Bank software firm disputes hacking claims

Update: Software firm disputes claims that bank accounts were exposed
Written by Will Knight, Contributor

Banking software firm Fiserv has denied claims by the Observer newspaper that data accessed through one of its Web sites gave a UK security expert access to thousands of genuine bank accounts.

Fiserv says security engineer Ralph Dressel actually accessed fake data that it uses for training and sales purposes and claims that at no time were real accounts ever compromised.

Dressel, a UK software engineer with the Royal Skandia Investment bank, told the Observer that he was able to transfer funds and alter PIN numbers belonging to whole databases of unknown users after discovering access logs at Fiserv's site.

Fiserv -- which provides the banking software for many US banks -- describes the Observer report as "misleading". "We maintain the strictest security on all of our systems ­- whether for Internet banking or core account processing," said Leslie M Muma, Fiserv president and chief executive. "At no time were any of our systems in danger of being compromised."

Dressel contacted the FBI along with police in Britain and informed the national press in Britain in order to publicise the security incident. Many banks worldwide use Fiserv software, including the UK's Abbey National.

Fiserv estimates that its software is used to control 200 million accounts online and $15bn (£9.3bn) of customers' money.

Take me to the Hackers News Special

To have your say online click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.

Editorial standards