IT watchdog probing breach in ATM heist

“We are investigating the technical aspect,” Gulshan Rai,director general of the India’s Computer Emergency Response Team (CERT),part of the department of electronics and information technology,told Reuters by phone on Sunday. “What kind of breach has happened in the system,how did it happen,what processes are in place,and the entire technical aspect we will look at,” he said,adding that the agency had started its investigation on Saturday.

US prosecutors said on Thursday that hackers broke into two card processing companies,raising the balances and withdrawal limits on accounts that were then exploited in coordinated ATM withdrawals around the world.

The prosecutors did not name the two companies but said one was based in India and the other in the United States.

According to a US official and a bank employee,who both spoke on condition of anonymity,ElectraCard Services was the company that processed prepaid travel cards for National Bank of Ras Al Khaimah suffered a $5 million coordinated heist at ATMs around the world on December 21 last year,according to the US indictment.

ElectraCard Services (ECS) said on Sunday that a data breach in a series of ATM fraud attacks in December appears to have happened outside of its “processing environment”. The company said investigations show that “the PIN and magnetic stripe data seem to have been compromised outside the ECS processing environment”.

It added in a statement: “As already reported in the media earlier this year,there were fraud attacks which affected several institutions worldwide,including ECS,in December 2012.”

Unlisted ElectraCard had a net loss of Rs 9.02 crore on net sales of Rs 53.54 crore for the fiscal year that ended in March 2012,a sales decline of 1.6 per cent,according to a report by ratings agency Crisil.

MasterCard bought a 12.5 percent stake in ElectraCard in 2010,ElectraCard has said. MasterCard,the network under which the cards used in the heist were issued,has said its security was not compromised.

EnStage,which is incorporated in Cupertino,California,but has operations based in Bangalore,is the company that processed card payments for Bank of Muscat,Oman,according to a source close to the bank. Bank of Muscat lost $40 million in a coordinated heist on February 19,according to the US prosecutor’s indictment.

A statement obtained by Reuters from a company spokesman said: “Since the time the incident occurred,EnStage has retained independent security experts to analyse the intrusion and to recommend enhancements to its information security infrastructure. EnStage has implemented both these enhancements as well as additional monitoring capabilities.”

EnStage CEO Govind Setlur could not be reached for further comment on Sunday.

Police in Pune and Bangalore did not immediately have information on the matter when reached on Sunday.

BRAZEN THEFT

* A global ATM heist saw $45 million stolen from two banks in the Middle East

* Two companies EnStage and ElectraCard Services operating from India processed card payments for the two banks

* The matter was brought to light by US prosecutors who said that hackers raised balances and withdrawal limits on accounts to polish off the money