A data breach at US electronic transaction firm RBS WorldPay has
been linked to a gang that used debit cards to steal millions of
dollars from ATMs.
The FBI has released images of thieves believed to be part of a
gang that took money from ATMs in 49 cities around the world using
cloned debit cards in late November.
The thefts stemmed from a data breach at
RBS
WorldPay in which hackers stole the personal data of 1.5
million card holders, in early November, according to the
Washington Post.
The thefts, which come within weeks of a data breach disclosure
by
Heartland Payment Systems, highlight the vulnerability of data
processed by these firms.
Heartland, which is being sued for failing to protect customers
from identity fraud, has announced a dedicated department to
encrypt data on all its systems.
Despite being compliant with the
Payment Card Industry Data Security Standard (PCI DSS),
cybercriminals were able to gain access to Heartland's systems.
The
PCI DSS does not currently require that credit card data be
encrypted on internal networks, which Heartland says it will now
implement.
Robert Carr, chief executive of Heartland, has defended the PCI
DSS as a good standard, but said increasingly sophisticated attacks
demand end-to-end encryption.
Encryption of data in motion between internal systems is the
next logical step according to Carr, but he said constant
monitoring will always be required.
Carr has called for
greater information sharing in the payments industry to prevent
cybercriminals from re-using techniques in multiple attacks.