@mash that&#39;s scary news since you are in the banking sector... <img src="cid:362@goomoji.gmail" style="margin-top: 0px; margin-right: 0.2ex; margin-bottom: 0px; margin-left: 0.2ex; vertical-align: middle; " goomoji="362"><div>

<br><div class="gmail_quote">On Tue, Oct 25, 2011 at 18:32, Mash <span dir="ltr">&lt;<a href="mailto:mashlists@gmail.com">mashlists@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">

>From a banking perspective, these claims are possible but not through hacking. What normally happens is that in case of such withdraws via an atm, the card centre may have linked your account to the wrong ATM card n vice versa. Take it like a cashier doing an over the counter transactIon to the wrong account. It happens alot.<br>

<br>Sent from My HTC<br><br><div><div class="im">----- Reply message -----<br>From: &quot;ty&quot; &lt;<a href="mailto:tyruskam@gmail.com" target="_blank">tyruskam@gmail.com</a>&gt;<br>To: &quot;Skunkworks Mailing List&quot; &lt;<a href="mailto:skunkworks@lists.my.co.ke" target="_blank">skunkworks@lists.my.co.ke</a>&gt;, &quot;[Security Forum]All information security discussions in kenya are done here (Hacking, Decryptions, Security management, physical security, Disastor Recovery, Security Assessments etc etc)&quot; &lt;<a href="mailto:security@lists.my.co.ke" target="_blank">security@lists.my.co.ke</a>&gt;<br>

</div><div><div></div><div class="h5">Subject: [Skunkworks] Security Breach on Cfc Stanbic Account<br>Date: Tue, Oct 25, 2011 16:54<br><br></div></div></div><div><div></div><div class="h5"><br><font color="#000099">An interesting thing to note, from my experience, only a handful of local banks and multinationals are PCI/DSS Compliant let alone self assured.</font><div>

<font color="#000099"><br></font></div><div>
<font color="#000099">-tyrus<br></font><br><div class="gmail_quote">On Tue, Oct 25, 2011 at 4:41 PM, Kevin Omondi <span dir="ltr">&lt;<a href="mailto:kevin.ouma@gmail.com" target="_blank">kevin.ouma@gmail.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Could this be an inside Job ?<div><br></div><div><br></div><div>Regards</div><div>Kevin<div><div></div><div><br><br><div class="gmail_quote">On Tue, Oct 25, 2011 at 4:13 PM, Okumu O. C. Edmund <span dir="ltr">&lt;<a href="mailto:edmund.okumu@gmail.com" target="_blank">edmund.okumu@gmail.com</a>&gt;</span> wrote:<br>



<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Interesting story line there. I do not work for CFC Stanbic except that i am also a dissatisfied customer who fled. <br>



<br>That not withstanding, as an Information Systems Risk specialist I noticed one thing when CFC merged with Stanbic and around that time I started having trouble with my accounts. It so happened that human was interfacing between two systems i.e. The then CFC system and the Stanbic System. I know that alot of work has been done to ensure that this no longer happens (No human interfacing between the two systems), but it still explains what might have transpired during the transition period. <br>




<br>I can imagine fictitious accounts, illegal transfers..... happening like in your case e.t.c.<br><br><br><div class="gmail_quote"><div>On Mon, Oct 24, 2011 at 4:19 PM, Kevin Omondi <span dir="ltr">&lt;<a href="mailto:kevin.ouma@gmail.com" target="_blank">kevin.ouma@gmail.com</a>&gt;</span> wrote:<br>




</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div></div><div>Hi Skunks,<div><br></div><div>On Friday the 21st of October I noticed something strange with my Cfc Stanbic Account. While trying to withdraw money at the International House</div>




<div>ATM, I realized from the system that avaibale balance was 300 kshs and Actual balance was the money which I was supposed to be having in my account ( lets for the </div>
<div>sake of this discussion say its X shillings)</div><div><br></div><div><br></div><div>I reported this issue to the Bank branch and they mentioned that there was a possible problem</div><div><br></div><div>On Saturday while trying to withdraw money from the Buru Buru ATM, I got a message insuficient funds. On gettting a mini statement it shows VISA ATM withdrwals of equal amounts i.e x/3 done thrice to 3 decimal points which if added up summed up to x.</div>





<div><br></div><div>This looked like a well calculated hacking job. What I wondered is</div><div><br></div><div>cfc cards are not allowed for internet transactions ( at least mine) and furthermore they have no numbers on them. I have had my Card on me since opening my account .</div>





<div><br></div><div>After follow up, they told me that these transactions happened in Mozambique. </div><div><br></div><div>My question is what possible scenarios led to the hacking of my account and loss of cash as I have never used it on the net or swiped it anywhere ?</div>





<div><br></div><div>Im puzzled and told it has happened with a number of accounts at Cfc. If you are with the bank, be very careful.</div><div><br></div><div><br></div><div>Regards</div><div><br></div><font color="#888888"><div>




Kevin</div>
</font><br></div></div><div>_______________________________________________<br>
Skunkworks mailing list<br>
<a href="mailto:Skunkworks@lists.my.co.ke" target="_blank">Skunkworks@lists.my.co.ke</a><br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" target="_blank">http://my.co.ke</a><br></div></blockquote></div><font color="#888888"><br><br clear="all"><br>-- <br>Edmund C. O. Okumu<br>P.O Box 8490-00200,<br>Nairobi, Kenya.<br>



TEL: 254-721-734935<br>        <br>

</font><br>_______________________________________________<br>
Skunkworks mailing list<br>
<a href="mailto:Skunkworks@lists.my.co.ke" target="_blank">Skunkworks@lists.my.co.ke</a><br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" target="_blank">http://my.co.ke</a><br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
Skunkworks mailing list<br>
<a href="mailto:Skunkworks@lists.my.co.ke" target="_blank">Skunkworks@lists.my.co.ke</a><br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" target="_blank">http://my.co.ke</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Security mailing list<br>
<a href="mailto:Security@lists.my.co.ke">Security@lists.my.co.ke</a><br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/security" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/security</a><br>
<br></blockquote></div><br></div>