21 January 2017
visit http://www.wolterskluwerfs.com

Insider steals and sells credit card data of 20m South Koreans

20 January 2014  |  4548 views  |  1 credit card

South Korean prosecutors have indicted an engineer accused of stealing the credit card details of more than 20 million people and selling them to marketing firms.

The engineer allegedly used his position at the Korea Credit Bureau to access databases belonging to KB Kookmin Card, Lotte Card, and NH Nonghyup Card between May 2012 and December 2013.

The crook copied the card numbers and expiry dates of NongHyup and Lotte customers, but not Kookmin, onto a USB stick. E-mail and residential addresses and phone numbers were also taken.

The information was then sold to marketing firms. Officials at these firms have also now been arrested.

South Korea's Financial Supervisory Service says that the chances of fraud are low because PINs and CVCs were not taken in the theft but any losses will be covered by the card firms.

The bosses of all three companies have made public apologies and several executives have tendered their resignations. According to Bloomberg, 27 people from KB Kookmin Card and its parent have offered to quit.

Comments: (1)

A Finextra member
A Finextra member | 20 January, 2014, 15:26

EMV and online payments providers must focus asap on implementing 'unique per transaction PAN tokenization' methods as part of the fight to make the card data stored and spread across merchant and acquirer/processor systems useless for the thieves.

If such dynamic tokens are structured to preserve original PAN BIN/IIN value (for acquirer ro be able to properly route txn) and if they preserve last 4 digits of the original PAN the merchant and acquirer systems will be unaware of such changes and should continue to function properly and only issuer end points (card and issuer host) will be able to map such token to the original PAN

 

Such tokens would be then useless for anything if stollen

1 thumb up! 1 thumb up! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Russian teen accused of writing Target malware

Russian teen accused of writing Target malware

20 January 2014  |  6044 views  |  4 comments | 8 tweets | 10 linkedin
South Korea blames Pyongyang for bank cyber attacks

South Korea blames Pyongyang for bank cyber attacks

11 April 2013  |  4155 views  |  0 comments | 5 tweets | 1 linkedin
South Korean banks hit by cyber-attacks

South Korean banks hit by cyber-attacks

20 March 2013  |  4666 views  |  0 comments | 3 tweets | 2 linkedin
South Korean bank hit by cyber-attack

South Korean bank hit by cyber-attack

20 April 2011  |  8531 views  |  0 comments
Hacker steals Hyundai Capital customer data for blackmail scam

Hacker steals Hyundai Capital customer data for blackmail scam

11 April 2011  |  8649 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
http://www.financialcrimerisk.fiserv.com/aml?r=finextraVisit capgemini.comVisit contisgroup.com

Who is commenting?

Top topics

Most viewed Most shared
Banks face big profit loss to digitisation - McKinseyBanks face big profit loss to digitisation...
16692 views comments | 95 tweets | 113 linkedin
Seven banks plan blockchain platform for SMEsSeven banks plan blockchain platform for S...
13000 views comments | 48 tweets | 44 linkedin
Accenture beats Brexit blues with largest-ever London startup programmeAccenture beats Brexit blues with largest-...
11151 views comments | 31 tweets | 20 linkedin
US fintech firms join forces to push data sharing via APIsUS fintech firms join forces to push data...
7718 views comments | 42 tweets | 42 linkedin
HSBC forms tech advisory boardHSBC forms tech advisory board
6604 views comments | 21 tweets | 23 linkedin

Featured job

to Six-Figure Base, Bonus, Benefits
London, UK

Find your next job