Hackers stole 1.5 million euros from a German bank by cloning customer EMV cards
ZDNet reported that the Brazilian hack group cloned EMV debit cards from more than 2,000 customers of the German bank Oldenburgische Landesbank (OLB) and stole 1.5 million euros from its accounts, having cashed user funds throughout Brazil.The theft happened last week and only affected Mastercard debit card holders.
“The incident caught the eye of several cyber-security experts who noted the peculiarities of the thefts, which only involved Mastercard debit cards issued by OLB“, — reports ZDNet.
In a statement released late last week, bank representatives said they had already reimbursed the losses to all the victims, their number was approximately 2,000 people. In addition, the bank has already blocked all compromised Mastercard cards, and is currently in the process of issuing replacements.
According to OLB, the incident was the result of an organized attack by cybercrime group with using of fake cards and terminals.
Read also: Media: discovered by Google iPhone hackers also attacked Android and Windows users
Customers noticed that all compromised cards were equipped with an EMV chip, and chip-and-PIN technology in theory should protect against such attacks. However, unfortunately, such incidents do not occur for the first time and EMV cards are also compromised.
Telefonica expert Manuel Pintag confirmed to ZDNet reporters that Brazil and Mexico are the largest “EMV cloning laboratories.” Local hackers often advertise tools to help create fully functional clones of EMV cards.
“To clone a modern chip-and-PIN card, criminals need a copy of the magnetic stripe of the EMV card. To obtain this data, attackers often rely on sniffers installed in ATMs or PoS terminals. It is these devices that are considered the main sources of debit cards compromised in a recent OLB incident”- said Manuel Pintag.
Moreover, the PIN code is not always needed, since some cloned cards work with any random PIN code entered in the PoS or ATM.Mastercard said it is still investigating the incident.
“We can confirm that neither Mastercard’s network or the EMV technology were compromised. Nor has any account or card data been hacked either at Mastercard, OLB or at a third party. This issue derived from a scam involving organized cybercrime using counterfeit cards and terminals”, — a Mastercard spokesperson said.