“PIN Cashing” a New Threat to Banks – LifeLock
April 8, 2009 – 2:51 pm
With all the hype going around about the Conficker computer worm I thought it might be interesting to talk about technologies and people that can brake into systems and steal. For those who don’t know what Conflicker is here is a short description from wikipedia.
Conficker is believed to be the most widespread computer worm infection since SQL Slammer in 2003. The initial rapid spread of the worm has been attributed to the number of Windows PCs (estimated at 30%) which have yet to apply the Microsoft patch for the MS08-067 vulnerability.
Anyways this article is not about Conficker even though it is thought to be able to steal information from your computer and send it out over the Internet. I wanted to talk about a new scam called PIN Cashing. I thought this was interesting because it involves one person hacking a banks ATM system and many others withdrawing the money.
This is how it works:
1. A hacker uses SQL Injection techniques to break into a database-driven Website which resides on a financial institution’s network
2. Then, they use their access to the bank’s systems to locate the ATM database
3. If necessary, the hacker alters the PIN for credit / debit cards they are planning on cashing out
4. Then the hacker sells the card data to other criminals
5. Those criminals create ATM cards using the hacker’s information, and drain the accounts
6. The hacker receives a percentage of the proceeds – around 10-20%
I think that this is unbelievable. I know a little bit about programming and there are some really secure ways to prevent SQL injections. It’s not a hard problem to fix. The banks that are vulnerable to this sort of attach I feel have not implemented the right kind of system to protect their cardholders.
Tags: identity theft, identity theft protection, Life Lock, LifeLock, LifeLock Promo Code, LifeLock Promo Codes, LifeLock Promotion Code, LifeLock Promotion Codes, pin cashing, Promo code, promo codes, promotion code, promotion codes
