Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
News
See Headlines »

Channels

Retail banking Security Payments

Keywords

Cards
Insider steals and sells credit card data of 20m South Koreans

Insider steals and sells credit card data of 20m South Koreans

South Korean prosecutors have indicted an engineer accused of stealing the credit card details of more than 20 million people and selling them to marketing firms.

The engineer allegedly used his position at the Korea Credit Bureau to access databases belonging to KB Kookmin Card, Lotte Card, and NH Nonghyup Card between May 2012 and December 2013.

The crook copied the card numbers and expiry dates of NongHyup and Lotte customers, but not Kookmin, onto a USB stick. E-mail and residential addresses and phone numbers were also taken.

The information was then sold to marketing firms. Officials at these firms have also now been arrested.

South Korea's Financial Supervisory Service says that the chances of fraud are low because PINs and CVCs were not taken in the theft but any losses will be covered by the card firms.

The bosses of all three companies have made public apologies and several executives have tendered their resignations. According to Bloomberg, 27 people from KB Kookmin Card and its parent have offered to quit.

Channels

Retail banking Security Payments

Keywords

Cards

Sponsored: Join us at Money20/20 Europe 2024 - 4-6 June, Amsterdam | Use code FEX200 to save €200 on your ticket

Comments: (1)

A Finextra member
A Finextra member 20 January, 2014, 15:261 like 1 like

EMV and online payments providers must focus asap on implementing 'unique per transaction PAN tokenization' methods as part of the fight to make the card data stored and spread across merchant and acquirer/processor systems useless for the thieves.

If such dynamic tokens are structured to preserve original PAN BIN/IIN value (for acquirer ro be able to properly route txn) and if they preserve last 4 digits of the original PAN the merchant and acquirer systems will be unaware of such changes and should continue to function properly and only issuer end points (card and issuer host) will be able to map such token to the original PAN

 

Such tokens would be then useless for anything if stollen

Report abuse
Join the discussion

Write a blog post about this story (membership required)

Join us at Money20/20 Europe 2024 - 4-6 June, Amsterdam | Use code FEX200 to save €200 on your tickeJoin us at Money20/20 Europe 2024 - 4-6 June, Amsterdam | Use code FEX200 to save €200 on your ticket

Trending

Related News
Russian teen accused of writing Target malware

Russian teen accused of writing Target malware

South Korea blames Pyongyang for bank cyber attacks

South Korea blames Pyongyang for bank cyber attacks

South Korean banks hit by cyber-attacks

20 Mar 2013

South Korean bank hit by cyber-attack

20 Apr 2011

Hacker steals Hyundai Capital customer data for blackmail scam

11 Apr 2011

Trending

  1. Central banks embark on tokenisation project

  2. Mastercard launches virtual card app to simplify travel and business expenses

  3. Apple offer to open up NFC payments access set for EU approval - Reuters

  4. Temenos appoints CEO; says sales hit by Hindenburg report

  5. Klarna sells virtual shopping business Hero

Research
See all reports »
The Future of UK Fintech - 2015-2035

The Future of UK Fintech - 2015-2035

Definitive Differentiators - Forging a future-proof payments model

Definitive Differentiators - Forging a future-proof payments model

APP Fraud Liability: A Guide for Banks

APP Fraud Liability: A Guide for Banks