October 28, 2014 by

A New England Bank’s Flawed Early Implementation of Chip Cards Allowed Unauthorized Charges

A series of unauthorized fraudulent EMV charges from Brazil baffled a small bank from New England recently. The bank is one of many that are starting to roll out the new EMV (chip-based) cards.

The problem with this particular fraud is that the bank has not yet started sending its customers the new chip cards. It, however started implementing the system already. The criminals must have been aware of this fact and used it to their advantage. Because implementing the EMV payment system is a rather lengthy and exceedingly difficult process, the bank’s security measures were lowered for all incoming chip transactions.

According to Brian Krebs, the bank sort of treated all EMV transactions as valid and didn’t (more like couldn’t) verify all security factors, because the system was not fully in place yet. This is why these charges were able to get through as chip transactions without a PIN. The bank approved about $40,000 of the total $120,000. The approved transactions were let through by the bank’s automated processor, which is used for approvals when the bank’s core systems are offline.

The cards these fraudsters used were actually from the Home Depot breach. The New England bank said it didn’t reissue all the cards from the Home Depot breach, because they were not seeing a lot of fraudulent charges and didn’t deem it necessary. These charges from Brazil, however beat their monthly fraud levels in just a few days.

The credit card companies involved will be investigating whether the vendors who own the terminals these charges originated from are involved in the fraud.


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

FFIEC Risk Profile

The growing threat to cybersecurity has prompted the Federal Financial Institutions Examination...

Read more arrow_forward

Banking Trojans Combine to Siphon $4 Million in a Few Days

  A new piece of malware has been discovered by security researchers at IBM and has...

Read more arrow_forward

HSBC Turkey Hacked: 2.7 Million Customers Affected

Almost 3 million people's account credit card and account information compromised in HSBC Turkey data breach.

Read more arrow_forward