Re: [Skunkworks] Security Breach on Cfc Stanbic Account
From a banking perspective, these claims are possible but not through hacking. What normally happens is that in case of such withdraws via an atm, the card centre may have linked your account to the wrong ATM card n vice versa. Take it like a cashier doing an over the counter transactIon to the wrong account. It happens alot. Sent from My HTC ----- Reply message ----- From: "ty" <tyruskam@gmail.com> To: "Skunkworks Mailing List" <skunkworks@lists.my.co.ke>, "[Security Forum]All information security discussions in kenya are done here (Hacking, Decryptions, Security management, physical security, Disastor Recovery, Security Assessments etc etc)" <security@lists.my.co.ke> Subject: [Skunkworks] Security Breach on Cfc Stanbic Account Date: Tue, Oct 25, 2011 16:54 An interesting thing to note, from my experience, only a handful of local banks and multinationals are PCI/DSS Compliant let alone self assured. -tyrus On Tue, Oct 25, 2011 at 4:41 PM, Kevin Omondi <kevin.ouma@gmail.com> wrote: Could this be an inside Job ? RegardsKevin On Tue, Oct 25, 2011 at 4:13 PM, Okumu O. C. Edmund <edmund.okumu@gmail.com> wrote: Interesting story line there. I do not work for CFC Stanbic except that i am also a dissatisfied customer who fled. That not withstanding, as an Information Systems Risk specialist I noticed one thing when CFC merged with Stanbic and around that time I started having trouble with my accounts. It so happened that human was interfacing between two systems i.e. The then CFC system and the Stanbic System. I know that alot of work has been done to ensure that this no longer happens (No human interfacing between the two systems), but it still explains what might have transpired during the transition period. I can imagine fictitious accounts, illegal transfers..... happening like in your case e.t.c. On Mon, Oct 24, 2011 at 4:19 PM, Kevin Omondi <kevin.ouma@gmail.com> wrote: Hi Skunks, On Friday the 21st of October I noticed something strange with my Cfc Stanbic Account. While trying to withdraw money at the International House ATM, I realized from the system that avaibale balance was 300 kshs and Actual balance was the money which I was supposed to be having in my account ( lets for the sake of this discussion say its X shillings) I reported this issue to the Bank branch and they mentioned that there was a possible problem On Saturday while trying to withdraw money from the Buru Buru ATM, I got a message insuficient funds. On gettting a mini statement it shows VISA ATM withdrwals of equal amounts i.e x/3 done thrice to 3 decimal points which if added up summed up to x. This looked like a well calculated hacking job. What I wondered is cfc cards are not allowed for internet transactions ( at least mine) and furthermore they have no numbers on them. I have had my Card on me since opening my account . After follow up, they told me that these transactions happened in Mozambique. My question is what possible scenarios led to the hacking of my account and loss of cash as I have never used it on the net or swiped it anywhere ? Im puzzled and told it has happened with a number of accounts at Cfc. If you are with the bank, be very careful. Regards Kevin _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke -- Edmund C. O. Okumu P.O Box 8490-00200, Nairobi, Kenya. TEL: 254-721-734935 _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
@mash that's scary news since you are in the banking sector... [?] On Tue, Oct 25, 2011 at 18:32, Mash <mashlists@gmail.com> wrote:
From a banking perspective, these claims are possible but not through hacking. What normally happens is that in case of such withdraws via an atm, the card centre may have linked your account to the wrong ATM card n vice versa. Take it like a cashier doing an over the counter transactIon to the wrong account. It happens alot.
Sent from My HTC
----- Reply message ----- From: "ty" <tyruskam@gmail.com> To: "Skunkworks Mailing List" <skunkworks@lists.my.co.ke>, "[Security Forum]All information security discussions in kenya are done here (Hacking, Decryptions, Security management, physical security, Disastor Recovery, Security Assessments etc etc)" <security@lists.my.co.ke> Subject: [Skunkworks] Security Breach on Cfc Stanbic Account Date: Tue, Oct 25, 2011 16:54
An interesting thing to note, from my experience, only a handful of local banks and multinationals are PCI/DSS Compliant let alone self assured.
-tyrus
On Tue, Oct 25, 2011 at 4:41 PM, Kevin Omondi <kevin.ouma@gmail.com>wrote:
Could this be an inside Job ?
Regards Kevin
On Tue, Oct 25, 2011 at 4:13 PM, Okumu O. C. Edmund < edmund.okumu@gmail.com> wrote:
Interesting story line there. I do not work for CFC Stanbic except that i am also a dissatisfied customer who fled.
That not withstanding, as an Information Systems Risk specialist I noticed one thing when CFC merged with Stanbic and around that time I started having trouble with my accounts. It so happened that human was interfacing between two systems i.e. The then CFC system and the Stanbic System. I know that alot of work has been done to ensure that this no longer happens (No human interfacing between the two systems), but it still explains what might have transpired during the transition period.
I can imagine fictitious accounts, illegal transfers..... happening like in your case e.t.c.
On Mon, Oct 24, 2011 at 4:19 PM, Kevin Omondi <kevin.ouma@gmail.com>wrote:
Hi Skunks,
On Friday the 21st of October I noticed something strange with my Cfc Stanbic Account. While trying to withdraw money at the International House ATM, I realized from the system that avaibale balance was 300 kshs and Actual balance was the money which I was supposed to be having in my account ( lets for the sake of this discussion say its X shillings)
I reported this issue to the Bank branch and they mentioned that there was a possible problem
On Saturday while trying to withdraw money from the Buru Buru ATM, I got a message insuficient funds. On gettting a mini statement it shows VISA ATM withdrwals of equal amounts i.e x/3 done thrice to 3 decimal points which if added up summed up to x.
This looked like a well calculated hacking job. What I wondered is
cfc cards are not allowed for internet transactions ( at least mine) and furthermore they have no numbers on them. I have had my Card on me since opening my account .
After follow up, they told me that these transactions happened in Mozambique.
My question is what possible scenarios led to the hacking of my account and loss of cash as I have never used it on the net or swiped it anywhere ?
Im puzzled and told it has happened with a number of accounts at Cfc. If you are with the bank, be very careful.
Regards
Kevin
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Edmund C. O. Okumu P.O Box 8490-00200, Nairobi, Kenya. TEL: 254-721-734935
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Security mailing list Security@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
participants (2)
-
Haggai Nyang -
Mash