Hackers Phish in Bank’s Own Pond; Thieves Score Millions with PIN Numbers

A couple of news items on the security front caught our attention in the past week. In the category of adding insult to injury, reports say hackers apparently were able to use a Chinese bank’s server to host phishing sites to steal personal information and commit fraud against customers of another bank. See Chinese Bank’s Server Used in Phishing Attacks on US Banks at Netcraft.com.  For more discussion of phishing, see our prior post on Phishing, Pharming and Plain Old Phraud.

The other event was more disturbing. We missed it in the general media but found reports at tech news sites. Someone was able to hack into a system that at the time of the report had yet to be identified and steal information about debit card holders, including their PIN numbers. It appears a bank was not the site of the security breach since multiple banks were affected. Speculation was that a retailer or processor had improperly retained the PIN along with information from the magnetic strip, and that system was breached.

According to Gartner, thieves were emptying accounts at ATMs and had stolen “millions already.” A number of banks were forced to reissue debit cards to their customers. No word on how the banks were dealing with their customers’ losses in this unusual situation, but it suggests consumers may be at risk when using a debit card for retail purchases. Read more about the PIN scandal at CNet’s website.