaspersky Lab Expert
Posted December 19, 17:21  GMT
Tags: Electronic Payments, Data leaks, Credit Cards, VISA
0.3
 

Several Eastern European banks have started notifying their customers in the beginning of last week that their cards have been blocked and will be replaced with new ones. Most of the banks did not give out any more details about what happened, and in many cases even failed to notify their customers prior to actually blocking their cards. Is it just another day in the payment processing business? Based on the rushed response from banks and the lack of information surrounding the case, I would say no.

It all started one week ago after the state-owned Romanian bank CEC Bank blocked ~17,000 cards in response to a security breach at one of VISA’s European payment processor.

The reaction of other banks followed soon. The Romanian branch of ING Bank also confirmed to have blocked compromised cards, but didn’t put out a number. They say they’ve only blocked a few cards, but are closely monitoring the situation.

A few days later, Serbian banks also started blocking thousands of cards for security reasons. Raiffeisen Bank, Komercijalna and Societe Generale confirm they have been informed by VISA about some of their customer’s cards being compromised. Very similar to what happened in Romania.

Rumors indicate the European branch of an electronic payment services provider, Euronet Worlwide, to be the source of this breach. This information has been going around Romanian business media (1, 2) – and though it hasn’t been confirmed officially, it would explain why customers from different banks in different countries were affected.

It’s very hard to assess the severity of this security breach, as the banks’ reaction to these events was very mixed. Some banks proceeded immediately to blocking and replacing all affected cads, while others decided to monitor the situation more closely.

Currently, it’s very hard to get a full picture of what is going on, but as it usually happens, these are unlikely to be isolated incidents. Actually, these stories could be just the tip of the iceberg. If you have recently received such a notification from your bank, we’d like to hear from you, especially if it’s outside Serbia and Romania.

Meanwhile, make sure to follow these 3 basic steps to make sure you don’t become a victim of credit card fraud:

  1. Check your statements as often as possible. Make sure all payments showing up are actually made by yourself. In case you suspect a fraudulent transaction, get in touch with your bank as soon as possible.
  2. Enable instant SMS notifications if your bank offers it. Some banks offer it for free, others charge for this option. No matter what, it’s worth it. You’ll be able to get instant reports of payments made with your cards.
  3. Make sure you keep most of your money in an account that has no card linked to it. Having to move money from an account to another on a weekly or monthly basis might seem annoying, but it can save you a great deal of pain in case your card gets compromised.

Last, but not least, we know it’s the holiday season and shopping is on everyone’s mind. So if you want to keep your money safe when doing online shopping, this insightful article we’ve put together is for you: Online shopping made safe and convenient.


6 comments

Oldest first
Table view
 

Napoji

2011 Dec 19, 22:43
1
 

Blocked cards in Hungary too

My girlfriends card was blocked too.
Here is a hungarian article,

http://tinyurl.com/cupn6dr

Reply    

Stefan Tanase

2011 Dec 20, 02:52
0
 

Thanks for the link!

Dear Napoji, thank you for getting in touch and sharing that news report with us.

It seems there are already at least 3 countries involved: Romania, Slovenia and Hungary.

Reply    

Bogdan

2011 Dec 21, 00:59
0
 

Banks not aware?

Funny thing: right after the first press announcement about CEC Bank, I've called a couple of Romanian banks (including ING) and all of them said they're not affected, only CEC and I should not worry at all.

Reply    

Kevin

2012 Jan 29, 01:28
1
 

6 rules for safer financial transactions online

Whether you go online to check your bank balance, pay a bill, give money, shop, or sell something, these six rules can help you keep the risks to a minimum.

1. Defend your computer against Internet threats
Help protect your online transactions by using firewall, antivirus, and antispyware software. Encrypt your wireless connection at home. Keep all software (including your web browser) current with automatic updates. For more information, see How to boost your malware defense and protect your PC.

2. Create strong passwords
Strong passwords are easy for you to remember but difficult for others to guess. They are at least 14 characters long (the longer the password, the better) and include numbers, symbols, and upper and lower case letters. For more information, see Learn how to create strong passwords. If you already have a password in mind, check your password strength.)

Keep passwords and PINs (personal identification numbers) secret. Do not share them in email, instant messages, or over the phone.

Use unique passwords for bank accounts and other important financial information. Avoid using the same password everywhere. If someone steals that password, all the information that the password protects is at risk.

3. Find the web address yourself
Links in email messages, text messages, instant messages, or pop-up ads can take you to websites that look legitimate but are not. To visit websites, type the address yourself or use your own bookmark or favorite.

4. Look for signs that your information is safe
Before you enter sensitive data on a web page, ensure that:

The site uses encryption, a security measure that helps protect your data as it traverses the Internet. Signs of encryption include a web address with https ("s" stands for secure) and a closed padlock beside it. (The lock might also be in the lower right corner of the window.)

You are at the correct website—for example, at your bank's site, not a fake one. If you are using Internet Explorer, one sign of trustworthiness is a green address bar like the one above.

5. Save financial transactions for your home computer
Never pay bills, bank, shop, or do other financial business on a public or shared computer or on devices such as laptops or mobile phones that are on public wireless networks. The security is unreliable.

6. Use common sense
To protect yourself against fraud, watch out for scams. For example, be wary of deals that sound too good to be true, alerts from your "bank" that your account will be closed unless you take some immediate action, notices that you have won a lottery, or a refusal to meet in person for a local transaction.

Typically this kind of message, whether sent by computer or phone, is designed to entice you to visit a phony website where criminals collect your financial data. (If you doubt the message's authenticity, call the company.) Learn to spot phishing scams and defend against them.

What to do if there are problems:
--------------------------------
Online shopping problem? First, ask the seller to make things right. If that doesn't work, contact the web service for help.

Report scams, fraud, identity theft, or other abuse:

To the web service, local police, and the bank, credit card company, or other financial institution.

For identity theft in the United States, to the U.S. Federal Trade Commission (FTC) at ftc.gov/idtheft or call toll free: (877) 438-4338.

For scams or fraud in the United States, to the FTC at ftc.gov/bcp/consumer.shtm or call toll free: (877) 382-4357.

-------------------------

How to use third-party payment services
You can use third-party payment services to make payments online and avoid giving your credit card number directly to merchants.

What is a third-party payment service?
When you use a third-party payment service, you transfer money into an online account and make payments from that account. That way, you never expose your real credit card or bank account information.

You can use these third-party payment services to buy things from online auction websites or from other online businesses and to donate money.

The most popular of these services in the United States is called PayPal, but there are others, such as Amazon.com Payments.

How to choose a secure payment service
Use the same guidelines for choosing a third-party payment service as you would for choosing an online retailer. To test the legitimacy of a service:

Find out what others say about the service: Check consumer review websites such as Epinions.com or BizRate.

Look at the payment service's website for seals of approval from TRUSTe or Better Business Bureau Online (BBBOnline).

Before you submit sensitive data to the payment service, ensure that the service website uses encryption. (Encryption is a security measure that helps protect your data as it traverses the Internet.) Signs that a website uses encryption include a web address with https ("s" stands for secure) and a closed padlock beside it. (The lock might also be in the lower right corner of the window.)

Use payment services more safely
Never respond to email messages from third-party payment services asking you to confirm account details, such as passwords or other personally identifiable information. These email messages could potentially be identity theft scams, such as phishing.

Create a strong password for your account. Strong passwords are easy for you to remember but difficult for others to guess. They are at least 14 characters long and include upper and lower case letters, numbers, and symbols. Learn how to create strong passwords.

Do not use payment services (or make any financial transactions, for that matter) on public or shared computers or on devices such as laptops or cell phones while you are using public wireless networks. The security is unreliable.

Find out whether the seller is a verified member of the payment service, and for how long. Some services allow you to check a seller's rating—although these ratings cannot be guaranteed, they can be helpful.

Edited by Kevin, 2012 Jan 29, 01:55

Reply    

Kevin

2012 Jan 29, 01:40
0
 

Identity Theft, Phishing, Prevention to Help Stop Fraud - guides by PayPal

https://www.paypal.com/za/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/general/UnderstandIdTheft-outside

https://www.paypal.com/za/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/general/UnderstandPhishing-outside

https://www.paypal.com/za/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/buy/Prevention-outside

NEW! Email Authentication:
-------------------------
With this new technology, you can be more confident knowing that emails from PayPal are actually from PayPal. Find out more in the Email Authentication Overview.

Equifax Credit Alerts™ for PayPal users:
---------------------------------------
We’ve partnered with Equifax to provide you with an early warning detection system for potential identity theft. It’s free for U.S. PayPal users. Find out more with the Equifax Credit Alerts Guide.

Virtual Debit Card:
------------------
A digital credit card for PayPal users that generates a temporary number every time you use it and warns you of potentially fraudulent websites. These convenient features will help keep you safe and secure when you shop online. Find out more at Virtual Debit Card.

Edited by Kevin, 2012 Jan 29, 02:01

Reply    

Kevin

2012 Jan 29, 01:49
0
 

Home Computer Security

http://www.cert.org/homeusers/HomeComputerSecurity/home_computer_security.pdf

http://www.cert.org/homeusers/HomeComputerSecurity/#intro

Reply    
If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog