In what could be one of the biggest cases of cyber extortion in Israel, eight former Bank Leumi employees threatened to sell information about two million of the bank’s credit card accounts unless they were paid a ransom.
Seven of the suspects were arrested over the weekend, and the eighth, the suspected ringleader extradited from Thailand, landed in Ben Gurion airport on Sunday and will face charges with his fellow conspirators.
The eight had obtained the identity numbers and three-digit security code that appear on the back of credit cards for two million holders of the bank’s Leumi Card. While the suspects could have made online or telephone purchases with this information, Leumi Card said that no accounts had been compromised.
Instead, a former Leumi Card employee, fired a year ago and living in Thailand, sent an email to Bank Leumi threatening to sell sensitive cardholder data he had copied to the highest bidder unless he was paid “millions of shekels”.
After an Israeli cyber-crime unit launched an investigation, Thai authorities compounded his equipment in line with Israeli investigators and rescinded his permit to be in the country.
The breach of security is not the first for Israel’s credit card companies, other were committed by penetrating databases linked to the card issuer’s network.
Leumi Card said it was tightening internal security by barring service representatives from accessing data on card holders.
However, industry sources told the Israeli paper Haaretz that Leumi Card, as well as Israel’s other big issuers of credit cards, CAL and Isracard, were using out-of-date security software rather than Payment Card Industry Data Security Standard, or PCI, the international standard used by Visa, Mastercard and other big issuers.
Israel’s three credit card issuers have been working to update their standards for the past five years, but are about two years away from completing the work, the industry sources said.
The US money market fund reforms came into effect in 2016 and are already dramatically shaping US fund industry with investors flooding out of prime funds and into government securities. While the reforms are similar, they are not the same. GTNews interviews Yeng Bulter, global head of the cash business at State Street Global Advisors on the differences.
As the May 25 deadline for Europe’s General Data Protection Regulation (GDPR) inches closer, many treasurers are being lumped with the task of ensuring their wider company is compliant.
APIs may be a solution to MT940 challenges, says Karen Fagan, treasury operation manager, for British television company, ITV.
#PSD2FinishLine recently started trending on Twitter. As the country slowly grows in excitement throughout the month of November, with the C-word on ... read more