Massive South African credit card leak

garp

Executive Member
Joined
Aug 2, 2004
Messages
8,446
Sounds like a system breach to me. If someone physically inside the bank generated and issued fake credit cards I don't think they would have coordinated the withdrawals in a random faraway place like Japan. Sounds more like a bunch of hackers over there got into the bank's systems.
 

Vrotappel

Bulls fan
Joined
Feb 22, 2005
Messages
19,367
So either SB had to be hacked for them to be able to do this or the criminals had people on the inside. R300 million is huge.
 

Murmaider

Senior Member
Joined
Jan 16, 2008
Messages
899
It's not impossible.

Replicate each card 100 times, have 100 people go to different ATM's and draw R1400 at once = R140 000
It's very possible to hit those values with a coordinated attack. All you really need is man power.
 

akescpt

Honorary Master
Joined
Aug 12, 2008
Messages
21,503
STANDARD BANK GROUP LIMITED
Incorporated in the Republic of South Africa
Registration number 1969/017128/06
JSE Share code: SBK
Namibian Share Code: SNB
ISIN: ZAE000109815
(Standard Bank Group)

ANNOUNCEMENT REGARDING FRAUD INCIDENT

The South African banking operations of Standard Bank Group have been the victim of a sophisticated, coordinated fraud incident. This involved the withdrawal of cash using a small number of fictitious cards at various ATMs in Japan. The target of the fraud has been Standard Bank and there has been no financial loss for customers. Standard Bank has taken swift action to contain the matter and the gross loss to the bank is estimated at R300m. This is prior to any potential recoveries that may serve to reduce the loss. The relevant authorities have been alerted. Investigations are at a sensitive stage and further information will be provided as appropriate.

23 May 2016
Lead sponsor
The Standard Bank of South Africa Limited
Independent sponsor
Deutsche Securities (SA) Proprietary Limited
Namibian sponsor
Simonis Storm Securities (Proprietary) Limited
Date: 23/05/2016 08:51:00 Produced by the JSE SENS Department. The SENS service is an information dissemination service administered by the JSE Limited ('JSE').

The JSE does not, whether expressly, tacitly or implicitly, represent, warrant or in any way guarantee the truth, accuracy or completeness of
the information published on SENS. The JSE, their officers, employees and agents accept no liability for (or in respect of) any direct,
indirect, incidental or consequential loss or damage of any kind or nature, howsoever arising, from the use of SENS or the use of, or reliance on,
information disseminated through SENS.
Their customers Wil pay for this some way or the other
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
72,469
Not sure I understand how there can be impact to the bank but not the customer. Fictitious cards? So how did the transactions get authorised?
 

Drifter

Honorary Master
Joined
Dec 19, 2012
Messages
19,716
How did the fictitious cards get a credit limit? This means SB's system had to be hacked as well.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
72,469
How did the fictitious cards get a credit limit? This means SB's system had to be hacked as well.
I remember recently some talk about SWIFT being compromised.
I wonder if maybe a batch of cards was generated and sent to Mastercard via SWIFT, complete with limits etc, against non-existant SBSA accounts?
 

MagicDude4Eva

Banned
Joined
Apr 2, 2008
Messages
6,479
How did the fictitious cards get a credit limit? This means SB's system had to be hacked as well.
Anyone who was part of SBSA Y2K project and the switch to the new credit card system in 1999/2000 will remember how many 100ths of millions the bank lost because they just handed out production test-cards without tracking who had what. I doubt this time around it is any different - i.e. card file dumped of valid cards which have not been issued to customers.
 
Joined
Dec 7, 2010
Messages
78,906
When I read the headline I just knew it was Standard Bank.... dodgy as fukk

In my previous life I dealt with both them and other banks, and standard bank had the most fraud out of all of them...
 

Necropolis

Executive Member
Joined
Feb 26, 2007
Messages
8,401
I remember recently some talk about SWIFT being compromised.
I wonder if maybe a batch of cards was generated and sent to Mastercard via SWIFT, complete with limits etc, against non-existant SBSA accounts?
SWIFT is such an outdated system - I'm baffled by the fact that it is still in existence.
 

garp

Executive Member
Joined
Aug 2, 2004
Messages
8,446
Fake Cards? But there must a credit account on the back of the card....
Yes, but it will be a fake credit account also. One that was either made by collaborators in the bank, or by hackers. I'm leaning toward hackers given the way the money was withdrawn.
 
Joined
Dec 7, 2010
Messages
78,906
Yes, but it will be a fake credit account also. One that was either made by collaborators in the bank, or by hackers. I'm leaning toward hackers given the way the money was withdrawn.
Nah, it's 99% of the time an 'inside man' when it comes to these things in my experience.
 

Drifter

Honorary Master
Joined
Dec 19, 2012
Messages
19,716
Nah, it's 99% of the time an 'inside man' when it comes to these things in my experience.
Has to be, the system would have to be updated to show these accounts have been Fica'd, pin numbers issues, credit limits put in place BEFORE the card number could be shown as active. HUGE inside job if you ask me. And the fact that the transactions took place during a maintenance window adds more inside job suspipcion.
 
Top