Chip-and-pin bypass used in £48m fraud scheme

Chip-and-pin bypass used in £48m fraud scheme

Summary: Operation High Roller attacks banking systems worldwide and attempts to bypass physical chip-and-pin authentication by using automated mule account databases

SHARE:
TOPICS: Security
1

A global financial fraud that uses an active and passive automated transfer system to siphon money from high balance accounts in financial institutions has been discovered by McAfee and Guardian Analytics.

According to a joint report released on Tuesday, the online fraud, dubbed 'Operation High Roller', attacks banking systems worldwide and has struck thousands of financial institutions including credit unions, large global banks and regional banks. The criminals have attempted to transfer between €60m (£47.9m) and €2bn to mule business accounts belonging to the "organised crime" syndicate from at least 60 banks so far, the study revealed.

Building on established Zeus and SpyEye tactics, the fraud scheme is able to bypass physical chip-and-pin authentication by using automated mule account databases to conduct server-based fraudulent transactions, with the highest attempted transaction reaching up to €100,000, it explained.

For more on this ZDNet UK-selected story, see Operation High Roller achieves 'organized crime' status on ZDNet Asia.

Topic: Security

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • So this has nothing at all to do with Chip & PIN (EMV) transactions?... its all about Internet banking and Internet/Automated Payments where the transactions aren't being secured by a token (Chip). Perhaps a more realistic title should be "If only these transactions had been secured by Chip & PIN"?
    anonymous