Take care of your money - 1BiTv.com

Take care of your money

The Bank of Russia spoke about a new method of stealing money from ATMs.


Take care of your money


The Bank of Russia has fixed a new method of attacking ATMs related to the cancellation of money transfer from card to card.
It is described in the Survey of the Main Types of Computer Attacks in the Credit and Financial Sphere in 2018, prepared by the FinCERT Bank of Russia and presented at the International Finance Congress in St. Petersburg.

The operation begins with an ATM of a third-party bank that is not the card issuer: the attacker selects a P2P transfer, enters the recipient's card number issued by the third bank.
Then, the transfer initiator bank simultaneously sends two authorization messages to the receiving bank and the sending bank, almost simultaneously receives approvals from them, and the actual transfer is made (the amount on the recipient card increases, at the same time the same amount is reserved from the sender). However, then, when the ATM “asks” the sender for consent to the debiting of the commission, he does not agree, and the bank - the owner of the ATM sends messages about the return. The temporary blocking (hold) is removed from the sender’s account, it saves all the money, but the recipient during this time withdraws the transfer from his card.
In order to prevent such theft, the Central Bank recommends correcting the scenario of ATM operation (sending a message about the return to the sender’s bank should be strictly after successful completion of the return transaction to the recipient’s bank), and also ask the client with the terms of service before sending authorization messages, and not after.

With the success of such attacks, the sender bank is responsible, notes Alexei Golenishchev, director of electronic business monitoring at Alfa-Bank.

“There are such attacks using the incorrect operation of individual ATM scenarios on the market,” he says. “This may not necessarily be due to the“ disagreement with the commission ”, there are other“ bugs ”of scenarios related to the technological peculiarity of the transfer from card to card. card at an ATM. But these cases are not widespread, and more are exceptions. If such vulnerabilities are identified, they are usually quickly corrected. "
In other banks, they also say that such cases are extremely rare, most ATMs are protected from such embezzlement, at ATMs of a number of banks it is not possible to make P2P transfers to cards of third-party banks. Sberbank assured that such a scheme of fraud does not apply to its ATMs.

The Bank of Russia notes that a previously expected surge in TRF attacks (transaction reversal fraud - transaction cancellation fraud) did not occur, mainly attacks of the blackbox type (connection to the dispenser of third-party devices) and withdrawal of money from ATMs are recorded as a result of hacker access to the local network of the bank .

At the same time, direct attacks on self-service devices, in contrast to complex and long-term attacks on information systems of banks, are carried out, as a rule, by unstable small groups or individuals.

Source: Russian newspaper


05.07.2019 12:50:33
(Automatic translation)




Alfa Bank

official European Bank of the FIFA World Cup 2018 ™ and Confederations Cup FIFA 2017



15.07.2019 03:30:00

Where to listen to free music

It became known which parks the musicians will play in the summer
13.07.2019 04:26:00

Behind the wheel is dangerous

In Italy, the punishment for using the phone while driving was toughened.
12.07.2019 04:19:00

Looking for discounts

The average bill for a trip to the store increased by three rubles.
12.07.2019 04:15:00

Details of the tragedy

The details of the death of Russians in Greece have become known.
12.07.2019 04:06:00

Plastic came into vogue

Recycled clothing is gaining popularity.


Advertisement

Themes cloud

trade payment business currency rating snake S-300 finance festival mushrooms judge content devaluation head LTE reform USA debt marriage shipping denomination investigation bravery memorandum philosophy Submarine real estate transfer test conversion undeclared goods music Germany Russia a laptop Syria emission apple democracy Iran currency unit gold Israel cargo freedom Taxi exchange slavery Sochi football trademark Job transgender cargo transportation a bag acceptance poisoning conference Greece legate oligarchy reward UN security diabetes air transportation product regulations China bank Contract Kerch Socrates cat baby action pledge Colour arbitration court law intellectual property sanctions soccer shoes aircraft investment hotel alcohol bridge medicines lottery heir digitalization child the tablet provider private banking mark consultation Rome revaluation easement cession customs order pension monetary system Moscow control agent pharmaceuticals study fideicomass mortgage Belarus assassination attempt succession timocracy dog testosterone parturition Neurotechnology court Olympic Games delivery ban food a toy architecture dismissal liquidation legislation co-packing Paralympic Games FIFA 2018 a family premise money Road accidents law note bite Plato treaty Gazpromneft channel WTO divorce logistics integration import car the death penalty VAT dollar theory smuggling coffee female policy coin justice tyranny Tax Free citizenship beer monometallism The Code of Justinian report dictionary a restaurant monetary aggregate credit inheritance offer nullification IFRS jackpot bimetallism rocket paint treachery will confiscation Bocharov Creek bill counterfeit CCTV derivative FMCG medicine monopolist live selling tax 3G economy QR Code drink own GLONASS staff tort finger quasi-agreement compromising evidence client recreation lawyer murder doctor extortion mortgage internet elections pact causa 4G gold-coin standard ATM seller will coffers gas Ukraine marketing ruble accompanying song mail Viber theft fraud cinema money issue straw Crimea arson money supply export planning insulin adoption turnover role Kazakhstan moderation organization juice crocodile CIS

Persons

Companies


1BiTv.com   © 2011-2019    |    Privacy Policy    |   Created by Technologies for Business    |   en@1bitv.com