Take care of your money - 1BiTv.com

Take care of your money

The Bank of Russia spoke about a new method of stealing money from ATMs.


Take care of your money


The Bank of Russia has fixed a new method of attacking ATMs related to the cancellation of money transfer from card to card.
It is described in the Survey of the Main Types of Computer Attacks in the Credit and Financial Sphere in 2018, prepared by the FinCERT Bank of Russia and presented at the International Finance Congress in St. Petersburg.

The operation begins with an ATM of a third-party bank that is not the card issuer: the attacker selects a P2P transfer, enters the recipient's card number issued by the third bank.
Then, the transfer initiator bank simultaneously sends two authorization messages to the receiving bank and the sending bank, almost simultaneously receives approvals from them, and the actual transfer is made (the amount on the recipient card increases, at the same time the same amount is reserved from the sender). However, then, when the ATM “asks” the sender for consent to the debiting of the commission, he does not agree, and the bank - the owner of the ATM sends messages about the return. The temporary blocking (hold) is removed from the sender’s account, it saves all the money, but the recipient during this time withdraws the transfer from his card.
In order to prevent such theft, the Central Bank recommends correcting the scenario of ATM operation (sending a message about the return to the sender’s bank should be strictly after successful completion of the return transaction to the recipient’s bank), and also ask the client with the terms of service before sending authorization messages, and not after.

With the success of such attacks, the sender bank is responsible, notes Alexei Golenishchev, director of electronic business monitoring at Alfa-Bank.

“There are such attacks using the incorrect operation of individual ATM scenarios on the market,” he says. “This may not necessarily be due to the“ disagreement with the commission ”, there are other“ bugs ”of scenarios related to the technological peculiarity of the transfer from card to card. card at an ATM. But these cases are not widespread, and more are exceptions. If such vulnerabilities are identified, they are usually quickly corrected. "
In other banks, they also say that such cases are extremely rare, most ATMs are protected from such embezzlement, at ATMs of a number of banks it is not possible to make P2P transfers to cards of third-party banks. Sberbank assured that such a scheme of fraud does not apply to its ATMs.

The Bank of Russia notes that a previously expected surge in TRF attacks (transaction reversal fraud - transaction cancellation fraud) did not occur, mainly attacks of the blackbox type (connection to the dispenser of third-party devices) and withdrawal of money from ATMs are recorded as a result of hacker access to the local network of the bank .

At the same time, direct attacks on self-service devices, in contrast to complex and long-term attacks on information systems of banks, are carried out, as a rule, by unstable small groups or individuals.

Source: Russian newspaper


05.07.2019 12:50:33
(Automatic translation)




Alfa Bank

official European Bank of the FIFA World Cup 2018 ™ and Confederations Cup FIFA 2017



15.10.2019 06:56:34

Element

In Japan, the number of typhoon victims has reached 68 people.
14.10.2019 10:34:59

The mighty Russian ...

The most common mistakes of schoolchildren at the exam in the Russian language are named.
14.10.2019 10:30:01

Being late is not acceptable?

Irkutsk hockey players were not allowed on the flight due to a minute delay.
11.10.2019 09:54:50

The best cities of Russia

The most promising cities of Russia according to Forbes.
11.10.2019 09:51:39

Press market

The President of Ukraine held the first meeting with the media after the election.


Advertisement

Advertisement

Themes cloud

arbitration court snake Tax Free murder treachery gold-coin standard theft air transportation bill The Code of Justinian court provider currency festival Contract fideicomass import poisoning reward soccer shoes bimetallism cession liquidation Kerch 3G Neurotechnology Moscow bite diabetes insulin treaty parturition QR Code integration Submarine economy planning customs a restaurant a bag Plato theory real estate will tort pledge law security a laptop medicine apple own delivery philosophy succession mail jackpot dollar quasi-agreement test lottery note co-packing Kazakhstan Russia IFRS juice monometallism order beer car trade Viber GLONASS control emission transgender devaluation UN undeclared goods denomination FIFA 2018 child payment accompanying rocket baby marketing cargo live timocracy pact Job medicines money issue judge extortion straw organization finger Sochi freedom money Socrates CIS premise testosterone drink coffee bridge elections content architecture exchange ban regulations VAT LTE paint Iran oligarchy monopolist gold client sanctions Paralympic Games mushrooms product seller heir nullification offer memorandum female crocodile causa FMCG CCTV head justice S-300 dismissal digitalization legate Colour adoption currency unit report investment cinema dog football alcohol Belarus law shipping the tablet bank trademark cargo transportation a family doctor Taxi coin Bocharov Creek will aircraft marriage compromising evidence recreation cat bravery monetary system action monetary aggregate lawyer coffers 4G business music divorce staff debt food USA policy Israel pension conversion moderation gas dictionary hotel internet acceptance agent Road accidents slavery democracy investigation song mortgage the death penalty selling WTO credit conference revaluation Gazpromneft Olympic Games consultation money supply counterfeit Greece intellectual property inheritance Syria channel ATM Ukraine a toy tax Rome export tyranny legislation transfer ruble arson rating China finance easement mark study private banking Crimea confiscation logistics derivative reform fraud assassination attempt role citizenship Germany mortgage smuggling pharmaceuticals turnover

Persons

Companies


1BiTv.com   © 2011-2019    |    Privacy Policy    |   Created by Technologies for Business    |   en@1bitv.com