Standing next to the ATM on Tuesday, I stared at the receipt in my hand
and tried to make the numbers add up. My wife and I had both been paid
only a few days before, but our bank account now had less than $200 in
it. Since we share our expenses, we each sometimes discover little
surprises when she pays for a car repair or I cover a veterinary bill,
but this was a big surprise -- and not a pleasant one.
When I got to the office, I looked up my account and quickly discovered
the culprit: three charges totaling more than $1,800. I called my wife
to make sure that she hadn't recently decided to buy a new Bose stereo
system or made several hundred dollars in pharmacy purchases. A few
minutes later, she was walking into the office of our local Chase Bank (JPM)
to talk to a human being about our almost-empty account. She had barely
explained our situation before he burst out "Wow, I've had, like six
people in this morning with the same problem!"
An Office Full of Victims
Six people in a single morning seemed a bit high for one teller, but
when I started talking to my coworkers, I discovered that I wasn't even
the only one in my office who had recently had his account hacked. My
coworkers Ken and Ryan had both recently found a bunch of confusing
charges on their Chase accounts, and 10 other office mates whom I
didn't know had had their accounts breached within the last few months.
As I widened my search, I found dozens of people who'd recently had
their information compromised. An alarming number were Chase customers.
Was this a crime wave? The Chase representative I talked to refused to
comment on whether or not the company was experiencing an uptick in
breaches, but John Zurawski, a vice president at an online security
firm Authentify, was able to give me a clearer picture. This isn't an
especially active time for hackers, he said. "The attacks on online
financial accounts are continuous," Zurawski explained. "The level of
activity is routinely high because the likelihood of being caught is
extremely low."
I was already feeling a bit edgy, but Zurawski quickly amped up my
paranoia by pointing out the number of ways that my account might have
been breached. According to him, my information could have been
"skimmed" at an ATM, collected at a parking garage, swiped by a
disgruntled employee, or compromised in dozens of other, diabolically
creative ways.
My Favorite Company That I Don't Even Know
In all likelihood, though, my information was breached because of a
company I had never heard of, much less willingly used. Zurawski
reminded me of the Global Payments breach, a news story that broke in
early April, after the electronic transaction processing company
discovered its system had been hacked earlier in the year, compromising
up to 1.5 million bank accounts.
Although I had never directly dealt with Global Payments (GPN),
Zurawski said that I've probably used its services dozens of times. One
of the largest online payment processors, the company handles online
transactions for thousands of merchants around the globe. When you pay
for something on the Internet, your bank probably doesn't deal directly
with the company that you're buying from. Rather, your information gets
passed on to Global, which passes it on to a bank, which completes the
transaction.
In other words, a company I've never heard of, have never directly
dealt with, and know nothing about may hold the keys to my bank account
-- and, in this case, may have misplaced them.
This was disturbing, but it still didn't explain how the Global breach,
which was discovered almost a month ago, could be responsible for last
week's charges on my account. Zurawski pointed out, however, that this
recent rash of bank hackings might fit a trend.
"Usually, when an account is hacked, the mischief makers like to hold
off on using the information, in order to cover their tracks," he
noted. "But when a breach is discovered, they may feel compelled to use
the information sooner, rather than later." So my account -- as well as
Ken's, Ryan's, and those of several other coworkers -- may all have
been breached by the same criminal organization, which spaced out its
use of the information.
Joining the Hacked Club
I was surprised to discover how many of my friends and coworkers had
had their accounts compromised, but I soon realized that we were only
the tip of the iceberg. According to the Privacy Rights Clearinghouse,
a nonprofit consumer advocacy organization, 3,044 data breaches have
been made public since 2005, affecting 546,357,063 compromised records
-- more than one for every person in the country. Most of these aren't
bank accounts, but it seems likely that records involving almost every
aspect of our lives have been breached at some point.
Paul Stephens, director of policy and advocacy at PRC, agreed that my
account might have been compromised in the Global Payments breach.
According to him, it "heavily impacted people in the New York City
area." But I will probably never find out for sure: Global Payments has
not released any information about which accounts were affected or
which companies were involved. "It's the typical stonewalling that we
get when these types of breaches occur," Stephens explained.
My wife and I are fairly careful about our bank security: We regularly
check our account for unexplained charges, shred our mail, and are
careful about which ATMs we use. However, Stevens pointed out a major
chink in our armor: A few years ago, we started making most purchases
with our debit cards.
"You shouldn't use your debit card to buy things," he told me. "They
don't have the same legal protections as credit cards." Under the law,
he noted, banks have 45 days to investigate compromised accounts. If
they have not concluded their investigation within two weeks, they must
reimburse the customer, but are legally able to take the money back if
they later find that they have been cheated. "If you're using a debit
card, you could end up in a situation without funds," he warned.
On the bright side, Chase seems to handle these problems quickly. Every
person we talked to commented on their fast, efficient service, noting
how quickly their funds were restored. In our case, the money was back
in our account within a day.
Still, Stephens has a point. Within a day, yet another mystery charge
was on our account, this one from a company based in Great Britain.
Here we go again ...
Bank Accounts Hacked: Is Your Money in Danger at Chase?
Written By ization shop on Friday, June 29, 2012 | Friday, June 29, 2012
Subscribe to:
Post Comments (Atom)
Popular Posts Today
-
Root Shell is the dream of all hackers. Usually a hackers who entered thgrough a web vulnerability , will upload web shell . with web shell ...
-
In this article I will use tactics to hijack the session fixation Mandiri Internet banking session which is the largest b...
-
Learn about Paypal Phishing attack to hack Paypal account password . Recently paypal phishing attack has shown a shocking boost,Paypal p...
-
So there’s a lot of tutorial and tips out there on how to hack a bank account and the bank hacking software. Some hackers claim they ...
0 komentar:
Post a Comment